Senior Audit Manager, IT and Cyber Security

Requisition ID: 223604

Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.

Purpose
The Audit Department is the 3rd Line of Defense and plays a key role in the internal control system of the Bank. Its mandate is to provide enterprise-wide, independent, objective assurance over the design and operation of the Bank’s internal control, risk management and governance processes.

The objective of this position is to fulfill a Senior Manager role, within a team of IT and Cyber Security audit professionals to assess the design and operational effectiveness of internal controls relating to technology applications, infrastructure, cloud, third party risk and related processes supporting businesses throughout the Bank. In addition, the candidate is expected to be knowledgeable in risks associated with systems development methodologies (Waterfall and Agile), technology operations, data protection and outsourced IT services.

Accountabilities

• Acts primarily as Officer in Charge (OIC) as a team member for assigned audits. May act as Audit Principal (AP) for low to medium complexity audits.
• As OIC/AP, oversees the planning, execution, and reporting. Obtains a thorough understanding of the end-to-end business/unit/process and associated risks, develops an appropriate risk-based audit approach and schedules timing and resources.
• Prepare and deliver effective presentations to clients at audit opening and closing meetings as a means of communicating and gaining their agreement and understanding of audit plans and audit results.
• Provide value-adding and effective audit recommendations to client senior management identifying significant issues in a business context, working with audit clients to identify and recommend feasible solutions.
• Present audits conclusions and reports in a relevant context and applicable to the Bank by ensuring they are supported by an orderly accumulation and analysis of documented audit evidence and that the content is clear and concise.
• Perform accountabilities with minimal supervision and provide audit management and audit client with regular status updates of assignments. 
• Actively seek to be informed of industry and corporate initiatives and trends in order to support effective audit continuous monitoring of the Banks proper management of information and cyber security risks.
• Ensures Scotiabank standards and the Institute of Internal Auditors (IIA) Code of Ethics are maintained in completion of all assignments.
• Builds and maintains strong relationships with internal and external stakeholders and regulators as required.
• Interacts and coordinates with other groups involved. Completes timely review of workpapers, ensuring internal control weaknesses are clearly documented with recommendations addressing the root cause and are communicated timely to management.
• Supports a high-performance environment and implements a people strategy that attracts, retains, develops, and motivates their team by fostering an inclusive work environment and using a coaching mindset and behaviours; communicating vison/values/business strategy; and managing succession and development planning for the team.

Education/Experience

• Extensive experience in auditing general IT controls, application controls,  web application security, network security architecture, vulnerability assessments, penetration testing, identity and access management, encryption, data loss prevention, coding assessment, cloud security, DDoS protection, and malware protection.
• Highly proficient at applying risk-based auditing standards, practices, techniques, processes and methodologies to perform and review of audits.
• Highly developed planning, organizational skills, and communication skills (verbal and written) to work with staff and management at various levels.
• Highly developed in comprehensive reasoning, structured communication, and thorough analysis.
• Working knowledge of the operations and regulatory environments of each of the audit units globally, as required for specific areas of assigned responsibility.
• Strong analytical skills and proficiency in the use of data analytics tools such as Alteryx, PowerBI, ACL, Advanced Excel, etc.
• Proven ability to work in high levels of ambiguity and in a rapidly changing environment.
• Bachelor's degree in IT, Computer Science or equivalent required.
• One or more of the following certifications required: CISA, CISM, CISSP, CCSP, GCIA, CEH
• Technology Risk Management experience in financial services industry is required.

Location(s):  Canada : Ontario : Toronto 

Scotiabank is a leading bank in the Americas. Guided by our purpose: "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.  

At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our Recruitment team know. If you require technical assistance, please click here. Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.