Title:  Director, IT Risk and Resilience

Requisition ID: 238296

Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.

Provides leadership for the IT Risk function within Global Technology & Enterprise Platforms (GTEP) reporting directly to the SVP/CIO. This role serves as the primary Risk 1A leader, responsible for the execution, tracking, and closure of all open risk and audit issues. The Director ensures that risk and audit items are proactively addressed and remediated in alignment with enterprise policies, regulatory expectations, and internal control frameworks. The role also integrates governance oversight from the GSRO and IT Risk domains, enabling a compliant technology environment.

Is this role right for you?

• Leads and drives a customer focused culture throughout their team to deepen client relationships and leverage broader Bank relationships, systems and knowledge.

• GSRO Responsibilities

Ø Monitor issues and problems for trends in root cause affecting stability and resilience.

Ø Identify opportunities to remove systematic causes of instability.

Ø Collaborate with local SROs and control functions to resolve root cause.

Ø Define, establish thresholds, and monitor resilience key performance indicators (KPIs).

Ø Collaborate with local SREs to ensure the Bank remains within threshold.

Ø Escalate to Technology leadership when Early Warning Thresholds are breached.

Ø Work with IT Risk to establish and monitor Key Risk Indicators related to IT availability, stability, and reliability.

Ø Lead remediation activities relating to enterprise-wide stability and resilience issues.

Ø Coordinate with local SROs to implement bank-wide resilience improvement initiatives.

Ø Accountable for availability and technology resilience standards.

Ø Maintain currency and relevancy of the Bank’s availability and resiliency policies, standards and processes.

Ø Coordinate with subsidiaries on adoption of applicable policies and standards.

Ø Promote SRE culture and capabilities at the Bank through:

Ø Training for application owners and director+

Ø Technology-wide communications

Ø Community of Practice (CoP) activities

Ø Local SRO roundtables

Ø Industry events

• Resilience Analytics

Ø Develop and monitor Key Risk Indicators and metrics for technology resilience and reliability.

Ø Provide commentary for Technology Risk Council, CIO monthly report, ERM report, and Board reporting.

Ø Ensure OSFI incident reporting for technology events is completed accurately and timely.

Ø Oversee data collection for impact and root cause analysis.

Ø Ensure reporting timelines meet regulatory guidelines across jurisdictions.

Ø Monitor DBR testing performance and forecasting.

Ø Escalate to CIOs and IT Risk teams to remediate non-compliance.

Ø Report progress and commentary to OSFI on a quarterly basis.

Ø Execute post-incident severity assessment of incident impact and causation.

Ø Manage data quality for regulatory reporting and ensure compliance with the Bank’s data risk policy.

Ø Project manage backup/restore tracking in accordance with Backup Restore Standard.

• Third Party Technology Resilience Controls

Ø Support the Bank’s Third-party Risk Management (TPRM) program.

Ø Ensure on-time and comprehensive review of third-party technology resilience due diligence, meeting SLA established by TPRM.

Ø Support contract owners in risk assessment and acknowledgment process for third-party technology risks.

Ø Monitor third-party technology resilience performance.

Ø Provide subject matter expertise for technology risk and disaster recovery in third-party contract negotiations.

Ø Support TPRM program process improvements.

Ø Support quarterly GRM reviews of TPRM.

• IT Risk 1A Responsibilities

Ø Monitor and remediate technology risks in GTEP.

Ø Lead audit issue remediations for all issues owned by GTEP, including biweekly progress reporting to leadership, escalation of at-risk issues, and support for issue owners in solution finding and remediation activities.

Ø Ensure GTEP operates within technology risk appetites, identify gaps and opportunities, track remediation activities, and provide forecasts.

Ø Drive risk culture improvements, including training and awareness.

Ø Own IT Operations & Infrastructure (“ITO”) work stream for US Remediation program, including leadership progress updates, escalations, and program management activities.

Ø Conduct regulatory compliance monitoring, compliance risk assessments, and gap remediations.

Ø Support ongoing regulatory reporting, monthly and quarterly reviews, RFIs, and thematic reviews.

Ø Maintain SOX and financial reporting Risk Control Matrix, support global SOX and external audit reviews for ITGCs, and remediate control gaps.

Ø Support third-party reviews of the Bank’s IT controls including client reviews.

•Understand how the Bank’s risk appetite and risk culture should be considered in day-to-day activities and decisions.

•Creates an environment in which his/her team pursues effective and efficient operations of his/her respective areas, while ensuring the adequacy, adherence to and effectiveness of day-to-day business controls to meet obligations with respect to operational risk, regulatory compliance risk, AML/ATF risk and conduct risk, including but not limited to responsibilities under the Operational Risk Management Framework, Regulatory Compliance Risk Management Framework, AML/ATF Global Handbook and the Guidelines for Business Conduct.

• Builds a high performance environment and implements a people strategy that attracts, retains, develops and motivates their team by fostering an inclusive work environment and using a coaching mindset and behaviours; communicating vison/values/business strategy; and, managing succession and development planning for the team.

Do you have the skills that will enable you to succeed in this role?

• Candidates require strong leadership, communication and strategic influencing capability, supported by well-developed analytical and strategic thinking competencies.

• Strong ability to balance competing or conflicting goals of various departments and stakeholders which requires a mature, diplomatic approach and highly developed negotiation and influencing skills.

• Good communication, facilitation and presentation skills for developing communication strategies for Executive approval through to implementation of strategies and programs.

• Active certifications: CRISC, CISA, CISM, CISSP

• 15+ years of progressive experience in technology risk management, audit issue remediation, and regulatory compliance within financial services

• Demonstrated success in managing and closing risk/audit issues, developing and executing remediation plans, and delivering executive-level risk reporting

What's in it for you?

• Diversity, Equity, Inclusion & Allyship - We strive to create an inclusive culture where every employee is empowered to reach their fullest potential, respected for who they are, and are embraced through bias-free practices and inclusive values across Scotiabank. We embrace diversity and provide opportunities for all employee to learn, grow & participate through our various Employee Resource Groups (ERGs) that span across diverse gender identities, ethnicity, race, age, ability & veterans.

• Accessibility and Workplace Accommodations - We value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. Scotiabank continues to locate, remove and prevent barriers so that we can build a diverse and inclusive environment while meeting accessibility requirements.

• Upskilling through online courses, cross-functional development opportunities, and tuition assistance.  

• Competitive Rewards program including bonus, flexible vacation, personal, sick days and benefits will start on day one.

• Community Engagement - no matter where you choose to work from; we offer opportunities for community engagement & belonging with our various programs such as hackathons, contests, cooking with friends, Humans of Digital and much more!

Location(s):  Canada : Ontario : Toronto 

Scotiabank is a leading bank in the Americas. Guided by our purpose: "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.  

At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our Recruitment team know. If you require technical assistance, please click here. Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.