Title:  Senior Lead Security Advisory

Requisition ID: 259569 

Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.

Contributes to the overall success of the Global Information Security and Control division, ensuring specific individual goals, plans, initiatives are executed / delivered in support of the team’s business strategies and objectives.  Ensures all activities conducted adhere to governing regulations, internal policies.

The Role:
The Senior Lead Transformation is responsible for providing guidance to business lines to ensure the design, development and implementation of technological solutions that integrate security practices, assisting them in making informed decisions to protect Bank information and data resources, by: 

• Working with business lines, Solution Architects and Enterprise Architects to develop sound security strategic and tactical plans towards the reliable implementation of consistent and secure control processes, by assessing security risk.  

• Designing and developing sound risk management controls in accordance with Bank's standards that ensure the Bank's compliance with industry regulations. 

• Pursuing security and control process improvements to advance security compliance. 

• Reporting to management on the status of the system of internal controls with recommendations for remediation of risks. 

What You’ll Do:

1. TRA Transformation Program
   • Manage overall initiatives under TRA transformation such developing processes and documentation. 
   • Work with different entities within the IS&C (e.g. Pattern and Policy as Code, Threat Modelling teams) and Enterprise Architecture organization, to align their processes with the transformed TRA processes. 
   • Provide strategic guidance and technical expertise to business lines, IT support functions, and IS&C Control functions to implement the transformed TRA processes. 
   • Manage and align TRA transformation processes with IS&C and Enterprise Architecture, providing strategic guidance and technical expertise. 
   • Provide training and mentorship on transformed TRA processes to the Enterprise. 
2. Security Solutioning
   • Provide inputs to security assessment processes for platforms and applications to ensure inclusion of sound security controls. 
   • Conduct comprehensive security assessments, as needed. 
   • Evaluate existing security solutions and propose enhancements or new designs to address emerging threats and business requirements. 
   • Provide guidance and technical expertise on threat methodology and risk assessment frameworks and the creation of relevant threat modelling artifacts, as needed. 
   • Conduct or provide Quality Assurance on Threat Modelling as required. 
   • Support the development of security patterns. 
   • Enforce security patterns, policies, standards, and procedures to protect the integrity, availability, and confidentiality of the Bank applications and infrastructure. 
   • Conduct and enhance security assessments and solutions, ensuring the application of security patterns, policies, and threat modeling. 
3. Mentoring and Training
   • Provide guidance and training to the Enterprise on the transformed TRA processes. 
4. Compliance
   • Ensure that TRA transformed processes align with industry regulations and organizational compliance requirements. 
   • Contribute to the audit process, responding to compliance assessments and audits

What You'll Bring:

1. Threat Modeling and Risk Management: Experience in threat modeling, identifying risks in cloud environments, and advising on security best practices during cloud migration and modernization projects.
2. Compliance and Governance: Strong knowledge of cloud security governance frameworks (e.g., NIST, ISO 27001, SOC 2, CIS Benchmarks) and regulatory compliance requirements (e.g., GDPR, PIPEDA, PCI DSS).
3. Security Advisory: Experience in providing security advisory services, guiding teams through cloud security best practices and modernization security strategies.
4. Post-secondary education in Computer Science or in a related field. 
5. At least 5 years of hands-on technical work experience in performing threat risk assessments on complex applications and network environments.  
6. At least 6 years of experience in security solution architecture, software development, and/or hands-on experience with implementations of security controls. 
7. Strong experience leading complex projects providing security advice to ensure information security risks are mitigated. 
8. Certifications (CISSP, CISM, CCSP, CRISC, Cloud oriented Google, Microsoft or AWS certificates) are nice to have. 
9. Familiar with industry standards and frameworks e.g. NIST 800-53, ISO 27001, ISO27002, ISO 27017, ISO27018, PCI DSS. Solid knowledge of cloud technologies and cloud security (GCP or Azure or AWS, Kubernetes and IAM, CI/CD pipelines, Terraforms, infrastructure as a code). 
10. Advanced communication (verbal/written/presentation) skills in English. 

Working Conditions

Work in standard office-based environments located in Scarborough and Downtown Toronto; non-standard hours are a common occurrence. No external travel required.

Interested?

If your experience is closely related but doesn’t align perfectly with every qualification, we do encourage you to apply - you might be the right candidate for this or other roles at Scotiabank!

At Scotiabank, every employee is empowered to reach their fullest potential, respected for who they are and, embraced for their differences. That’s why we work to grow and diversify talent and engage employees in a performance-oriented culture.

What's in it for you?

• Diversity, Equity, Inclusion & Allyship - We strive to create an inclusive culture where every employee is empowered to reach their fullest potential, respected for who they are, and are embraced through bias-free practices and inclusive values across Scotiabank. We embrace diversity and provide opportunities for all employee to learn, grow & participate through our various Employee Resource Groups (ERGs) that span across diverse gender identities, ethnicity, race, age, ability & veterans.
• Accessibility and Workplace Accommodations - We value the unique skills and experiences each individual brings to the Bank and are committed to creating and maintaining an inclusive and accessible environment for everyone. Scotiabank continues to locate, remove, and prevent barriers so that we can build a diverse and inclusive environment while meeting accessibility requirements.
• Upskilling through online courses, cross-functional development opportunities, and tuition assistance.
• Competitive Rewards program including bonus, flexible vacation, personal, sick days, and benefits will start on day one.
• Community Engagement - no matter where you choose to work from; we offer opportunities for community engagement & belonging with our various programs.

Location(s):  Canada : Ontario : Toronto 

Scotiabank is a leading bank in the Americas. Guided by our purpose: "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.  

At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our  Recruitment team know. If you require technical assistance, please click here. Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.