Title:  Senior Manager, Cybersecurity Risk Management / Cyber & IT Risk / Global Risk Management

Requisition ID: 244917

Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.

Purpose

Contributes to the overall success of Cyber, IT, Data & AI Risk Management by ensuring individual goals, plans, and initiatives are delivered in support of the team’s strategies and objectives. Ensures all activities are conducted in compliance with governing regulations, internal policies, and procedures.

Collaborates with business-aligned risk leads, the first line of defense (1LOD), Regulatory Relations, Internal Audit, and Enterprise Technology Risk Management. Together, you will identify, assess, and challenge risks across cybersecurity, data, and AI/ML domains while ensuring effective, timely communication with senior management and stakeholders.

As part of the second line of defense, the Cyber, Data & AI Risk team provides independent oversight, challenge, and advisory support to strengthen methodologies, policies, processes, and tools within the Bank’s Technology Risk Management Framework.

Accountabilities

• Champions a customer focused culture to deepen client relationships and leverage broader Bank relationships, systems and knowledge.

• Champions a customer focused culture to deepen client relationships and leverage broader Bank relationships, systems and knowledge.

• Lead 2nd Line Challenge: Conduct comprehensive challenge to identify potential threats and vulnerabilities in the Bank’s processes, systems, and operations across cybersecurity, data governance, and AI/ML risk domains. Partner with 1st line of defense to develop risk mitigation strategies. Challenge IT and cybersecurity risks within scenario analysis and thematic reviews. Evaluate business use of AI/ML and generative AI to ensure safe, responsible, and policy-aligned deployment. Conduct cyber risk assessments, metrics, and controls within globally complex, dispersed, and diverse organizations.

• Control Evaluation: Evaluate the design of controls and communicate the impact of control weaknesses to first line teams and control implementers.

• Alignment Evaluation: Evaluate the extent to which the first line of defense is aligned with internal and external control standards, as well as regulatory and audit requirements.

• Stakeholder Advisory: Advise stakeholders on risk management, controls development, and adherence to mitigate risks. Influence technology, data, and AI decision-making to reflect the Bank’s risk appetite and risk culture.

• Risk Monitoring: Proactively monitor key risk indicators, analyze control metrics, and provide insights on risk management effectiveness to senior management, driving continuous improvement initiatives.

• Reporting: Support monthly and quarterly risk report development for various risk committees and senior management.

• Risk Monitoring: Monitor cybersecurity risks and the controls in place within the bank, as well as external cybersecurity reporting that may impact the bank.

• Co-ordinate local Global Risk Management (GRM) conformance program for the Enterprise Record & Information Management.

• Co-ordinate local GRM Business Continuity Plan.

• Actively pursues effective and efficient operations of their respective areas in accordance with Scotiabank’s Values, its Code of Conduct and the Global Sales Principles, while ensuring the adequacy, adherence to and effectiveness of day-to-day business controls to meet obligations with respect to operational, compliance, AML/ATF/sanctions and conduct risk.

• Champions a high performance environment and contributes to an inclusive work environment.

• Understand how the Bank’s risk appetite and risk culture should be considered in day-to-day activities and decisions.

• Actively pursues effective and efficient operations of his/her respective areas, while ensuring the adequacy, adherence to and effectiveness of day-to-day business controls to meet obligations with respect to operational risk, regulatory compliance risk, AML/ATF risk and conduct risk, including but not limited to responsibilities under the Operational Risk Management Framework, Regulatory Compliance Risk Management Framework, AML/ATF Global Handbook and the Code of Conduct.

• Contributes to a high performance environment and fosters an inclusive work environment; supporting the vison/values/business strategy for the team.

• The role has been identified as a Central Bank of Ireland prescribed Controlled Function. The incumbent is therefore required to have the relevant fitness and probity to carry out the role and responsibilities in such a manner that the incumbent can comply with the Central Bank of Ireland 2011 Fitness & Probity Standards, as applicable to the role.   In general, the Fitness & Probity Standards require the role holder to:

1. be competent and capable;
2. act honestly, ethically and with integrity; and
3. be financially sound. 

Education / Experience

Examples:

• University degree, preferably in Computer Engineering, Computer Science or related field
• Cybersecurity, technology, or risk management certification (e.g., CISSP, CCSP, CEH, CISM, etc.)
• Strong understanding of technology and cyber security regulatory frameworks and guidance (e.g., OSFI, NIST, FFIEC, GDPR, MITRE ATT&CK)

Key Skills and experience

• A minimum of 7 years’ experience in cyber security and technology departments and/or risk management, preferably in a financial institution
• Strong expertise Cybersecurity Risk Management (e.g., Access management, Data Leakage, Data Protection Cyber intelligence)
• 5+ years of experience or equivalent expertise in technology risk management, information security, or a related field, with a focus on risk assessment and control evaluation
• Proficiency in cyber security risk management & controls, security governance, with a track record of implementing effective risk mitigation strategies
• Strong understanding of IT risk management frameworks in a global banking environment.
• Understanding of AI/ML risks such as model drift, bias, explainability, training data exposure, and responsible AI frameworks.
• Familiarity with regulatory expectations and industry standards (NIST CSF, NIST AI RMF, ISO/IEC 27001, ISO/IEC 42001, etc.)

Core Competencies

• Able to convey complex concepts and ideas on issues requiring interpretation and opinion.
• Influences without authority across technology, architecture and operations.
• Build partnership with 1Line while maintaining independence.
• Highly organized, self-directed and documentation focused.
• Maintains objectivity and professionalism under pressure.
• Interprets and communicated KRIs/KPIs effectively to senior stakeholders.
• Able to Maintain in-depth knowledge of cyber and IT risks and controls across various information system architecture and engineering domains. Stay actively engaged in the industry on the latest in availability and resiliency and emerging operational risks.
• Demonstrate ownership a sense of urgency in implementing programs and evaluating priorities; be decisive, action-oriented, and practical.
• Excellent analytical skills; critical thinking and problem solving skills.
• Comfortable in ambiguous contexts.
• English fluency required and Spanish preferred.

Location(s):  Ireland : Leinster : Dublin 

Scotiabank is a leading bank in the Americas. Guided by our purpose: "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.  

At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our Recruitment team know. If you require technical assistance, please click here. Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.