Share this Job

Title:  Senior Manager, Technology Control Testing

 

 

 

Requisition ID: 121903

Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.

 

The IT Risk Control Testing team plays an important role in the Bank’s Three Lines of Defense Framework, providing First Line of Defense for the Global Wealth portfolio on all technology risk domains, including Cyber Security, Data Privacy, Software Lifecycle Management, Capacity, Incident Management, Disaster and Backup Recovery, Third Party Management, Project Management, and Audit & Regulatory issue remediations.  

Senior Manager, Technology Control Testing directly supports the Head of Technology Control Testing to collaboratively assess high risk processes across business lines and manage the execution of the control test exercise(s). This role is part of a strategic and comprehensive IT Risk Management Function within the Technology First Line of Defense, and ensures design and implementation in accordance with regulatory expectations, risk appetite, organizational risk practices and evolving business practices.

The role includes significant coordination and engagement with peers across all business lines and technology functions. This includes 1st, 2nd, and 3rd lines of defense for Technology in the execution of risk management activities, inclusive of regular updates, formal reporting and managing remediation commitments identified (e.g. audit findings).

 

 

 

Is this role right for you? You will be responsible for:

 

 

  • Ensuring specific goals, plans, initiatives are executed / delivered in support of the team’s business strategies and objectives and all activities conducted are in compliance with governing regulations, internal policies and procedures.
  • Identifying and testing design and operating effectiveness attributes for IT General controls and automated controls
  • Leading IT General controls and automated control walkthroughs and assess controls for effectiveness
  • Advising and supporting risk owners in day to day risk management activities and execution. Assists risk owners in adhering to policies, frameworks, standards and guidelines through active engagement, guidance and counselling. Advising on the design and implementation of controls, and remediation plans to mitigate risk.
  • Acting as a primary interface and conduit between the risk owners and other risk groups to lead the facilitation and execution of risk management activities.
  • Compiling and (where applicable) presenting risk update reports for various risk groups, including technology risk updates to the monthly Global Wealth Management Core Risk Committee (CRC) and Technology Risk Council. 
  • Identifying, assessing, prioritizing and reporting on material IT risks for IT and aligned business areas. This will require working with equivalent Risk Advisors in various business areas. Ensuring outputs are recorded in the enterprise Global Issue Management system and in full compliance of all policies and common standards, including the IT Risk Management Policy and Framework.
  • Developing or enhancing monitoring tools to evaluate the design and operating effectiveness of the key controls in the Business. Monitoring will include reviewing key indicators, sample testing and conducting thematic reviews.
  • Leading internal control reviews of high-risk processes including procedure testing, establishing test plans and test scripts, providing recommendations, providing feedback and reporting to the Head of Technology COE.
  • Based on the activities in the area under review, be able to identify, articulate, and challenge management on the strength of their control program.
  • Working with Compliance officers to identify regulatory risks and integrate regulatory controls and monitoring into the overall technology control testing plan.
  • Documenting and monitoring progress of remedial actions for issues identified through Technology Control testing and by others, including Internal Audit, Compliance, regulators, and management self-identified issues.
  • Ensuring implementation of a strong IT risk culture in partnership with the risk owners and other control functions.
  • Overseeing audit issue remediation to meet the annual enterprise target, and SOX control testing across the portfolio by working with Internal and External Audit.
  • Reviewing and contributing to technology policies and standards under development or review, as applicable.
  • Monitoring effectiveness of portfolio impacting governance processes such as change management, project management and architecture reviews, for enforcing control requirements.
  • Engaging in business integration projects to ensure all appropriate technology controls and processes are implemented; and enable the implementation of appropriate technology controls and processes in non-integrated subsidiaries.
  • Collaborating with IT Risk Senior Managers for other business units to improve risk management practices across the enterprise.
  • Building a high-performance environment and implements a people strategy that attracts, retains, develops and motivates their team by fostering an inclusive work environment and using a coaching mindset and behaviors; communicating vison/values/business strategy; and, managing succession and development planning for the team.
  • Providing on-going coaching and guidance to less experienced Technology COE staff to ensure there is a consistent understanding of the overall risk program, KRIs, monitoring plan and governance structure.

 

 

 

Do you have the skills necessary to succeed in this role? We'd love to work with you, if you have:

 

 

  • Experience with the following is recommended: COBIT, CIS, and NIST frameworks. Exposure to SOX requirements
  • Need experience in a wide area of risk controls such as infrastructure risk, application risk. PM reporting/status skills in order to prepare status of IT control framework to senior management
  • Ability to work with minimal supervision and deliver to tight deadline
  • Develop workflows and queries to obtain data required for Dashboard development
  • Knowledge and experience in at least 5 technology disciplines, such as software development, API management, system design, information security, technology resilience, technology third party management, cloud computing, midrange and mainframe computing, project management, incident - problem - change management, networks and disaster recovery.
  • Knowledge of wealth management and asset management business is desirable
  • Experience in other risk management roles (across any line of defence) is desirable.
  • Experience in managing remediation programs is desirable.
  • Data Analytics and Visual dashboarding skills (PowerBI/Tableau) are desirable.
  • Certified Information Systems Auditor (CISA) and Certified in Risk and Information System Control (CRISC) are desirable.

 

 

Location(s):  United States : New York : New York City 

Scotiabank is a leading bank in the Americas. Guided by our purpose: "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.  

At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our Recruitment team know. If you require technical assistance, please click here. Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.


Nearest Major Market: New York City

Job Segment: IT Manager, Information Technology, Mainframe, Developer, Law, Technology, Legal