Title:  Director, US Technology Risk Officer (TRO), First Line of Defense (1B)

Requisition ID: 259631

 Salary Range:  -  

Please note that the Salary Range shown is a guideline only. Salary offered may vary based on factors, including, but not limited to, the successful candidate’s relevant knowledge, skills, and experience.

Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.

Purpose

The Director, U.S. Technology Risk Officer (CIO Risk Advisor) is a leadership role within the Technology First Line of Defense (1B) accountable for owning and strengthening technology risk management across the U.S. portfolio. The role provides embedded, credible risk leadership within technology to ensure material risks are identified early, assessed consistently, and managed within the Bank’s risk appetite, with clear governance, evidence, and accountability.

The Director serves as the primary technology risk advisor to the CIO, U.S. Global Banking & Markets Engineering (GBME) Technology, enabling decision making through transparent articulation of risk exposure, trade offs, control effectiveness, and residual risk. The role partners with technology executives, business leaders, and control functions to enable delivery of strategic outcomes while improving resiliency, reducing control weaknesses, and strengthening regulatory confidence.

The U.S. Technology Risk Office provides First Line ownership and accountability for technology risk management across key domains, including cybersecurity, data protection, software lifecycle management, platform resilience, incident and crisis management, disaster recovery, third party risk, technology change, and audit/regulatory remediation.

As a leader within the Technology First Line, the Director is responsible for establishing sound risk governance, scalable controls, and disciplined issue management routines aligned with regulatory expectations, enterprise risk appetite, and evolving business and technology strategies. The role also leads the first line US Technology Internal Control and Regulatory Management function for the engineering portfolio, ensuring timely risk identification, escalation, and remediation, and sustained compliance with applicable laws, regulations, and internal policies.

What You’ll Do 

• Advise the CIO and senior technology leaders on material technology risks, control effectiveness, and risk based decision options that influence strategy, investment prioritization, and delivery outcomes.
• Identify, assess, and prioritize technology risks across cybersecurity, data protection, software delivery, platform resilience, incident and crisis management, disaster recovery, third party risk, and technology change.
• Own first line Technology governance, issue management, and remediation, driving timely and sustainable resolution of audit and regulatory findings and reducing repeat and thematic issues.
• Exercise escalation authority by raising material risks, control failures, and remediation slippage to appropriate senior leaders and governance forums, with clear recommendations and documented outcomes.
• Influence technology roadmaps and operating practices to remediate systemic control gaps and embed sustainable controls into engineering and operational processes (including SDLC and change management).
• Deliver executive level reporting (KPIs/KRIs) that provides transparency into risk posture, control health, and emerging risks for senior management and risk committees.
• Partner with Internal Audit and regulators to support audits and examinations, ensuring accurate, timely, and defensible responses to requests for information.
• Strengthen first line risk culture by building risk owner capability, reinforcing accountability, and enabling consistent risk decisioning across the portfolio.
• Improve the technology risk posture by driving and governing remediation to get to green, eliminating systemic control gaps, embedding sustainable controls, and delivering clear CIO level insight to support risk based decisions
• Lead GBME technology risk assessments, including control self assessments and thematic reviews, in partnership with Business Internal Control teams.
• Evaluate technology governance effectiveness and support business integration initiatives to identify, escalate, and remediate risk and control gaps, ensuring appropriate controls are implemented
• Oversee SOX control execution, including test coordination, evidence readiness, and quarterly attestations.
• Champion a customer-focused culture and deepen relationships with senior leadership, peers, and functional groups.
• Ensure compliance with information security regulations, user education, and cybersecurity.
• Lead the design and operation of compliance monitoring and improvement activities to ensure compliance with internal security policies and applicable laws and regulations.
• Actively pursue effective and efficient operations, ensuring adherence to operational risk, regulatory compliance risk, AML/ATF risk, and conduct risk frameworks.
• Understand and apply the organization’s risk appetite and risk culture in day-to-day activities and decisions.
• Build a high-performance environment and implement a people strategy that attracts, retains, develops, and motivates the team.

What You’ll Bring 

• Candidates should have comprehensive knowledge or experience in one or more of the following areas:
  • Regulatory (e.g., FFIEC Guidelines, NYS DFS, FRB NY, FINRA)
  • Technology (e.g., IT Asset Management, Software Currency, Cybersecurity)
  • Issue Management (e.g., execution tracking, risk evaluation, escalation, reporting)
  • Audit or Regulatory Exam Management (e.g., governance, audit, control functions, compliance, risk management)
• Minimum 10+ years of technology and non-financial risk management experience (governance, operations, audit, cyber, control functions, compliance, risk management).
• Demonstrated breadth across multiple technology domains, such as software development, API management, system design, information security, technology resilience, third party management, cloud computing, project management, incident/problem/change management, networks, and disaster recovery.
• Experience in managing remediation programs and other risk management roles (across any line of defense) is desirable.
• Strong leadership and executive communication skills, with the ability to influence senior stakeholders through clear messaging, presentation, and stakeholder management
• Advanced negotiation, project management, governance, and stakeholder management skills.
• Data analytics and visual dashboarding skills (Power BI/Tableau) are desirable.
• Knowledge or understanding of risk/control frameworks (ITIL, ISO, COBIT, NIST, FFIEC) is desirable.
• Relevant certifications are an asset (CISA, CISM, CRISC, CISSP, ITIL V3 Foundation, COBIT).

Interested? 

If your experience is closely related but doesn’t align perfectly with every qualification, we do encourage you to apply - you might be the right candidate for this or other roles at Scotiabank! 

At Scotiabank, every employee is empowered to reach their fullest potential, respected for who they are and, embraced for their differences. That’s why we work to grow and diversify talent and engage employees in a performance-oriented culture. 

What's in it for you? 

 
Scotiabank wants you to be able to bring your best self to work – and life, every day. With a focus on holistic well-being, our many flexible benefit programs are designed to help support your unique family, financial, physical, mental, and social health needs. 

#GBM 

Location(s):  United States : Texas : Dallas

Scotiabank is a leading bank in the Americas. Guided by our purpose: "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.  

At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our Recruitment team know. If you require technical assistance, please click here. Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.

Scotiabank is an equal opportunity employer.  We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other characteristic protected by federal, state, or local law.