Title:  Information Security Analyst

Requisition ID: 257062 

Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.

The Role:

The Cryptographic Services Analyst safeguards the organization’s cryptographic trust infrastructure by managing day-to-day operations and oversight for certificate, secrets, and cryptographic key services. The role is responsible for end-to-end operational workflows (queue management, incident response, escalations, and service ownership) and for managing the full lifecycle of digital certificates (request intake, issuance, renewal, replacement, and deactivation). The analyst partners with technology, security, and application teams to maintain strong operational controls, documentation, compliance readiness, and continuous improvement.

Is this role right for you? In this role, you will: 

• Operational service ownership: Manage the enterprise operational queue for digital certificates, cryptographic keys, and secrets services; track and deliver against service-level commitments.
• Certificate, secret, and key lifecycle operations: Manage end-to-end workflows including request intake, validation, signing/issuance, rotation, replacement, deactivation, revocation, and stakeholder communications; process and track requests through approved tooling.
• Installation validation & continuity: Verify certificate installation and confirm completion with application/infrastructure teams to reduce service disruption risk.
• Incident response & troubleshooting: Triage and support certificate, secrets, and keys related incidents and escalations (e.g., chain/trust issues, SAN mismatches, installation failures, inconsistent trust configuration), partnering with major incident processes as required.
• On‑call and operational support: Participate in rotational on‑call and pager support, which may require availability during evening hours, weekends, and statutory holidays, to ensure timely response to production issues and service disruptions. 
• key ceremonies: Participate in and support key ceremonies within the Cryptographic Production Centre (Air-gapped offline facility) in collaboration with other custodians.
• Inventory, ownership & custodian records: Maintain accurate certificate inventory, key inventory, and custodian records; track ownership and ensure continuity during team transitions and operational handovers.
• Governance, standards & compliance: Ensure practices align to internal policies and industry expectations; maintain and update operational documentation (runbooks, playbooks, RACI, process documents); support audits, compliance reviews, and risk assessments, including remediation of identified gaps.
• Cryptographic key issuance support: Support issuance activities for cryptographic keys and services (e.g., cloud vaults and enterprise key use cases), including scheduling and documentation for secure workflows as required.
• Stakeholder management: Build and maintain relationships with technology support teams and partners across the organization; act as a subject matter expert and provide guidance on certificate usage, trust chains, and best practices.
• Automation & modernization: Contribute to initiatives to support operational resilience and efficiencies.
• Continuous improvement: Identify operational risks, process inefficiencies, and single points of failure and work with management for improvements.

Do you have the skills that will enable you to succeed in this role? We'd love to work with you if you have:

• Experience with digital certificate lifecycle management (internal and publicly trusted certificate authorities).
• Strong understanding of PKI concepts, including trust chains, root and intermediate CAs, CSR generation, and key management practices.
• Knowledge of cryptographic solutions/services such as PKI, certificate management, and key services (e.g., symmetric keys, HSMs, cloud vault solutions).
• Ability to manage operational workflows end-to-end, including queue management, incident response, escalations, and service ownership.
• Excellent verbal and written communication skills, including the ability to communicate with stakeholders ranging from engineers to senior leadership.
• Education OR equivalent practical experience in a related field

Nice-to-Have:

• Security certifications such as CISSP, CISM, CompTIA Security+ (or equivalent).
• Experience with certificate formats and tools and/or enterprise secret management.
• Hands-on experience with ServiceNow, Confluence, and/or Jira.
• Experience in financial services / banking environments.
• Strong Office365 skills for operational tracking and reporting.

What's in it for you?

• Diversity, Equity, Inclusion & Allyship - We strive to create an inclusive culture where every employee is empowered to reach their fullest potential, respected for who they are, and are embraced through bias-free practices and inclusive values across Scotiabank. We embrace diversity and provide opportunities for all employee to learn, grow & participate through our various Employee Resource Groups (ERGs) that span across diverse gender identities, ethnicity, race, age, ability & veterans.
• Accessibility and Workplace Accommodations - We value the unique skills and experiences each individual brings to the Bank and are committed to creating and maintaining an inclusive and accessible environment for everyone. Scotiabank continues to locate, remove and prevent barriers so that we can build a diverse and inclusive environment while meeting accessibility requirements.  
• Upskilling through online courses, cross-functional development opportunities, and tuition assistance. 
• Competitive Rewards program including bonus, flexible vacation, personal, sick days and benefits will start on day one.
• Community Engagement - no matter where you choose to work from; we offer opportunities for community engagement & belonging with our various programs such as hackathons, contests, Humans of Digital and much more!

Location(s):  Canada : Ontario : Toronto 

Scotiabank is a leading bank in the Americas. Guided by our purpose: "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.  

At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our  Recruitment team know. If you require technical assistance, please click here. Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.