Title:  Director, Security Solutions and Engineering

Requisition ID: 248770

Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.

The Role:

Reporting to the Head of Cloud & Application Security Product Management and Architecture, the Director, Security Solutions and Engineering will provide leadership to support solution architecture, design patterns and Policy as Code practices and also serve as the primary security architect for emerging technologies within the Bank. The ideal candidate has strong leadership and stakeholder engagement skills and will lead a cross-functional team to deliver results that ensure alignment with long-term business objectives, regulatory mandates, and enterprise architecture standards. This involves setting clear objectives, providing mentorship, and ensuring that the deliverables align with the broader strategic goals of the organization.

The Director facilitates collaboration across different departments with the aim of making strategic architectural decisions and is accountable for defining and implementing enterprise-scale security architectures and engineering solutions for a regulated banking environment. This role ensures security controls are architected, engineered, automated, and embedded into platforms, cloud environments, digital channels, and core systems using modern practices such as policy-as-code, reusable security patterns, and platform-based security services.

This leader will partner closely with Enterprise Architecture, Cloud Engineering, Data, and Risk & Compliance teams to ensure security architecture aligns with regulatory requirements, business strategy, and technology transformation initiatives.

Is this role right for you? In this role, you will: 

• Provide direction to design, develop, automate and govern security architecture for the Bank, in collaboration and alignment with global business, technology, and second and third line of defense teams.
• Define and maintain enterprise security architecture frameworks for Cloud and hybrid infrastructure, banking platforms, digital channels and data platforms and analytics environments
• Align security architecture with enterprise architecture standards, technology roadmaps, and business transformation programs (e.g., core modernization, cloud migration, digital transformation).
• Provide architectural risk assessments and design guidance for high-impact banking initiatives.
• Define security architectures for emerging banking technologies, including Generative AI and model platforms, Edge computing and IoT, Serverless and event-driven platforms and Quantum-resistant cryptography strategies
• Define automated guardrails aligned with OSFI, OCC, MAS, EBA, FFIEC, PCI DSS, SOC2, ISO 27001, NIST and Internal bank policies and risk frameworks.
• Integrate security policies into Infrastructure-as-Code pipelines, CI/CD pipelines, Kubernetes and container platforms and Cloud governance platforms
• Lead teams responsible for building and operating security platforms such as Cloud security posture management and workload protection, Application security platforms (SAST/DAST/SCA/IAST), Secrets management and cryptographic services (HSM, KMS), Security telemetry, detection engineering, and data pipelines.
• Drive the transformation of security policies into enforceable policies embedded within CI/CD pipelines, infrastructure and cloud environments.
• Facilitate forums and prepare the team for constructive collaboration sessions with cross-functional teams, technology and business channels, and control functions
• Define Cloud Security Policy as Code and Patterns architecture aligned to the Bank’s Cloud Security Posture and Security Policies & Standards.
• Lead security architecture governance through Architecture Review Boards and Security Design Reviews.
• Work closely with Risk Management, Compliance, Internal Audit and Regulators as required to provide defensible architecture documentation for audits and regulatory exams.
• Build and lead a high-performing team of security architects and engineers across cloud and application security domains.

Do you have the skills that will enable you to succeed in this role? We'd love to work with you if you have:

• Minimum of a bachelor’s degree (or equivalent) required
• 12+ years in security architecture, engineering, or technology leadership, with 5+ years leading enterprise-scale teams in a complex, global organization.
• Proven experience in financial services, banking, capital markets, or other regulated industries.
• Demonstrated success designing and implementing large-scale cloud and application security architectures.
• Strong background in embedding security into DevOps and platform engineering environments.
• Deep understanding of compliance frameworks and regulatory requirements.
• Previous exposure to Regulatory, Compliance, Risk and Audit functions
• Experience as a key technical partner in global technology transformation efforts, demonstrating the ability to inspire and align diverse technologists, drive efficient and effective decision-making, and to deliver and support a robust information security governance framework.
• Security certifications (e.g. CISSP, CCSP, SABSA, TOGAF, cloud certifications) are highly desirable
• Experience engaging with regulators and internal audit is a must
• Knowledge of OSFI, OCC, FFIEC, EBA, MAS, PCI DSS, ISO 27001, NIST is preferred
• Strong leader, with demonstrated ability to lead technical teams and build and maintain credibility with technical and non-technical stakeholders, alike. Deep knowledge of relevant technologies must be combined with the ability to lead highly technical teams, strong business acumen and excellent communication and listening skills.
• Strong planning and organizational skills; can manage multiple tasks and meet deadlines
• Experience in working with complex processes
• Willing to learn and grow, and demonstrates resilience to ever-changing priorities

What's in it for you?

• Diversity, Equity, Inclusion & Allyship - We strive to create an inclusive culture where every employee is empowered to reach their fullest potential, respected for who they are, and are embraced through bias-free practices and inclusive values across Scotiabank. We embrace diversity and provide opportunities for all employee to learn, grow & participate through our various Employee Resource Groups (ERGs) that span across diverse gender identities, ethnicity, race, age, ability & veterans.
• Accessibility and Workplace Accommodations - We value the unique skills and experiences each individual brings to the Bank and are committed to creating and maintaining an inclusive and accessible environment for everyone. Scotiabank continues to locate, remove and prevent barriers so that we can build a diverse and inclusive environment while meeting accessibility requirements.  
• Upskilling through online courses, cross-functional development opportunities, and tuition assistance. 
• Competitive Rewards program including bonus, flexible vacation, personal, sick days and benefits will start on day one.
• Community Engagement - no matter where you choose to work from; we offer opportunities for community engagement & belonging with our various programs such as hackathons, contests, Humans of Digital and much more!

Location(s):  Canada : Ontario : Toronto 

Scotiabank is a leading bank in the Americas. Guided by our purpose: "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.  

At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our Recruitment team know. If you require technical assistance, please click here. Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.