Global Head, Technology Risk Officer

About The Position

Requirements

• University degree in Computer Engineering, Computer Science, Technology, or a related field, with 10+ years of experience in progressively senior security roles within a complex, global organization.
• Professional certifications in cybersecurity, technology, or risk management (e.g., CISSP, CCSP, CEH, CISM).
• Strong understanding of regulatory and industry cybersecurity frameworks, including NIST, ISO 27001, FFIEC, OSFI, DORA, PCI DSS, and MITRE ATT&CK.
• Proficiency in risk management tools and data analytics.
• Mandatory experience in financial services, with a strong preference for banking.
• Proven experience leading audit, regulatory, and Second Line of Defense findings, including ownership of remediation planning, execution tracking, and sustainable closure.
• 10+ years of IT process and control experience, including internal audit, external audit, risk assessment, or issue management functions.
• Demonstrated experience driving cross‑functional, senior executive forums and remediation governance in a global environment.
• Strong adaptive leadership skills, with the ability to lead effectively through change and ambiguity.
• Excellent written and verbal communication skills, with the ability to articulate complex security and control concepts to technical and non‑technical stakeholders, including senior executives.
• Strong leadership and collaboration skills, including the ability to influence across all levels of management and manage large, complex initiatives.
• Fluency in English required; Spanish preferred.
• Deep practical knowledge of cybersecurity disciplines, including Cloud Security, AI/ML, Network Security, Threat Modeling, Vulnerability Management, and Technology Resilience.
• Strong analytical and critical‑thinking skills to assess business, technical, and operational risks.
• Proven ability to operate in high‑pressure, time‑sensitive environments, managing dependencies and competing priorities.
• Experience with cybersecurity diligence practices, including vulnerability assessments and penetration testing.
• Experience leveraging AI/ML capabilities to manage risks associated with emerging technologies.

Nice To Haves

• Spanish preferred.

Responsibilities

• Own execution and accountability for Technology Risk Management and Internal Controls within the First Line of Defense (1B).
• Provide direction and oversight to Technology 1A risk owners to strengthen their capability to identify, assess, mitigate, and monitor technology and cyber risks.
• Serve as a trusted 1B Technology Risk partner to Technology, Product, and Business teams.
• Lead the identification, escalation, monitoring, and measurement of technology and operational risks in alignment with firm-wide risk management programs.
• Serve as a deep subject matter expert and trusted Technology 1B partner on cybersecurity, resiliency and physical security principles, practices and technologies across key domains, including, Threat and Vulnerability Management, Data Protection, Identity and Access Management, Cyber Incident Response, Cyber Threat Intelligence, Technology Resilience, Third Party Cyber Risk, Physical Security and Application Security.
• Monitor technology risk KRIs and KPIs, supports review and challenge of remediation and get-to-green plans, and tracks delivery of sustainable risk reduction.
• Ensures technology risk outcomes remain aligned to the firm’s risk appetite and governance expectations.
• Prepare and presents technology risk insights, trends, and recommendations to senior management and governance forums.
• Provide 1B risk and control advisory support, including targeted risk reviews, root cause analysis, and development of sustainable mitigation strategies.
• Implements the firm’s technology risk management strategy, ensuring alignment with regulatory and industry standards.
• Drives a proactive risk and control culture focused on prevention, transparency, and continuous improvement.
• Partner with Second Line of Defense to support effective review, challenge, and enterprise consistency.
• Collaborate with Technology leadership, Product Owners, Business Control Managers, and key stakeholders to maintain a comprehensive enterprise technology risk view.
• Engage with regulators and internal governance bodies, as required.
• Leads and scales a large, global Technology Risk and Internal Control organization, providing clear direction, priorities, and accountability across multiple teams and geographies
• Establish a strong operating model, including defined roles, decision rights, escalation paths, and performance expectations.
• Build a strong leadership bench through coaching, succession planning, and capability development.
• Drive workforce planning, capacity management, and resource allocation aligned to strategic priorities and regulatory commitments.
• Foster an inclusive, high-performance culture emphasizing ownership, execution discipline, and continuous improvement.
• Lead through change, effectively managing organizational complexity while maintaining focus on risk outcomes and control effectiveness.
• Create an environment in which the team pursues effective and efficient operations of their respective areas in accordance with Scotiabank’s Values, its Code of Conduct, and the Global Sales Principles, while ensuring the adequacy, adherence to, and effectiveness of day-to-day business controls to meet obligations with respect to operational, compliance, AML/ATF/sanctions, and conduct risk.
• Lead and drives a customer focused culture throughout their team to deepen client relationships and leverage broader Bank relationships, systems and knowledge.
• Build a high-performance environment and implement a people strategy that attracts, retains, develops, and motivates the team by fostering an inclusive work environment and using a coaching mindset and behaviors; communicating vision/values/business strategy; and managing succession and development planning for the team.

Benefits

• A competitive rewards package that includes a base salary, a performance bonus, company matching programs on pension and profit sharing, paid vacation, personal & sick days, medical, vision, and dental and much more