Title:  Senior Lead, Cloud Security Platform Solutions

Requisition ID: 260539 

Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.

Scotiabank continues to be an industry leader for Payments technology and innovation. We have a history of safely leveraging new tools to enable new experiences for our customers, focusing on ensuring we protect their interests and goals. The result of this leads to modernization programs which aim to offer enriched information and transparencies to support the rapidly evolving payments community.

The Role

Scotiabank’s Cloud Security Advisory Services team is responsible for providing advisory services to business lines, subsidiaries and affiliates enabling the achievement of the Bank's Information Security as it continues to move to the Public Cloud.

What You’ll Do:

 The Senior Lead, Cloud provides guidance to business lines to ensure design, development and implementation of complex cloud projects and initiatives are in accordance with the Bank's Information Security Standards and in compliance with industry regulations. In this senior role, you will be supporting various business lines while assisting them in making informed decisions to protect information assets deployed in Public Clouds environments.

Is this role right for you?

1. You have strong experience leading complex projects providing security advice to ensure information security risks are mitigated.
2. You thrive in solutioning multiple security domains (Application Security, Data Protection, Cloud Security Engineering, Identity and Access Management, Cloud Security Architecture, Network Security, Risk Management, etc.) and knowledgeable of Zero Trust Architecture principles.
3. You have experience in solutioning security architecture for Public Clouds, creating and reviewing security patterns, and advising on security risks.
4. You are proficient in reviewing architecture and solution design documentation and can identify and assess potential risks.
5. You excel in reviewing Technical Design and Security Design documents and creating assessment documents and evaluating risks.
6. You are passionate about new technologies and enjoy the challenges of implementing security controls to protect them.
7. Working on different types of projects (from large complex to simple) is a part of your DNA.
8. You love to collaborate with various business lines, IT support functions and IS&C Control functions.

Key Job Accountabilities:

Cloud Security Architecture and Implementation:

• Design and implement security controls that protect cloud-based applications and infrastructure.
• Develop and enforce security patterns, policies, standards, and procedures to protect the integrity, availability, and confidentiality of the organization’s cloud infrastructure.

DevSecOps Integration:

• Integrate security tools and practices into the DevOps pipeline to ensure continuous delivery without compromising security.
• Conduct security reviews of cloud-native applications and platforms, identifying vulnerabilities and providing remediation strategies.

Cloud Security Monitoring:

• Assist in implementing and managing security monitoring tools to detect threats, anomalies, and potential security incidents in cloud environments.
• Collaborate with the incident response team to ensure that cloud-specific threats are properly addressed and mitigated.

Vulnerability and Patch Management:

• Conduct regular security assessments, review vulnerability scans, and review penetration testing reports of cloud applications and platforms.
• Coordinate with DevOps and IT teams to apply necessary patches and security updates across cloud infrastructure.

Compliance and Risk Management:

• Ensure cloud security solutions align with industry regulations and organizational compliance requirements.
• Manage the audit process for cloud security, responding to compliance assessments and third-party audits.

Continuous Improvement:

• Stay updated with emerging trends in cloud security and propose improvements to the current security posture.
• Evaluate new cloud security controls, technologies, tools, and processes to enhance the organization’s security in cloud environments.
• Keep informed and well versed on financial industry regulations demands in different regions based on practical experience.

What You'll Bring:

Post-secondary education in Computer Science or in a related field.

• You have at least 5 years of hands-on technical work experience in performing security assessments on cloud platforms, CI/CD deployment pipelines, network infrastructure and complex applications. Experience with Risk Assessments of applications migrated into the Cloud Environments.
• You have at least 6 years’ experience in security solution architecture, software development, and/or hands-on experience with implementations of cloud environments, security controls and cloud-based solutions.
• You are a strong communicator and capable of creating clear documentation.
• You have solid knowledge of cloud technologies and cloud security (GCP or Azure or AWS, Kubernetes and IAM, CI/CD pipelines, Terraforms, infrastructure as a code).
• Experience with GCP and Kubernetes is a strong asset.
• Experience with tools used in securing cloud deployments such as CNAPP, CSPM, CWPP, etc.
• You have cloud security engineering or cloud solution architecture certifications from Google, Microsoft or AWS.
• You have used industry leading productivity tools to produce quantitative/qualitative reports, data flow diagrams & visual presentations.
• Certifications (CISSP, CISM, CCSP, CRISC) are nice to have.
• Familiar with industry standards and frameworks e.g., NIST 800-53, ISO 27001, ISO27002, ISO 27017, ISO27018, PCI DSS, CIS.
• You possess advanced communication (verbal/written/presentation) skills in English. Knowledge of Spanish is an asset.

What's in it for you?

• You’ll join a team focused on building cloud platforms as products, enabling delivery teams across the enterprise rather than acting as a centralized gatekeeper or operating within a narrow delivery focus. This role offers exposure to a wide range of technologies, problem domains, and stakeholders.

• Diversity, Equity, Inclusion & Allyship - We strive to create an inclusive culture where every employee is empowered to reach their fullest potential, respected for who they are, and are embraced through bias-free practices and inclusive values across Scotiabank. We embrace diversity and provide opportunities for all employee to learn, grow & participate through our various Employee Resource Groups (ERGs) that span across diverse gender identities, ethnicity, race, age, ability & veterans.
• Accessibility and Workplace Accommodations - We value the unique skills and experiences each individual brings to the Bank and are committed to creating and maintaining an inclusive and accessible environment for everyone. Scotiabank continues to locate, remove, and prevent barriers so that we can build a diverse and inclusive environment while meeting accessibility requirements.
• Upskilling through online courses, cross-functional development opportunities, and tuition assistance.
• Competitive Rewards program including bonus, flexible vacation, personal, sick days, and benefits will start on day one.
• Community Engagement - no matter where you choose to work from; we offer opportunities for community engagement & belonging with our various programs.

Location(s):  Canada : Ontario : Toronto 

Scotiabank is a leading bank in the Americas. Guided by our purpose: "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.  

At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our  Recruitment team know. If you require technical assistance, please click here. Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.