Director, U.S. Deputy CISO

Scotiabank-posted 2 days ago
Full-time • Mid Level
Dallas, TX
5,001-10,000 employees
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

The US Deputy Chief Information Security Officer (Deputy CISO) will support the MD & US CISO in building robust United States technology risk (includes all non-financial risks such as Cyber Risk, Availability, Resiliency Risks and Operational Risk ) related controls and processes and ensure they are maintained and adhered to in the assigned portfolio. Along with the MD & US CISO the Deputy CISO will collaboratively assess, evaluate and remediate increasingly complex technology risk, design controls and assist in their implementation in the USA, a key growth market. Acts in the line of defense as Internal Control (1B) to ensure implementation of initiatives in accordance with regulatory expectations, risk appetite, organizational risk practices and evolving business practices. Ensures all activities conducted are in compliance with governing regulations, internal policies and procedures.

  • Champion a customer focused culture to deepen relationships with Sr. leadership, peers, and functional groups by leveraging IT and risk expertise.
  • Partners across senior executives US CIO, Global CISO, Risk, Operations, compliance and legal teams to deliver improved US regulatory outcomes and strategies.
  • Supports in the US 1st line Technology Risk, Cyber Security and Internal Controls teams
  • Alongside with the MD & CISO, the Deputy CISO will collaborate with US CIO and Global CISO, in leading frequent interaction and reporting to US Federal Regulators.
  • Support in overseeing critical 1st Line of Defense (1B) function in highly regulated US Technology realm with ongoing guidance to support the implementation of, and compliance to, established IT Standard, Policies, Procedures, regulatory, operational risk and cyber risk requirements through active engagement, guidance and counselling.
  • Support in leading US 1st Line of Defense (1A) teams and Risk owners, to build their capability to identify, assess, mitigate and monitor risks associated with their use of information and IT systems.
  • Is primary interface and conduit between the 1A risk owners and other risk groups or advisors in various business areas (Internal Controls, Audit, Cyber Security, Privacy, Fraud, Resilience, Availability) to spearhead the facilitation and execution of risk management activities.
  • Support in Managing Technology Risk identification, assessment, prioritization for relevant business areas. Ensures observations, issues and outputs are tracked and actioned.
  • Support in leading US Technology risk control testing and monitoring and guides all US based Technology Risk Owners with remediation plans.
  • Partner with and face other risk groups to assess, implement and communicate new/updated risk controls, frameworks, policies, risk indicators, metrics and limits.
  • Oversee analyses of systems or asset data and deliver monthly / quarterly reporting for senior management, Internal Controls, GRM, Compliance, Audit, Operational Risk or 1A stakeholders.
  • Leads team that develops reports and presentations to deliver updates on KPIs/KRIs to various audiences, including senior business risk committees.
  • Develop or manage programs to establish KRI performance within the bank’s risk tolerance.
  • Prioritize risk activities, ensure timely remediation and escalate when necessary.
  • Evangelize for Technology Risk and promote a strong risk culture in partnership with the risk owners.
  • Co-ordinate SOX control testing. Facilitate evidence collection and escalate conflicts or roadblocks to relevant SME to ensure control testing is completed as per schedule. Prepare quarterly SOX attestations.
  • Ensuring that sound and consistent information security architectures that have been defined and documented are leveraged and effectively communicated to local business lines and technology support groups.
  • Support in the directing, assuring, and advancing the security of the Scotiabank Group's networks, including the reliability and manageability of logical access security and application change control operations locally.
  • Pursuing security and control process improvements and the protection of emerging technologies and new delivery systems; In collaboration with the Central ESS/CSS/GSS functions.
  • Working closely with Global Security Operation Services, Global Advisory Services and Enterprise Security Services to facilitate communication, support and to transmit the Bank's Information Security vision as developed by the global CISO
  • Creates an environment in which their team pursues effective and efficient operations of their respective areas in accordance with Scotiabank’s Values, its Code of Conduct and the Global Sales Principles, while ensuring the adequacy, adherence to and effectiveness of day-to-day business controls to meet obligations with respect to operational, compliance, AML/ATF/sanctions and conduct risk.
  • Champions a customer focused culture to deepen client relationships and leverage broader Bank relationships, systems and knowledge Scope includes compliance with information security regulations, user education and access, and cybersecurity.
  • Accountable for understanding, communicating and ensure compliance with Scotiabank's Information Security Policies as defined by Global Security Operation Services and Enterprise Security Services functions.
  • Leads the design and operation of related compliance monitoring and improvement activities to ensure compliance both with internal security policies and applicable laws and regulations.
  • Provides and maintains technical expertise on security aspects of systems, applications, and networks currently resident in the company and those planned for in the future. Reviews system development, maintenance and acquisition efforts to ensure efficient and adequate security provisions.
  • Actively pursue effective and efficient operations of his/her respective areas, while ensuring the adequacy, adherence to and effectiveness of day-to-day business controls to meet obligations with respect to operational risk, regulatory compliance risk, AML/ATF risk and conduct risk, including but not limited to responsibilities under the Operational Risk Management Framework, Regulatory Compliance Risk Management Framework, AML/ATF Global Handbook and the Guidelines for Business Conduct.
  • Champion a high-performance environment and implement a people strategy that attracts, retains, develops and motivates their team by fostering an inclusive work environment, communicating vison/values/business strategy and managing succession and development planning for the team.
  • Understand how the Bank’s risk appetite and risk culture should be considered in day-to-day activities and decisions.
  • Candidates should have a breadth of Technology and non-financial Risk management experience. 10+ years (governance, operations, audit, cyber, control functions, compliance, risk management).
  • Candidates require expert leadership, communication (both verbal and written) and influencing capability, supported by well-developed logical thinking competencies.
  • Proficient written and verbal communication required at all levels of the organization is essential.
  • Requires expert Technology risk management experience in multiple areas including but not limited to; internal controls, systems design, security, availability/stability/resiliency, disaster recovery, third party risk management, change management, release management, audit, regulatory risk, logical access, software currency.
  • Proven experience in risk or Cyber security leadership preferably with deep knowledge of US and GBM businesses including related systems, procedures, regulations expected.
  • Ability to balance contesting or conflicting goals of various departments and stakeholders which requires a mature, diplomatic approach and advanced negotiation, project management, governance and influencing skills.
  • Strong presentation design and delivery expected as part of the leadership team.
  • Knowledge or understanding of Risk / Control frameworks (ITIL, ISO, COBIT, NIST, FFIEC).
  • Exposure to cloud controls would be an asset.
  • Data Analytics and Visual dashboarding would be desirable.
  • Additional relevant Certifications would be an asset - ITIL V3 Foundation Cert. in ITSM, COBIT, CRISC, CISSP.
Track Jobs with Teal

Job Search Resources

Resume Builder
Resume Examples
Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service