Title:  Director, Technology Risk

Requisition ID: 249424

Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.

Support the Director IT Risk Governance, Standards and Controls and lead the governance and operation of the technology and cyber issues lifecycle for the Bank, leveraging ServiceNow Integrated Risk Management as the primary platform of record. Ensure that issues arising from audits, regulatory reviews, risk assessments, security tooling, and control monitoring are consistently captured, risk rated, remediated, and validated in line with the Bank’s risk appetite and banking regulatory expectations

Is this role right for you? In this role, you will:

• Define and govern taxonomies for issues, control failures, and root causes consistent with the operational risk and regulatory reporting requirements
• Support technology and cyber risk committees/forums to review issue status, challenge remediation, and escalate material items to senior risk and business leadership
• Own and maintain the Bank’s technology and cyber issues management process
• Lead the design and continuous improvement of ServiceNow IRM issue and exception management workflows, including automated issue creation from control failures, indicators, audits, and security tools.
• Define data standards for issues, actions, policy exceptions, residual risk, and ownership to ensure a single, trusted source of truth across ScotiaTech.
• Partner with Platform/ServiceNow teams to optimize the Risk Workspace, dashboards, notifications, and integrations with vulnerability management, incident, change, and CMDB modules.
• Oversee the end to end lifecycle of technology and cyber issues, including internal and external audit findings, regulatory issues, policy and control exceptions, penetration test findings, and operational incidents.
• Provide effective challenge on issue descriptions, impact/likelihood, regulatory relevance, action plans, and target dates, particularly for high risk or regulatory significant items.
• Ensure robust closure and independent validation, supported by appropriate evidence captured in ServiceNow IRM and available for audit and regulatory review.
• Develop ServiceNow and/or Business Intelligence tools based dashboards and KRIs to track issue volumes, severities, overdue items, theme clusters (e.g., cloud, identity, payments), and control break trends across ScotiaTech.
• Produce regular reporting packs for Technology & Cyber leadership, and Risk Committees, highlighting systemic weaknesses, repeat findings, and regulatory hot spots
• Drive thematic and root cause analysis across issues to inform strategic remediation programs (e.g., resilience, identity, data protection) and reduce recurring technology and cyber events
• Define integration requirements between ServiceNow IRM and other banking systems (e.g., security tools, operational risk, HR, finance) to automate issue creation, ownership, and status updates.
• Oversee configuration related to policy exceptions, control attestations, indicators, and automated control monitoring to ensure consistent issue and exception handling.
• Promote continuous improvement, including workflow simplification, reduced manual effort, and better data quality to support faster and more reliable regulatory and management reporting.
• Coordinate responses to regulators and Internal Audit relating to technology and cyber findings, remediation status, and evidence requests, leveraging ServiceNow as the authoritative data source.
• Influence prioritization of remediation against other change portfolios, ensuring customer impact, financial risk, and regulatory expectations are factored into decisions.
• Promote a transparent, no blame culture that encourages early identification and timely escalation of issues and near misses across technology and banking operations.
• Provide training and coaching to technology, cyber, and business teams on how to use ServiceNow IRM effectively for issues, actions, and policy exceptions.

Do you have the skills that will enable you to succeed in this role? We'd love to work with you if you have:

• 10+ years in Technology Risk, Cyber Security, Operational Risk, or Internal Audit in banking or financial services, including direct interaction with regulators.
• 5+ years leading issues and/or integrated risk management programs, including hands on experience implementing or governing ServiceNow IRM or a comparable GRC tool.
• Candidates require strong leadership, communication and strategic influencing capability, supported by well-developed analytical and strategic thinking competencies.
• Deep understanding of technology and cyber risk domains most relevant to banks (e.g., core banking platforms, digital channels, cloud, payments, identity, data protection, resilience).
• Strong knowledge of risk and control frameworks (NIST CSF, ISO 27001, COBIT, FFIEC, operational risk frameworks) and how they map into ServiceNow IRM objects and workflows.
• Good ability to balance competing or conflicting goals of various departments and stakeholders which requires a mature, diplomatic approach and highly developed negotiation and influencing skills.
• Good communication, facilitation and presentation skills for developing communication strategies for Executive approval through implementation of strategies and programs.
• Leads and drives a customer focused culture throughout their team to deepen client relationships and leverage broader Bank relationships, systems and knowledge.
• Builds a high-performance environment that attracts, retains, develops and motivates their team by fostering an inclusive work environment with clear communication of vision/values/business strategies and development planning for the team

What's in it for you?

• Diversity, Equity, Inclusion & Allyship - We strive to create an inclusive culture where every employee is empowered to reach their fullest potential, respected for who they are, and are embraced through bias-free practices and inclusive values across Scotiabank. We embrace diversity and provide opportunities for all employees to learn, grow & participate through our various Employee Resource Groups (ERGs) that span across diverse gender identities, ethnicity, race, age, ability & veterans.
• Accessibility and Workplace Accommodations - We value the unique skills and experiences each individual brings to the Bank and are committed to creating and maintaining an inclusive and accessible environment for everyone. Scotiabank continues to locate, remove and prevent barriers so that we can build a diverse and inclusive environment while meeting accessibility requirements.  
• Upskilling through online courses, cross-functional development opportunities, and tuition assistance. 
• Competitive Rewards program including bonus, flexible vacation, personal, sick days and benefits will start on day one.
• Community Engagement - no matter where you choose to work from; we offer opportunities for community engagement & belonging with our various programs such as hackathons, contests, Humans of Digital and much more!

Location(s):  Canada : Ontario : Toronto 

Scotiabank is a leading bank in the Americas. Guided by our purpose: "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.  

At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our  Recruitment team know. If you require technical assistance, please click here. Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.