Share this Job

Please be advised that our Careers site will be unavailable from November 28 at 12am ET to November 29 12am ET for scheduled system maintenance.

Title:  Senior Manager, Application Security (Ottawa Hub)




Requisition ID: 137376

Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.


In Technology at Scotia, we’re questioning everything about how we bank today to come up with the right solutions for our customers tomorrow. Reinvention starts here — and it starts with you. 


The Team

Scotiabank’s Application Security team has global accountability and is highly supportive of the Bank’s business, enabling execution of the Bank’s strategies, operations and services, while ensuring that appropriate application security practices are adhered to. This function provides core competency in proactively detecting application code flaws and/or bugs while working with the appropriate teams in instituting appropriate controls to mitigate risks, specifically as it pertains to web application vulnerabilities and threats. 


The Role

The Senior Manager will be expected to work closely with the application development groups to integrate application security processes and procedures into the software development lifecycle, which include:

  • Develop and/or enhance strategies and processes to manage security vulnerabilities and threats. 
  • Develop and/or enhance communications to ensure prompt remediation from development and infrastructure support teams, in line with of risk management practices.
  • Develop and/or enhance reporting to development teams and all levels of management in order to provide proper tracking and measurement of remediation activities


Is this role right for you?

  • Recommend, design, assess, implement, deploy and maintain application security controls required to protect Scotiabank and its customers.
  • Responsible for developing and/or enhancing the strategies and processes to identify, analyze and communicate application vulnerabilities as per the CISO Directive and published communication mobileprocess flows.
  • Responsible for adherence to an established process flow that ensures development support teams, infrastructure support teams and business risk owners implement control measures that effectively mitigate or eliminate the identified risk.
  • Responsible for timely and accurate reporting of all findings to the development teams, appropriate levels of management and the business risk owner
  • Comprise, implement and streamline technical integration strategies for IS&C systems into Global Accelerator Pipelines and the SDLC.
  • Design technical strategies and processes to manage vulnerabilities and threats for transactional, marketing and informational systems.


Where could you work? Both at home and in the office. 

  • We’re focused on being an employer of choice for the communities we serve and offering a hybrid work environment for top Tech talent in Canada’s capital city.  
  • We’re creating a local ScotiaTech Hub in Ottawa. You’ll have the opportunity both to work remotely and head to the Ottawa office for in-person moments that foster team cohesiveness and collaboration. 

Do you have the skills that will enable you to succeed in this role?

  • Experience managing security and/or development teams
  • Experience with full stack Java / J2EE developing Multi-tier Web Applications, Web Services and Web API’s using Spring or other Java-based frameworks.
  • Experience implementing Continuous Integration and Continuous Delivery pipelines with Jenkins.
  • Experience in data migration or batch processing with Python.
  • Experience with Node.js and JavaScript.
  • Experience provisioning, integrating and leveraging relational databases (MSSQL, MySQL, PostgreSQL, Oracle).
  • Experience within an Agile development environment utilizing JIRA
  • Experience with business intelligence, data analytics and reporting tools (e.g. Power BI, Cognos, Tableau).
  • Experience with Static Application Security Testing Tools with Fortify.
  • Experience with Dynamic Application Security Testing Tools with WebInspect.
  • Ability to generate reports and tailor communication strategies for various levels of technical staff, executive management, and business clients.
  • Strong communication and support skills for triaging and resolving technical issues.

What's in it for you?

  • We have an inclusive and collaborative working environment that encourages creativity and curiosity and celebrates success 
  • We provide you with the tools and technology needed to create meaningful customer experiences 
  • You’ll get to work with and learn from diverse industry leaders, who have hailed from top technology companies around the world 
  • Our work from home social channel offers weekly virtual yoga, social events, learning opportunities, and lots more. 
  • We offer a competitive total rewards package, including a performance bonus, company matching programs (on pension & profit sharing), and generous vacation. 




Location(s):  Canada : Ontario : Ottawa 

Scotiabank is a leading bank in the Americas. Guided by our purpose: "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.  

At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our Recruitment team know. If you require technical assistance, please click here. Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.

Job Segment: Corporate Security, Work from Home, Marketing Manager, Data Conversion, Banking, Security, Contract, Marketing, Data, Finance