Title:  Global Head, Technology Risk Officer

Requisition ID: 259458 

Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.

The role:

The Global Head, Technology Risk Officer (TRO) leads the First Line of Defense (1B) Technology Risk and Internal Control function, accountable for the design, implementation, operation, and continuous improvement of technology and cybersecurity risk management practices across the enterprise. The role ensures technology and cybersecurity risks are identified, assessed, mitigated, monitored, and reported in alignment with the firm’s risk appetite, regulatory expectations, and business strategy.

This role requires a visionary leader with a deep understanding of cybersecurity principles, risk management, and compliance frameworks. The ideal candidate will possess strong communication and leadership skills, the ability to navigate complex regulatory landscapes, and a commitment to continuous improvement in the face of a rapidly evolving cybersecurity environment.

What will you do?

• Own execution and accountability for Technology Risk Management and Internal Controls within the First Line of Defense (1B). 

• Provide direction and oversight to Technology 1A risk owners to strengthen their capability to identify, assess, mitigate, and monitor technology and cyber risks. 

• Serve as a trusted 1B Technology Risk partner to Technology, Product, and Business teams. 
• Lead the identification, escalation, monitoring, and measurement of technology and operational risks in alignment with firm-wide risk management programs. 
• Serve as a deep subject matter expert and trusted Technology 1B partner on cybersecurity, resiliency and physical security principles, practices and technologies across key domains, including, Threat and Vulnerability Management, Data Protection, Identity and Access Management, Cyber Incident Response, Cyber Threat Intelligence, Technology Resilience, Third Party Cyber Risk, Physical Security and Application Security.
• Monitor technology risk KRIs and KPIs, supports review and challenge of remediation and get-to-green plans, and tracks delivery of sustainable risk reduction. 
• Ensures technology risk outcomes remain aligned to the firm’s risk appetite and governance expectations. 
• Prepare and presents technology risk insights, trends, and recommendations to senior management and governance forums. 
• Provide 1B risk and control advisory support, including targeted risk reviews, root cause analysis, and development of sustainable mitigation strategies. 
• Implements the firm’s technology risk management strategy, ensuring alignment with regulatory and industry standards. 
• Drives a proactive risk and control culture focused on prevention, transparency, and continuous improvement. 
• Partner with Second Line of Defense to support effective review, challenge, and enterprise consistency. 
• Collaborate with Technology leadership, Product Owners, Business Control Managers, and key stakeholders to maintain a comprehensive enterprise technology risk view. 
• Engage with regulators and internal governance bodies, as required. 
• Leads and scales a large, global Technology Risk and Internal Control organization, providing clear direction, priorities, and accountability across multiple teams and geographies
• Establish a strong operating model, including defined roles, decision rights, escalation paths, and performance expectations. 
• Build a strong leadership bench through coaching, succession planning, and capability development. 
• Drive workforce planning, capacity management, and resource allocation aligned to strategic priorities and regulatory commitments. 
• Foster an inclusive, high-performance culture emphasizing ownership, execution discipline, and continuous improvement. 
• Lead through change, effectively managing organizational complexity while maintaining focus on risk outcomes and control effectiveness. 
• Create an environment in which the team pursues effective and efficient operations of their respective areas in accordance with Scotiabank’s Values, its Code of Conduct, and the Global Sales Principles, while ensuring the adequacy, adherence to, and effectiveness of day-to-day business controls to meet obligations with respect to operational, compliance, AML/ATF/sanctions, and conduct risk.
• Lead and drives a customer focused culture throughout their team to deepen client relationships and leverage broader Bank relationships, systems and knowledge.
• Build a high-performance environment and implement a people strategy that attracts, retains, develops, and motivates the team by fostering an inclusive work environment and using a coaching mindset and behaviors; communicating vision/values/business strategy; and managing succession and development planning for the team.

What do you need to succeed?

• University degree in Computer Engineering, Computer Science, Technology, or a related field, with 10+ years of experience in progressively senior security roles within a complex, global organization.
• Professional certifications in cybersecurity, technology, or risk management (e.g., CISSP, CCSP, CEH, CISM).
• Strong understanding of regulatory and industry cybersecurity frameworks, including NIST, ISO 27001, FFIEC, OSFI, DORA, PCI DSS, and MITRE ATT&CK.
• Proficiency in risk management tools and data analytics.
• Mandatory experience in financial services, with a strong preference for banking.
• Proven experience leading audit, regulatory, and Second Line of Defense findings, including ownership of remediation planning, execution tracking, and sustainable closure.
• 10+ years of IT process and control experience, including internal audit, external audit, risk assessment, or issue management functions.
• Demonstrated experience driving cross‑functional, senior executive forums and remediation governance in a global environment.
• Strong adaptive leadership skills, with the ability to lead effectively through change and ambiguity.
• Excellent written and verbal communication skills, with the ability to articulate complex security and control concepts to technical and non‑technical stakeholders, including senior executives.
• Strong leadership and collaboration skills, including the ability to influence across all levels of management and manage large, complex initiatives.
• Fluency in English required; Spanish preferred.
• Deep practical knowledge of cybersecurity disciplines, including Cloud Security, AI/ML, Network Security, Threat Modeling, Vulnerability Management, and Technology Resilience.
• Strong analytical and critical‑thinking skills to assess business, technical, and operational risks.
• Proven ability to operate in high‑pressure, time‑sensitive environments, managing dependencies and competing priorities.
• Experience with cybersecurity diligence practices, including vulnerability assessments and penetration testing.
• Experience leveraging AI/ML capabilities to manage risks associated with emerging technologies.

What's in it for you?

• We have an inclusive and collaborative working environment that encourages creativity and curiosity and celebrates success
• We provide you with the tools and technology needed to create meaningful customer experiences
• You'll get to work with and learn from diverse industry leaders, who have hailed from top technology companies around the world
• We hire you for your talent — not just a job — so you can grow with us. We’ll equip you for success not only in your role, but also in your career as a whole
• Dress codes don't apply here: being comfortable does
• Access to thousands of online and in-person courses so you can hone your current skills, or learn new ones
• A competitive rewards package that includes a base salary, a performance bonus, company matching programs on pension and profit sharing, paid vacation, personal & sick days, medical, vision, and dental and much more

Location(s):  Canada : Ontario : Toronto 

Scotiabank is a leading bank in the Americas. Guided by our purpose: "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.  

At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our  Recruitment team know. If you require technical assistance, please click here. Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.