Please be advised that our Careers site will be unavailable from November 28 at 12am ET to November 29 12am ET for scheduled system maintenance.

Title:  Senior IT Risk Analyst - Tangerine


Requisition ID: 191297

Tangerine is Canada’s leading direct bank. We offer flexible and accessible banking options, innovative products, and award-winning Client service. The reason why Tangerine employees come to work each day is to help Canadians live better lives. We focus on making a difference in our communities, and that includes our own internal community. It’s important to us that our employees feel empowered and enthusiastic about belonging to our Orange culture.


As Canada’s leading digital bank, Tangerine technology is at the heart of everything we do. We have redefined what digital banking is, and we continue to evolve to tackle any opportunity and face every challenge through progressive technology and the power of collaboration.


Do you like new challenges? Are you ready to reach new heights in your career and become part of an established disruptor? If so, come join us and help redefine the Canadian banking landscape!


What you will be doing:


Tangerine IT Risk Management team plays an important role in the Bank’s Three Lines of Defense Framework, providing First Line of Defense for Tangerine and the Bank for all technology risk domains, including Cyber Security, Data Privacy, Software Currency, Disaster and Backup Recovery, Third Party Management, and Audit and Regulatory issue remediation. There are many exciting opportunities to grow in the areas of risk management, business technology development and work with many cross-functional teams within the Bank


As a 1B Line of Defence function, this role provides leadership and subject-matter expertise to assist Tangerine stakeholders in the identification, evaluation, treatment and monitoring of risks to the Bank’s data assets and the systems where information resides.  In doing so, this role will contribute towards Tangerine’s business objectives and our stated purpose of helping clients live better lives by empowering them to make smarter financial decisions.

Reporting to the Director of IT Risk Management, the Senior IT Risk Analyst is a key contributor for the development and execution of an enterprise IT Risk Management Program.  

Is this role right for you? In this role, you will:


The role of IT Risk Analyst is focused on three key functions:


IT Risk Governance

  • Maintain the compliance oversight of Scotiabank’s security and risk management framework, policies and standards for managing risks to its information assets and systems. 
  • Identify, assess, prioritize and report on material IT risks and aligned business areas. This will require working with various Risk owners / ambassadors and other control function groups.
  • Liaise with Scotiabank counterparts to identify evolving requirements.
  • Monitor evolving industry best practices, regulatory and legislative requirements;
  • Provide 1st Line of Defence functions with ongoing guidance to support the implementation of, and compliance to established IT and security requirements.
  • Conduct risk assessments and ensure that assessments and outputs are recorded in enterprise tools; support IT risk control testing and monitoring and help Risk Owners with remediation plan. 
  • Perform various types of data analysis work and prepare monthly / quarterly reporting.  


IT Risk Advisory

  • Provide direction to Tangerine’s functional teams to build their capability to identify, assess, mitigate and monitor risks associated with their use of information and IT systems.
  • Oversee IT security risks and controls associated with IT Operations and Cloud domain.  Where require, offer direction for the assessment, treatment and monitoring of risks, and inclusion of appropriate contractual security terms and conditions.
  • Analyze and respond to risk assessment requests assigned to IT Risk Team.
  • Lead advocacy and build positive culture for the management of IT and security risks.  Deliver ongoing counsel to risk owners to create IT risk awareness and acumen; communicating the business value of security and IT risk management practices.


IT Risk Reporting & Compliance Monitoring

  • Maintain Tangerine’s IT KPIs and KRIs within risk appetite for the IT domains assigned.
  • Lead engagement with Tangerine’s 2nd and 3rd Line of Defense function to influence the focus, scope and criteria for the testing of the Bank’s IT risk capabilities.
  • On-going monitor and track issues raised by Internal Audit, assist risk owners to ensure remediation is completed within pre-defined timelines and risk is addressed appropriately



Do you have the skills that will enable you to succeed in this role? We'd love to work with you if you have:


  • College or University degree, or equivalent experience.
  • 2+ years’ experience in a technology operations, risk management, cyber security, audit or corporate governance role.
  • Good working knowledge of risk management (governance, operations, audit, control functions, compliance, and risk management) and Tangerine Banking business and processes.
  • General knowledge in regulatory, legislative and industry requirements governing the management of technology systems and information (PIPIEDA, OSFI, PCI-DSS, NIST, etc.).
  • Strong communication and collaboration skills, supported by well-developed logical and analytical competencies.
  • Self-driven and fast learner, work independently at a fast-paced environment, guided by established practices and apply sound judgement to identify, troubleshoot and resolve day-to-day business, functional and operational issues. 
  • Beyond meeting minimum technical requirement for the job, candidates with demonstrated curiosity to learn, adaptable to changing situation and goal oriented will be given preference.
  • Good ability to balance competing or conflicting goals with sense of urgency. 


Certifications Preferred:

  • Certified in Risk and Information System Control (CRISC)
  • Certified Information Systems Security Professional (CISSP); or
  • Certified Information Systems Auditor (CISA);


What's in it for you?


  • You will be part of a diverse and inclusive team of Client-focused go-getters looking to learn from each other in an environment that celebrates and recognizes success!
  • You will have access to thousands of online and in person courses so you can shape your career growth with the support from diverse industry leaders.
  • You will get our help to save for your future and to invest in your total wellbeing through our Tangerine benefits*.
  • You belong here, we are equal and un-complicated. Bring your true self to work, dress codes don’t apply here.
  • You will enjoy workspace flexibility and all the excitement that comes from working at the official Bank of the Toronto Raptors.


*Tangerine employees participate in Scotiabank’s pension & benefits programs (available to permanent employees)


Location(s):  Canada : Ontario : Toronto

At Tangerine we value the unique skills and experiences each individual brings to the team, and are committed to creating and maintaining an inclusive and accessible environment. If you require accommodation during the recruitment and selection process, please let our Recruitment team know.

Job Segment: Risk Management, Cyber Security, Data Analyst, Internal Audit, Compliance, Finance, Security, Data, Legal