Title:  Senior Manager, Cyber & IT Risk, Global Risk Management

Requisition ID: 214621

Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.

As the Senior Manager, Cyber Security and IT Risk, you will contribute to the overall successful development and execution of a second line of defense program for Cyber Security and IT Risk, perform assessments of risk management practices carried out by the first lines of defense, and carry out quantitative analysis of threat and vulnerability scenarios which may impact IT systems operations as well as business processes supporting the Bank’s multiple delivery channels, ensuring all operate within the Bank’s risk appetite levels for Cyber Security and IT services.

You will contribute to the development, execution and ultimately the overall success of a second line of defense function within the Global Cyber Security and IT Risk Management Program. You will also deliver challenge and carry out independent assessment and oversight of risk management practices carried out by the first line of defense.

This role particularly supports the Tangerine portfolio.

Is this role right for you? In this role, you will:

• Deliver objective evaluation and oversight of risk management practices carried out by the first line of defense to ensure that the Tangerine’s processes and controls relating to Cyber Security and IT Risks are sufficient to maintain the consistent operation of systems, the continuous availability and integrity of data and the confidentiality of sensitive information. 
• Rank and quantify cyber, IT, and related risks in terms of probability of event and potential dollar impact.
• Design scoring and quantification methodologies to support risk appetite discussions and enable sound decision making.
• At Tangerine, guide IT, Security, and other control functions on Cyber Security and IT Risk management processes, systems and procedures; review and provide advice relating to policies frameworks, standards and control objectives; and ultimately build and sustain a risk aware culture.
• Collaborate with internal and external partners to ensure information sharing and support complementary and contrasting risk oversight initiatives as appropriate
• Establish and maintain effective relationships with all key stakeholders and applicable support areas across Tangerine Bank and the BNS ERM team, to remain current on new developments and emerging risks
• Participate in major incident investigation when necessary, validating root cause of; IT and Cyber related incidents and loss events to the relevant failures in IT control processes, as well as quantitative loss impacts as assessed by the 1st line of Defense
• Monitor the IT Risk Profile, KRIs and associated Risk Metrics of Tangerine Bank to proactively identify changes in the profile and emerging risks, while reporting on identified information technology and cyber-security vulnerabilities in terms business executives can understand and use
• Periodically analyze risks to identify common themes, patterns or trends at an aggregate level
• Support in-depth analysis on areas with high inherent risk and evaluate the effectiveness of risk responses
• Monitor and report the status of Management’s IT risk response plans
• Support the identification and reporting submissions for Tangerine IT Risk related information for regulatory requirements.

Do you have the skills that will enable you to succeed? We’d love to work with you if you have:

• 7 to 10 years of experience with IT Operations, IT System Development Life Cycle (SDLC), IT and/or Cyber Risk Management, Governance, and/or Audit.  Information/Cybersecurity subject matter expertise is an asset.
• Strong communication, listening, presentation and facilitation skills
• Excellent interpersonal, leadership and relationship-building skills to deal with senior levels of management and local and remote business partners
• Demonstrated ability to analyze complex data in order to arrive at succinct messages and conclusions
• Strong strategic and critical thinking to influence enterprise risk program
• Experience across multiple Cyber and IT Operations areas (Change, Capacity, Continuity, Incident, Problem, etc.) in a large organization
• Experience using of GRC risk management tools
• Experience using COBIT, ITIL and other IT Operation specific industry frameworks
• Professional certifications and membership of associations such as CRISC, CISA, CISSP, CISM, etc. are an asset

What’s in it for you?

• An inclusive & collaborative working environment that encourages creativity, curiosity, and celebrates success!
• We offer a competitive rewards package: Performance bonus, Employee Share Ownership Program, and Pension Plan Matching, Health Benefits from day one!
• Your career matters! You will have access to career development and progression opportunities.

Location(s):  Canada : Ontario : Toronto 

Scotiabank is a leading bank in the Americas. Guided by our purpose: "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.  

At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our Recruitment team know. If you require technical assistance, please click here. Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.