Director, Program Management (IT Risk)

About The Position

Requirements

• Bachelor’s degree in Business, Technology, Engineering or related fields, or equivalent experience.
• 10+ years of experience in IT Risk Management, risk assurance, audit, or cybersecurity leadership roles, preferably in the financial services industry
• Working knowledge of key IT infrastructure, including good understanding of the risks associated with the platforms.
• Knowledge of IT Risk frameworks, methodologies and industry standards related to IT and Cyber Risk management, including emerging trends and issues. Demonstrated expertise in a broad range of Information Security and Risk Management principles and practices.
• Maturity level and skill/judgment to deal effectively with senior management and operational risk groups throughout the organization.
• Exceptional communication, negotiation, and stakeholder management skills, including strong appreciation of relationship management;
• Strong analytical and data-driven decision-making skills, including sound problem solving, research, and quantitative skills.
• Deadline-driven and results-oriented; able to meet consistently high-quality standards while handling a variety of tasks and deadlines simultaneously.
• Proven ability to navigate ambiguity, drive strategic change, and influence senior stakeholders.
• Experience working across cross-functional teams and collaborating with stakeholders at all levels of the organization.
• Experience leading, design and execution of IT risk management frameworks, policies, and procedures.
• Proven ability with monitoring regulatory changes and industry trends to ensure ongoing compliance and best practices.
• 7+ years managing and developing high-performing teams
• Self-discipline and organized with proven time management skills
• Ability to thrive in a fast-paced, dynamic, and changing environment

Nice To Haves

• Industry recognized qualifications and certifications in Information Security and/or Risk Management (CISA/CISM/CISSP /CRISC/CISSP) is a plus

Responsibilities

• Provide risk management leadership for assigned portfolio and serve as a key advisor to executive leadership and project teams on technology risk management within IT risk remediation projects.
• Maintain a thorough understanding of Scotiabank’s policies and standards, internal controls and IT control testing methodologies as well as related regulatory and industry compliance standards. Understand how the Bank’s risk appetite and risk culture should be considered in day-to-day risk remediation initiatives and decisions.
• Provide strategic direction and leadership to cross-functional teams, ensuring alignment with ScotiaTech’s strategic goals and business objectives, while cultivating a consistent and standardized approach to producing risk aligned audit and regulatory project deliverables.
• Provide operational risk expertise support to regulatory projects.
• Provide risk management support for planning and prioritizing initiatives across portfolios that support business strategy.
• Support the remediation of regulatory and compliance gaps, including the creation and maintenance of artifacts related to regulatory compliance, such as process documentation, narratives, and metrics.
• Review remediation plans and corrective actions to ensure that they are designed to reduce risk. Verify that control deficiencies are remediated according to the remediation plans.
• Review project deliverables and artefacts, including project closure packages to ensure they meet internal IQA standards and expectations, and adhere to industry best practices and regulatory requirements. Provide feedback to drive alignment and compliance.
• Work with project teams throughout all phases of program and project management including planning, execution, monitoring, and closure to ensure successful delivery of expected outcomes.
• Consistently interact with stakeholders to manage technology risk management expectations and deliverables within allocated project timelines and budget.
• Champion the adoption of industry risk management best practices in project delivery and drive operational IT risk awareness culture. Identify and implement continuous improvements to IT risk management practices, tools, and processes within EDO delivery and portfolio management group.
• Keep abreast of external cyber security trends, technologies and cyber risk management approaches, control hygiene of the environment, and often collaborate with other teams on IT risk-related initiatives to provide subject-matter recommendations and guidance to achieve a risk posture within the organization’s overall risk appetite.
• Manage multiple priorities in a fast-paced environment. Identify, de-escalate, and manage actual or perceived conflict, if any, among your team or with the stakeholders.
• Assess complex scenarios and use your subject matter expertise and professional judgement to make decisions with proper rationale and documentation. Support your team member during complex or tough discussions with stakeholders to achieve the desired outcome.
• Build and maintain strong relationships with key stakeholders, including business leaders, technology teams, and external partners, to ensure alignment and transparency throughout project lifecycles.
• Manage a team of risk management and documentation professionals, mentor and develop talent within the team, fostering a culture of growth and excellence. Build a high-performance environment and implement a people strategy that attracts, retains, develops, and motivates the team by fostering an inclusive work environment and using a coaching mindset and behaviors. Communicate vison/values/business strategy and manage succession and development planning for the team.
• Create an environment in which their team pursues effective and efficient operations of their respective areas in accordance with Scotiabank’s Values, its Code of Conduct and the Global Sales Principles, while ensuring the adequacy, adherence to and effectiveness of day-to-day business controls to meet obligations with respect to operational, compliance, AML/ATF/sanctions and conduct risk.

Benefits

• A competitive rewards package that includes a base salary, a performance bonus, company matching programs on pension and profit sharing, paid vacation, personal & sick days, medical, vision, and dental and much more
• We have an inclusive and collaborative working environment that encourages creativity and curiosity and celebrates success
• We provide you with the tools and technology needed to create meaningful customer experiences
• You'll get to work with and learn from diverse industry leaders, who have hailed from top technology companies around the world
• We hire you for your talent — not just a job — so you can grow with us. We’ll equip you for success not only in your role, but also in your career as a whole
• Dress codes don't apply here: being comfortable does
• Access to thousands of online and in-person courses so you can hone your current skills, or learn new ones