Title:  Director, U.S. Deputy CISO

Requisition ID: 225315

 Salary Range: 180,000.00 - 301,500.00 

Please note that the Salary Range shown is a guideline only. Salary offered may vary based on factors, including, but not limited to, the successful candidate’s relevant knowledge, skills, and experience.

Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.

Global Banking and Markets 

Global Banking and Markets (GBM) is a leading Canadian Capital Markets and Investment Banking business with a growing platform in the US and Latin America, operating globally for over 100 years. Scotiabank’s strong U.S. presence provides our clients an important bridge to this key global market for trade and investment flows across the Americas and the world. 

Global Banking & Markets provides a full range of investment banking, credit and risk management products and services relevant to the financing and strategic development needs of our clients. Our products include debt and equity financing, mergers & acquisitions, corporate banking, institutional equity sales, trading and research, fixed income products, derivatives, energy, foreign exchange and precious & metals. We also cross-sell the full range of wholesale products and services offered by the Scotiabank Group.  

Be part of an innovative, Global Capital Markets and Investment Banking business with a unique geographic footprint that puts capital to work for our clients across industries!  We work together to drive ambition for every future! 

Purpose

The US Deputy Chief Information Security Officer (Deputy CISO) will support the MD & US CISO in building robust United States technology risk (includes all non-financial risks such as Cyber Risk, Availability, Resiliency Risks and Operational Risk ) related controls and processes and ensure they are maintained and adhered to in the assigned portfolio. Along with the MD & US CISO the Deputy CISO will collaboratively assess, evaluate and remediate increasingly complex technology risk, design controls and assist in their implementation in the USA, a key growth market. Acts in the line of defense as Internal Control (1B) to ensure implementation of initiatives in accordance with regulatory expectations, risk appetite, organizational risk practices and evolving business practices. Ensures all activities conducted are in compliance with governing regulations, internal policies and procedures.

What You'll Do

• Champion a customer focused culture to deepen relationships with Sr. leadership, peers, and functional groups by leveraging IT and risk expertise. 
• Partners across senior executives US CIO, Global CISO, Risk, Operations, compliance and legal teams to deliver improved US regulatory outcomes and strategies.
• Supports in the US 1st line Technology Risk, Cyber Security and Internal Controls teams
• Alongside with the MD & CISO, the Deputy CISO will collaborate with US CIO and Global CISO, in leading frequent interaction and reporting to US Federal Regulators.
• Support in overseeing critical 1st Line of Defense (1B) function in highly regulated US Technology realm with ongoing guidance to support the implementation of, and compliance to, established IT Standard, Policies, Procedures, regulatory, operational risk and cyber risk requirements through active engagement, guidance and counselling. 
• Support in leading US 1st Line of Defense (1A) teams and Risk owners, to build their capability to identify, assess, mitigate and monitor risks associated with their use of information and IT systems. 
• Is primary interface and conduit between the 1A risk owners and other risk groups or advisors in various business areas (Internal Controls, Audit, Cyber Security, Privacy, Fraud, Resilience, Availability) to spearhead the facilitation and execution of risk management activities. 
• Support in Managing Technology Risk identification, assessment, prioritization for relevant business areas. Ensures observations, issues and outputs are tracked and actioned. 
• Support in leading US Technology risk control testing and monitoring and guides all US based Technology Risk Owners with remediation plans. 
• Partner with and face other risk groups to assess, implement and communicate new/updated risk controls, frameworks, policies, risk indicators, metrics and limits.
• Oversee analyses of systems or asset data and deliver monthly / quarterly reporting for senior management, Internal Controls, GRM, Compliance, Audit, Operational Risk or 1A stakeholders. 
• Leads team that develops reports and presentations to deliver updates on KPIs/KRIs to various audiences, including senior business risk committees. Develop or manage programs to establish KRI performance within the bank’s risk tolerance. Prioritize risk activities, ensure timely remediation and escalate when necessary. 
• Evangelize for Technology Risk and promote a strong risk culture in partnership with the risk owners. 
• Co-ordinate SOX control testing. Facilitate evidence collection and escalate conflicts or roadblocks to relevant SME to ensure control testing is completed as per schedule. Prepare quarterly SOX attestations. 
• Ensuring that sound and consistent information security architectures that have been defined and documented are leveraged and effectively communicated to local business lines and technology support groups. 
• Support in the directing, assuring, and advancing the security of the Scotiabank Group's networks, including the reliability and manageability of logical access security and application change control operations locally. 
• Pursuing security and control process improvements and the protection of emerging technologies and new delivery systems; In collaboration with the Central ESS/CSS/GSS functions.
• Working closely with Global Security Operation Services, Global Advisory Services and Enterprise Security Services to facilitate communication, support and to transmit the Bank's Information Security vision as developed by the global CISO
• Creates an environment in which their team pursues effective and efficient operations of their respective areas in accordance with Scotiabank’s Values, its Code of Conduct and the Global Sales Principles, while ensuring the adequacy, adherence to and effectiveness of day-to-day business controls to meet obligations with respect to operational, compliance, AML/ATF/sanctions and conduct risk.
• Champions a customer focused culture to deepen client relationships and leverage broader Bank relationships, systems and knowledge
• Scope includes compliance with information security regulations, user education and access, and cybersecurity.
• Accountable for understanding, communicating and ensure compliance with Scotiabank's Information Security Policies as defined by Global Security Operation Services and Enterprise Security Services functions.
• Leads the design and operation of related compliance monitoring and improvement activities to ensure compliance both with internal security policies and applicable laws and regulations.
• Provides and maintains technical expertise on security aspects of systems, applications, and networks currently resident in the company and those planned for in the future.
• Reviews system development, maintenance and acquisition efforts to ensure efficient and adequate security provisions.
• Actively pursue effective and efficient operations of his/her respective areas, while ensuring the adequacy, adherence to and effectiveness of day-to-day business controls to meet obligations with respect to operational risk, regulatory compliance risk, AML/ATF risk and conduct risk, including but not limited to responsibilities under the Operational Risk Management Framework, Regulatory Compliance Risk Management Framework, AML/ATF Global Handbook and the Guidelines for Business Conduct.
• Champion a high-performance environment and implement a people strategy that attracts, retains, develops and motivates their team by fostering an inclusive work environment, communicating vison/values/business strategy and managing succession and development planning for the team.
• Understand how the Bank’s risk appetite and risk culture should be considered in day-to-day activities and decisions.

What You’ll Bring 

• Candidates should have a breadth of Technology and non-financial Risk management experience. 10+ years (governance, operations, audit, cyber, control functions, compliance, risk management).
• Candidates require expert leadership, communication (both verbal and written) and influencing capability, supported by well-developed logical thinking competencies. Proficient written and verbal communication required at all levels of the organization is essential.
• Requires expert Technology risk management experience in multiple areas including but not limited to; internal controls, systems design, security, availability/stability/resiliency, disaster recovery, third party risk management, change management, release management, audit, regulatory risk, logical access, software currency. Exposure to cloud controls would be an asset. 
• Proven experience in risk or Cyber security leadership preferably with deep knowledge of US and GBM businesses including related systems, procedures, regulations expected.
• Ability to balance contesting or conflicting goals of various departments and stakeholders which requires a mature, diplomatic approach and advanced negotiation, project management, governance and influencing skills. 
• Strong presentation design and delivery expected as part of the leadership team. Data Analytics and Visual dashboarding would be desirable. 
• Knowledge or understanding of Risk / Control frameworks (ITIL, ISO, COBIT, NIST, FFIEC). 
• Advanced degree in Computer Science, Engineering, Business Commerce or equivalent experience. Additional relevant Certifications would be an asset - ITIL V3 Foundation Cert. in ITSM, COBIT, CRISC, CISSP.

Interested? 

If your experience is closely related but doesn’t align perfectly with every qualification, we do encourage you to apply - you might be the right candidate for this or other roles at Scotiabank! 

At Scotiabank, every employee is empowered to reach their fullest potential, respected for who they are and, embraced for their differences. That’s why we work to grow and diversify talent and engage employees in a performance-oriented culture. 

What's in it for you? 

Scotiabank wants you to be able to bring your best self to work – and life, every day. With a focus on holistic well-being, our many flexible benefit programs are designed to help support your unique family, financial, physical, mental, and social health needs. 

Location(s):  United States : New York : New York City

Scotiabank is a leading bank in the Americas. Guided by our purpose: "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.  

At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our Recruitment team know. If you require technical assistance, please click here. Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.