Senior Manager, Cyber and IT Risk

Requisition ID: 213064

Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.

Contributes to the overall success of Cyber & IT Risk Management, Global Risk Management (GRM) globally ensuring specific individual goals, plans, initiatives are executed/delivered in support of the team’s business strategies and objectives.  Ensures all activities are conducted in compliance with governing regulations, internal policies and procedures.

Leads expert technical risk assurance and control oversight to ensure the bank achieves its objectives while effectively managing risk. Collaborate with cross-functional teams across the first line of defense to identify, assess, and mitigate emerging risks and vulnerabilities. This role is crucial in fostering a robust risk culture and driving continuous improvement, contributing to the development and implementation of comprehensive risk management policies, standards, and controls.

As part of the second line of defense, the Cybersecurity and IT Risk team provides independent oversight and challenge, and assists in developing methodologies, policies, processes, and tools to support the Cyber and IT Risk Management Framework.

Is this role right for you? In this role, you will:

• Champions a customer focused culture to deepen client relationships and leverage broader Bank relationships, systems and knowledge.
• Lead 2nd Line Challenge: Conduct comprehensive challenge to identify potential threats and vulnerabilities in the Bank’s processes, systems, and operations. Partner with 1st line of defense to develop risk mitigation strategies across key cyber and IT domains. Challenge IT and cybersecurity risks within scenario analysis and thematic reviews. Conduct cyber risk assessments, metrics, and controls within globally complex, dispersed, and diverse organizations.
• Control Evaluation: Evaluate the design of controls and communicate the impact of control weaknesses to first line teams and control implementers.
• Alignment Evaluation: Evaluate the extent to which the first line of defense is aligned with internal and external control standards, as well as regulatory and audit requirements.
• Framework Expertise: Be a subject matter expert in one or more industry-standard risk management frameworks (including ISO27001, COBIT, NIST) and have an in-depth understanding of cyber risk mitigation strategies.
• Stakeholder Advisory: Advise stakeholders on risk management, controls development, and adherence to mitigate risks.
• Risk Monitoring: Proactively monitor key risk indicators, analyze control metrics, and provide insights on risk management effectiveness to senior management, driving continuous improvement initiatives.
• Reporting: Support monthly and quarterly IT and Cyber Risk report development for various risk committees and senior management.
• Risk Monitoring: Monitor cybersecurity risks and the controls in place within the bank, as well as external cybersecurity reporting that may impact the bank.
• Security Operations: Manage, assess, or audit security operations processes and technologies, including SOC, SIEM, Fusion Center, and Incident Response.
• Understand how the Bank’s risk appetite and risk culture should be considered in day-to-day activities and decisions.
• Actively pursues effective and efficient operations of their respective areas in accordance with Scotiabank’s Values, its Code of Conduct and the Global Sales Principles, while ensuring the adequacy, adherence to and effectiveness of day-to-day business controls to meet obligations with respect to operational, compliance, AML/ATF/sanctions and conduct risk.
• Champions a high performance environment and contributes to an inclusive work environment.

Do you have the skills that will enable you to succeed in this role?  We’d love to work with you if you have experience with:

• Strong expertise in IT Risk Management (e.g. Logical Access, Data Leakage, Disaster Recovery)
• Experience with Cybersecurity Risk Management is preferred
• A minimum of 7 years of experience in technology departments and/or risk management, preferably in a financial institution
• Industry certifications desirable (e.g. CISSP)
• Advanced knowledge of relevant regulatory rules (OSFI, FFIEC, NYDFS 500) and frameworks (NIST, COBIT) is preferred
• 5+ years of experience or equivalent expertise in technology risk management, information security, or a related field, with a focus on risk assessment and control evaluation
• Demonstrated expertise in regulatory compliance, risk management frameworks, and industry best practices (e.g., NIST, ISO, FFIEC, GDPR)
• Proficiency in data security, risk management & controls, security governance, and analytical thinking, with a track record of implementing effective risk mitigation strategies
• Advanced knowledge of data analytics and data literacy
• Strong understanding of IT risk management frameworks in a global banking environment.
• Able to convey complex concepts and ideas on issues requiring interpretation and opinion.
• Maintain in-depth knowledge of cyber and IT risks and controls across various information system architecture and engineering domains, such as data protection, application security, identity and access management, vulnerability management, change management, network security, endpoint security, logging and monitoring, and incident management. Stay actively engaged in the industry on the latest in cyber risk and emerging operational risks.
• Demonstrate a sense of urgency in implementing programs and evaluating priorities; be decisive, action-oriented, and practical.
• Analyze and think through highly complex issues, then appropriately execute and implement against a well-thought-through framework in a seamless manner. Be a global citizen comfortable in all geographies, regions, and cultures.
• Demonstrate strong leadership, communication, and presentation skills, including the ability to adapt style to suit the different needs of any audience
• Independent in judgment and with a high standard of conduct and ethics. Able to challenge and be challenged while maintaining the highest levels of professionalism.
• Good negotiation skills and ability to resolve conflict between teams or individuals so that functional / organizational objectives are achieved.
• Excellent analytical skills; critical thinking and problem solving skills.
• Good interpersonal skills

What's in it for you?

• The opportunity to join a forward-thinking and collaborative team, surrounded by innovative thinkers
• A rewarding career path with diverse opportunities for professional development
• Internal training to support your growth and enhance your skills
• An inclusive working environment that encourages creativity, curiosity, and celebrates success!
• Work in an Ecosystem; a bright, modern space where you’ll have access to group seating, offices, collaboration spaces, a cafeteria with different options daily, a bistro, and more
• Hybrid Work Environment

Location(s):  Canada : Ontario : Toronto 

Scotiabank is a leading bank in the Americas. Guided by our purpose: "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.  

At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our Recruitment team know. If you require technical assistance, please click here. Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.