Title:  Director, Technology Risk and Control Self-Assessment

Requisition ID: 256440 

Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.

The Director, Technology Risk and Controls Self-Assessment (RCSA) Program leads the end-to-end execution, governance, and continuous enhancement of the Technology Risk & Control Self-Assessment (RCSA) program within the Bank’s Technology Internal Controls function.

The purpose of this role is to enable proactive technology and cyber risk management—anticipating risk, identifying areas of weakness, and surfacing where risk can be better managed so leadership can make informed, risk-based decisions. The role ensures Technology RCSAs move beyond point-in-time compliance to become a forward-looking management tool that highlights emerging risks, control gaps, and opportunities to strengthen resilience.

This role is accountable for ensuring the effective identification, assessment, monitoring, and reporting of technology and cyber risks across critical business services, applications, infrastructure, data, and third-party ecosystems. The Director ensures Technology RCSAs are grounded in recognized industry frameworks and are fully aligned with enterprise Operational Risk and Internal Audit and Regulatory expectations

Is this role right for you? In this role, you will:

• Own, lead, and execute the end to end Technology RCSA lifecycle across all technology risk and control domains, including information security, infrastructure, applications, data, cloud, and third party risk.
• Provide credible challenge to inherent and residual technology risk assessments, ensuring risks are appropriately identified, evaluated, and mapped to relevant risk and control domains.
• Identify and assess emerging technology and cyber risks and ensure end to end traceability across risks, controls, issues, metrics, audit findings, and loss events.
• Establish and maintain an enterprise aligned Technology RCSA program and methodology consistent with Operational Risk standards, the NIST Cybersecurity Framework (CSF), and industry cyber risk profiling frameworks (e.g., Cyber Risk Institute Profile).
• Ensure Technology RCSA outputs proactively surface areas of elevated risk, control weaknesses, and risk concentrations to support timely, risk based management decisions.
• Translate Technology RCSA results into clear, executive  and board level risk narratives, including risk heat maps, trend analysis, and forward looking insights.
• Enable senior leaders to understand technology risk trade offs and prioritize remediation and investment decisions based on actionable risk intelligence.
• Serve as the primary Technology RCSA point of contact for Second Line of Defense, Internal Audit and regulators, ensuring assessments withstand audit and supervisory scrutiny.
• Lead and drive a customer focused culture throughout their team to deepen client relationships and leverage broader Bank relationships, systems and knowledge.
• Direct day-to-day activities in a manner consistent with the Bank’s risk culture and the relevant risk appetite statement and limits.   Communicates the Bank’s risk culture and risk appetite statement throughout their teams
• Create an environment in which team pursues effective and efficient operations of respective areas, while ensuring the adequacy, adherence to and effectiveness of day-to-day business controls to meet obligations with respect to operational risk, regulatory compliance risk, AML/ATF risk and conduct risk, including but not limited to responsibilities under the Operational Risk Management Framework, Regulatory Compliance Risk Management Framework, AML/ATF Global Handbook and the Guidelines for Business Conduct.
• Build a high-performance environment and implements a people strategy that attracts, retains, develops and motivates their team by fostering an inclusive work environment; communicating vision/values/business strategy and managing succession and development planning for the team

Do you have the skills that will enable you to succeed in this role? We'd love to work with you if you have:

• Related university degree required or equivalent experience.
• Over 15 years of Cyber and IT experience (operations, development, and management) with insight into IT risk management, audit and governance.
• Strong leadership, communication and strategic influencing capability supported by well-developed analytical and strategic thinking competencies. 
• Expert knowledge and understanding of complex, leading edge technology
• Expert knowledge of multiple global businesses including related systems and procedures
• Expert ability to balance competing or conflicting goals of various departments and stakeholders which requires a match, diplomatic approach and highly developed negotiation & influencing skills.
• Forward thinking with ability to anticipate future events, trends, problems and opportunities and perceive patterns as they emerge.

What's in it for you? 

• Diversity, Equity, Inclusion & Allyship - We strive to create an inclusive culture where every employee is empowered to reach their fullest potential, respected for who they are, and are embraced through bias-free practices and inclusive values across Scotiabank. We embrace diversity and provide opportunities for all employee to learn, grow & participate through our various Employee Resource Groups (ERGs) that span across diverse gender identities, ethnicity, race, age, ability & veterans.
• Accessibility and Workplace Accommodations - We value the unique skills and experiences each individual brings to the Bank and are committed to creating and maintaining an inclusive and accessible environment for everyone. Scotiabank continues to locate, remove and prevent barriers so that we can build a diverse and inclusive environment while meeting accessibility requirements.  
• Upskilling through online courses, cross-functional development opportunities, and tuition assistance. 
• Competitive Rewards program including bonus, flexible vacation, personal, sick days and benefits will start on day one.
• Community Engagement - no matter where you choose to work from; we offer opportunities for community engagement & belonging with our various programs such as hackathons, contests, Humans of Digital and much more!

Location(s):  Canada : Ontario : Toronto 

Scotiabank is a leading bank in the Americas. Guided by our purpose: "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.  

At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our  Recruitment team know. If you require technical assistance, please click here. Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.