Title: Senior IT Risk Analyst
Requisition ID: 207287
Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.
Scotiabank IT Risk Management team plays an important role in the Bank’s Three Lines of Defense Framework, providing First Line of Defense for Scotiabank and the Bank for all technology risk domains, including Cyber Security, Data Privacy, Software Currency, Disaster and Backup Recovery, Third Party Management, and Audit and Regulatory issue remediation. There are many exciting opportunities to grow in the areas of risk management, business technology development and work with many cross-functional teams within the Bank
As a 1B Line of Defence function, this role provides leadership and subject-matter expertise to assist Scotiabank stakeholders in the identification, evaluation, treatment and monitoring of risks to the Bank’s data assets and the systems where information resides. In doing so, this role will contribute towards Scotiabank’s business objectives and our stated purpose of helping clients live better lives by empowering them to make smarter financial decisions.
Reporting to the Senior Manager of IT Risk Management, the Senior IT Risk Analyst is a key contributor for the development and execution of an enterprise IT Risk Management Program.
Is this role right for you? In this role, you will:
The role of IT Risk Analyst is focused on three key functions:
IT Risk Governance
- Maintain the compliance oversight of Scotiabank’s security and risk management framework, policies and standards for managing risks to its information assets and systems.
- Identify, assess, prioritize and report on material IT risks and aligned business areas. This will require working with various Risk owners / ambassadors and other control function groups.
- Liaise with Scotiabank counterparts to identify evolving requirements.
- Monitor evolving industry best practices, regulatory and legislative requirements;
- Provide 1st Line of Defence functions with ongoing guidance to support the implementation of, and compliance to established IT and security requirements.
- Conduct risk assessments and ensure that assessments and outputs are recorded in enterprise tools; support IT risk control testing and monitoring and help Risk Owners with remediation plan.
- Perform various types of data analysis work and prepare monthly / quarterly reporting.
IT Risk Advisory
- Provide direction to Scotiabank’s functional teams to build their capability to identify, assess, mitigate and monitor risks associated with their use of information and IT systems.
- Oversee IT security risks and controls associated with IT Operations and Cloud domain. Where required, offer direction for the assessment, treatment and monitoring of risks, and inclusion of appropriate contractual security terms and conditions.
- Analyze and respond to risk assessment requests assigned to IT Risk Team.
- Lead advocacy and build positive culture for the management of IT and security risks. Deliver ongoing counsel to risk owners to create IT risk awareness and acumen; communicating the business value of security and IT risk management practices.
IT Risk Reporting & Compliance Monitoring
- Maintain Scotiabank’s IT KPIs and KRIs within risk appetite for the IT domains assigned.
- Lead engagement with Scotiabank’s 2nd and 3rd Line of Defense function to influence the focus, scope and criteria for the testing of the Bank’s IT risk capabilities.
- On-going monitor and track issues raised by Internal Audit, assist risk owners to ensure remediation is completed within pre-defined timelines and risk is addressed appropriately
Do you have the skills that will enable you to succeed in this role? We'd love to work with you if you have:
- College or University degree, or equivalent experience.
- 2+ years’ experience in a technology operations, risk management, cyber security, audit or corporate governance role.
- Good working knowledge of risk management (governance, operations, audit, control functions, compliance, and risk management) and Scotiabank Banking business and processes.
- General knowledge in regulatory, legislative and industry requirements governing the management of technology systems and information (PIPIEDA, OSFI, PCI-DSS, NIST, etc.).
- Strong communication and collaboration skills, supported by well-developed logical and analytical competencies.
- Self-driven and fast learner, work independently at a fast-paced environment, guided by established practices and apply sound judgement to identify, troubleshoot and resolve day-to-day business, functional and operational issues.
- Beyond meeting minimum technical requirement for the job, candidates with demonstrated curiosity to learn, adaptable to changing situation and goal oriented will be given preference.
- Good ability to balance competing or conflicting goals with sense of urgency.
Certifications Preferred:
- Certified in Risk and Information System Control (CRISC)
- Certified Information Systems Security Professional (CISSP); or
- Certified Information Systems Auditor (CISA);
Location(s): Canada : Ontario : Toronto
Scotiabank is a leading bank in the Americas. Guided by our purpose: "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.
At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our Recruitment team know. If you require technical assistance, please click here. Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.
Job Segment:
Testing, Information Systems, Cloud, Risk Management, Cyber Security, Technology, Finance, Security