Title:  Controls Testing Specialist

Requisition ID: 213764

Thanks for your interest in ScotiaTech, Scotiabank's new and innovative Technology hub in Bogota.

Join a purpose driven winning team that promotes creativity and innovation in a fast-paced environment, where we’re always committed to results, in an inclusive, diverse, and high-performing culture.

 

Purpose

Contributes to the overall success of the Global Technology Control Testing / IT Risk in Canada ensuring specific individual goals, plans, initiatives are executed / delivered in support of the team’s business strategies and objectives. Ensures all activities conducted are in compliance with governing regulations, internal policies, and procedures.

Global Technology Control Testing team plays an important role in the Bank’s Three Lines of Defense Framework, providing First Line of Defense for the Enterprise portfolio on all technology risk domains, including Cyber Security, Data Privacy, Software Lifecycle Management, Patch and Vulnerability Management, Incident Management, Disaster and Backup Recovery, Third-Party Management, and Audit & Regulatory issue remediations.

Manager, Technology Control Testing directly supports the Senior Manager Technology Control Testing to collaboratively assess high risk processes across in-scope business lines and support the execution of the control test exercise(s). This role is part of a strategic and comprehensive IT Risk Management Function within Technology Control Testing and ensures control testing execution and reporting in accordance with regulatory expectations, risk appetite, organizational risk practices and evolving business practices.

The role includes significant coordination and engagement with peers across all business lines and technology functions. This includes 1st, 2nd, and 3rd lines of defense for Technology in the execution of risk management activities, inclusive of regular updates, formal reporting and managing remediation commitments identified (e.g. audit findings).

Accountabilities

• Champions a customer focused culture to deepen client relationships and leverage broader Bank relationships, systems and knowledge.
• Assists Risk Owners in adhering to policies, frameworks, standards and guidelines through active engagement and guidance.
• Acts as a primary liaison between the risk owners and other risk groups to lead the facilitation and execution of risk management activities.
• Tests design and operating effectiveness attributes for technology controls
• Conducts IT General controls and automated control walkthroughs and assesses controls for effectiveness.
• Identifies, assesses, prioritizes, and reports on significant IT risks for IT and aligned business areas. This will require working with equivalent Risk Advisors in various business areas.
• Ensures findings are input in the enterprise Global Issue Management system and in full compliance of all policies and common standards, including the IT Risk Management Policy and Framework.
• Supports development of monitoring tools to evaluate the design and operating effectiveness of the key controls in the Business. Monitoring will include reviewing key indicators, sample testing and conducting thematic reviews.
• Assists documentation and monitoring the progress of remedial actions for issues identified through Technology Control testing and by others, including Internal Audit, Compliance, regulators, and management self-identified issues.
• Collaborates with IT Risk Senior Managers for other business units to improve risk management practices across the enterprise.
• Supports ad-hoc, special, and/or focused reviews as necessary, as well as other duties and projects as assigned.
• Understand how the Bank’s risk appetite and risk culture should be incorporate into in day-to-day activities and decisions.
• Actively pursues effective and efficient operations of his/her respective areas in accordance with Scotiabank’s Values, its Code of Conduct and the Global Sales Principles, while ensuring the adequacy, adherence to and effectiveness of day-to-day business controls to meet obligations with respect to operational, compliance, AML/ATF/sanctions and conduct risk.
• Champions a high-performance environment and contributes to an inclusive work environment.

Dimensions

Scope of role covers:

• Related high-risk Regulatory Compliance and Cybersecurity Control Testing needs of enterprise-wide (all business line) systems and applications, and other Technology Domain Services testing activities, across enterprise.
• Access and training on multiple systems
• Extensive familiarity with Scotiabank policies and procedures, Technology & Risk Management standards

Measurement of success in the role include:

• Key Performance Indicators (KPIs) around delivering on goals, testing activities, program enhancements.

Education / Experience / Other Information

Functional Competencies

• Effective communication, facilitation, and presentation skills for developing communication strategies for Executive approval through to implementation of strategies and programs.
• Ability to balance competing or conflicting goals of various departments and stakeholders which requires a mature, diplomatic approach and advanced negotiation and influencing skills.
• Ability to challenge leadership team especially when there is a need to balance control and compliance priorities with competing objectives.
• Ability to work with minimal supervision and deliver to tight deadline.

Education / Experience

• Requires an undergraduate degree combined with an Information Security professional designation such as CISM, CISA, CCSP, CISSP or CRISC are desirable.
• Experience with the following is recommended: ISO27001, COBIT, CIS, and NIST frameworks. Exposure to SOX requirements
• Need experience in a wide area of risk controls such as vendor risk, application risk, infrastructure risk, application risk. Reporting skills to prepare status of IT control framework to senior management.
• Experience in with IT Control Testing, Auditory, Risk Management or GRC (Governance, Risk and Compliance) 
• Experience in other risk management roles (across any line of defense) is desirable.
• Knowledge of security principles, cloud security, and IT processes
• B1+ level of English

Working Conditions

Work in a standard office-based environment; non-standard hours are a common occurrence.

#LI-Hybrid

Location(s):  Colombia : Bogota : Bogota

ScotiaTech is a business unit within ScotiaGBS, a Scotiabank Group company located in Bogota, Colombia. The ScotiaTech hub was created to support different technology systems and processes of the Bank. We offer an inclusive, positive work environment, and competitive benefits.

At ScotiaTech, we value the unique skills and experiences each individual brings and are committed to creating and maintaining an inclusive and accessible environment for everyone. Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at ScotiaTech; however, only those candidates who are selected for an interview will be contacted.