Title:  Senior Manager CISO UK

Requisition ID: 160575

Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.

Purpose

Contributes to the overall success of Technology for Global Banking and Markets in Europe by ensuring specific individual goals, plans, initiatives are executed/ delivered in support of the team's business strategies and objectives. Ensures all activities conducted are in compliance with governing regulations, internal policies and procedures.

The incumbent will ensure local alignment with the defined global strategies, ensuring the reliable implementation of consistent and secure control processes to protect the Bank's information and data resources by:
i.    Ensuring that sound and consistent information security architectures that have been defined and documented are leveraged and effectively communicated to local business lines and technology support groups;
ii.    Directing, assuring, and advancing the security of the Scotiabank Group's networks, including the reliability and manageability of logical access security and application change control operations locally.
iii.    Pursuing security and control process improvements and the protection of emerging technologies and new delivery systems; In collaboration with the Central ESS/CSS/GSS functions.
iv.    Working closely with the rest of Global Security Operation Services, Global Advisory Services and Enterprise Security Services to facilitate communication, support and to transmit the Bank's Information Security vision as developed by the global bank CISO,
v.    Working directly with the Global Security Operation Services governance team to ensure effective governance is in place within the local operation and business environments supporting the global CISO directives and policies.

The incumbent will interact and provide relationship management within service, product, development, research and review and delivery areas in the execution of projects and steady state operations as it relates to security services and oversight. The incumbent also provides a high level of professional service to customers (both internal and external) consistent with Scotiabank standards and procedures.

Accountabilities

•    Champions a customer focused culture to deepen client relationships and leverage broader Bank relationships, systems and knowledge.

•    Leadership and strategic direction for Europe's information security function, ranging from planning and budgeting to motivational and promotional activities expounding the value of information security.

•    Scope includes compliance with European information security regulations, user education and access, and cybersecurity.

•    The incumbent is accountable for understanding, communicating and ensure compliance with Scotiabank's Information Security Policies as defined by Global Security Operation Services and Enterprise Security Services functions.

•    Leads or commissions the preparation and authorizes the implementation of necessary information security policies, standards, procedures and guidelines.

•    Identifies the vulnerabilities that may affect information assets and implements cost-effective security and risk management practices that function to minimize or eliminate their effects on the company's systems/applications/networks world-wide,

•    Provides direction and suggested practices for monitoring of network intrusion detection system.

•    Provide direction and suggested practices for virus detection and removal and communicate virus information throughout organization.

•    Leads the design and operation of related compliance monitoring and improvement activities to ensure compliance both with internal security policies and applicable laws and regulations.

•    Provides and maintains technical expertise on security aspects of systems, applications, and networks currently resident in the company and those planned for in the future.

•    Reviews system development, maintenance and acquisition efforts to ensure efficient and adequate security provisions.

•    Leads or commissions suitable information security awareness communication and training activities.

•    Leads or commissions information security risk assessments and controls selection activities

•    Provides information security interface to the business continuity plan/program for the company's data, information, and assets.

•    Acts as liaison with auditors regarding their role in information security policies and procedures and is responsible for the closure of audit issues relating to information security locally.

•    Acts as liaison with the European regulators including the Financial Conduct Authority (FCA), the Prudential Regulatory Authority (PRA), the Information Commissioner Office (ICO), the Data Protection Commissioner (DPC), the Central Bank of Ireland and other regional regulatory bodies as directed by senior management. The incumbent is responsible for appraising and responding to Information and Cyber Security requests, recommendations, directives and gap remediation to these bodies.

•    Provides input to the annual health assessment surveys, including the annual CEB (Corporate Executive Board) NIST-based cybersecurity maturity model and coordinates updates to the board locally on gap remediation programs

•    Liaises with and offers strategic direction to related governance functions (such as physical security/ facilities, risk management, technology, HR, legal and compliance) and senior and middle managers throughout the organization as necessary, on information security matters such as routine security activities plus emerging security risks and control technologies.

•    On behalf of the country and/ or business line, coordinate compliance reporting and updates with IS&C's Compliance Officer. Liaise with lines of business, and coordinate with IS&C's Compliance Officer, to deliver the timely reporting of local compliance activities to Scotiabank Group compliance office and the Senior Vice President, IT (business line), Liaise with internal and external audit teams, and participate in reviews that pertain to compliance with Bank and Regulatory IT security controls and guidelines.

•    Participates on appropriate committees/task forces of local/state/federal/banking organizations/ governments.

•    Provide second and third line information and Cybersecurity support, triaging incidents in accordance to the Service Desk Cyber Security Response plans

•    Provide support and guidance on privacy issues or regulatory requirement for MIFID II, MAR, AML and other UK, European or global regulatory initiatives.

•    Provide compliance and guidance on third party vendor and venue information and cyber security requirements as well as data privacy and compliance with GDPR.

Education / Experience / Other Information (include only those that are specific to the role)

•    Knowledge of networking technologies, operating systems, hardware and protocols.
•    Educated to degree level in a Computer Related Discipline preferred.
•    Good Knowledge of ITIL and Service awareness. ITJL Foundation preferred
•    Experience of managing simple projects with the ability to multitask.
•    Excellent problem-solvingskills and proactive approach to preventing re-occurring issues with innovative solutions.
•    Knowledge of Exchange and Market Data feeds e.g. Bloomberg, Reuters London Stock Exchange.
•    Knowledge of Open Systems Interconnect Standards and Communication protocols e.g. TCP-UDP.
•    The incumbent is expected to work independently within the boundaries of existing policies and procedures. The incumbent makes decisions with regard to production problems to facilitate appropriate solutions.
•    Education in and experience of Information and Cyber Security e.g. CISSP
 

Location(s):  England : Greater London : London 

Scotiabank is a leading bank in the Americas. Guided by our purpose: "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.  

At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our Recruitment team know. If you require technical assistance, please click here. Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.