IT Risk Lead, GTEP

About The Position

Requirements

• In-depth understanding of disaster recovery planning, testing, and technology resilience frameworks.
• Demonstrated experience with QA review methodologies, evidence-based auditing, and issue escalation processes.
• 7 to 10+ years of risk management and/or technology experience with at least five years of managing a large cross-functional team and influencing senior level management and key stakeholders
• Excellent relationship management, influencing, negotiating, and interpersonal skills. Ability to work effectively with all levels of the organization and balance the needs of multiple functions
• High level experience with Technology Operations and Enterprise Platforms including cloud services, service management, network and architecture.
• Previous experience developing and executing on strategies and delivering superior results in both the short and long term
• Previous experience as a Security Architect, Infrastructure Architect and overall understanding of Enterprise Architecture in Technology ideally within a regulated financial services environment
• CCSP, CISSP, CISA or similar certifications (Required)
• Familiarity with industry frameworks, and Financial Banking Regulations (NIST CSF, FFIEC IT Handbooks, OSFI B-13, CSA CCM, TOGAF, ArchiMate)
• Enthusiasm for technology transformation and platform enablement, especially from an IT Risk Management perspective
• Experience within an Agile Development environment while balancing Waterfall methods of managing Projects
• Strong breadth and experience on understanding of the 1B role within Risk Management pillars across the bank
• At least 5+ years of experience with various technology architectures (microservice architectures,
• At least 5+ years of experience with technology operating models, technology standards, baselines and broad view into technology transformation from an Enterprise perspective
• At least 7+ years of experience managing bank wide programs across the 3 lines of defense
• Self-Starter with a vision in understanding their role in the Bank and its impact
• Good oral and written communication skills
• Able to work with ambiguity and self-sufficient
• Attention to detail and high standards for quality
• Writing and maintaining related documentation.

Responsibilities

• Leads and ensures proper development of the New Initiative Risk Assessments with various stakeholders
• Analyze IT processes to design and implement robust risk related controls and processes and ensure that controls are maintained and monitored.
• Actively monitor and investigate Cloud’s Key IT Risk Indicators (Security, Availability, Third Party Management, Software Currency, etc.), and work across the organization to resolve vulnerabilities.
• Interface with other areas in Scotiabank, such as: Cybersecurity, Vulnerability Management, Global Risk Management, Audit, Compliance, Portfolio Management.
• Ensure that IT Risk assessment analysis and results are maintained in enterprise tools and are in full compliance of defined policies and common standards.
• Track, monitor and work with issue owners to ensure that open issues related to TRAs, IT RCSAs, Audits, Compliance reviews, any self-identified issues and any other relevant risk reviews
• Work with Scotiabank’s Audit and Compliance teams to resolve any issues identified by those teams.
• Understand how the Bank’s risk appetite and risk culture should be considered in day-to-day activities and decisions.
• Actively pursues effective and efficient operations of his/her respective areas in accordance with Scotiabank’s Values, its Code of Conduct and the Global Sales Principles, while ensuring the adequacy, adherence to and effectiveness of day-to-day business controls to meet obligations with respect to operational, compliance, AML/ATF/sanctions and conduct risk.
• Champions a high-performance environment and contributes to an inclusive work environment.
• Deliver projects to remediate IT Risk, Internal Audit and Regulatory (including OSFI) associated with security platforms.

Benefits

• Upskilling through online courses, cross-functional development opportunities, and tuition assistance.
• Competitive Rewards program including bonus, flexible vacation, personal, sick days, and benefits will start on day one.
• Community Engagement - no matter where you choose to work from; we offer opportunities for community engagement & belonging with our various programs.