Manager, Cyber & IT Risk, Tangerine GRM

About The Position

Requirements

• Strong expertise in IT Risk Management, with experience spanning multiple domains (e.g. Logical Access, Data Leakage, Disaster Recovery, Change Management, Incident Management)
• A minimum of 7 years of experience in technology risk management departments, preferably in a financial institution
• 5+ years of experience or equivalent expertise in technology risk management, information security, or a related field, with a focus on risk assessment and control evaluation
• Demonstrated expertise in regulatory compliance, risk management frameworks, and industry best practices (e.g., NIST, ISO, FFIEC, GDPR)
• Proficiency in data security, risk management & controls, security governance, and analytical thinking, with a track record of implementing effective risk mitigation strategies
• Advanced knowledge of data analytics and data literacy

Nice To Haves

• Experience with Cybersecurity Risk Management is preferred
• Industry certifications desirable (e.g. CRISC, CISA, CISSP)
• Advanced knowledge of relevant regulatory rules (OSFI, FFIEC, NYDFS 500) and frameworks (NIST, COBIT) is preferred

Responsibilities

• Champions a customer-focused culture throughout their team to deepen client relationships and leverage broader Bank relationships, systems and knowledge.
• Execute 2nd Line Challenge: Conduct comprehensive and objective evaluation of risk management practices carried out by the first line of defense to identify potential threats and vulnerabilities in the Bank’s processes, systems and operations. Ensure that Tangerine’s processes and controls relating to Cyber Security and IT risks are sufficient to maintain the consistent operation of systems, the continuous availability and integrity of data and the confidentiality of sensitive information. Partner with 1st line of defense to develop risk mitigation strategies across key Cyber & IT domains. Challenge IT and Cybersecurity risks within scenario analysis and thematic reviews. Deliver risk assessments, metrics and controls within a complex and constantly evolving digital bank.
• Control Evaluation: Evaluate the design of controls and communicate the impact of control weaknesses to first line teams and control implementers.
• Alignment Evaluation: Evaluate the extent to which the first line of defense is aligned with internal and external control standards, as well as regulatory and audit requirements.
• Framework Knowledge: Act as subject matter expert in one or more industry-standard risk management frameworks (including CIS Benchmarks, NIST, ISO27001) and understand cyber risk mitigation strategies.
• Stakeholder Advisory: Advise stakeholders on risk management, controls development, and adherence to mitigate risks.
• Risk Monitoring: Monitor key risk indicators, analyze control metrics, and provide insights on risk management effectiveness to management, driving continuous improvement initiatives. Monitor cybersecurity risks and the controls in place within the bank, as well as external cybersecurity reporting that may impact the bank.
• Reporting: Support IT and Cyber Risk reporting for various risk committees and senior management as required.
• Understand how the Bank’s risk appetite and risk culture should be considered in day-to-day activities and decisions.
• Collaborate with internal and external partners to ensure information sharing and support complementary and contrasting risk oversight initiatives as appropriate.
• Support the identification and reporting submissions for Tangerine IT Risk related information for regulatory requirements.
• Actively pursue effective and efficient operations of their respective areas in accordance with Scotiabank’s Values, its Code of Conduct and the Global Sales Principles, while ensuring the adequacy, adherence to and effectiveness of day-to-day business controls to meet obligations with respect to operational, compliance, AML/AFT/sanctions and conduct risk.