U.S. IT Director, Risk

Scotiabank Global SiteDallas, TX
1d
Match Resume

About The Position

The US IT Risk Director is a strategic leader within the Technology First Line of Defense, responsible for overseeing and enhancing the technology risk management framework for the US portfolio. This role ensures robust risk controls, compliance with regulatory and internal requirements, and the advancement of a strong risk culture across all technology domains. The Director partners closely with senior technology and business leaders, risk owners, and control functions to proactively identify, assess, and mitigate technology risks. US GBME, IT Risk Advisory team plays an important role in the Bank’s Three Lines of Defense Framework, providing First Line of Defense for the GBME portfolio on all technology risk domains, including Cyber Security, Data Privacy, Software Lifecycle Management, Capacity, Incident Management, Disaster and Backup Recovery, Third Party Management, Project Management, and Audit & Regulatory issue remediations. Director, IT Risk (CIO Risk Advisor) directly supports the CIO/Vice-President, US GBME Technology, to collaboratively assess, analyze and quantify technology risks. This role is part of a strategic and comprehensive IT Risk Management Function within the Technology First Line of Defense and ensures design and implementation in accordance with regulatory expectations, risk appetite, organizational risk practices and evolving business practices. Additional responsibilities include leading the success of the first line Internal Control and Regulatory Management function for the engineering portfolio, building robust technology risk controls and processes (including non-financial risks such as Cyber Risk, Availability, Resiliency, and Operational Risk), and ensuring all activities are conducted in compliance with governing regulations, internal policies, and procedures

Requirements

  • Minimum 7+ years of technology and non-financial risk management experience (governance, operations, audit, cyber, control functions, compliance, risk management).
  • Demonstrated expertise in at least five technology disciplines, such as software development, API management, system design, information security, technology resilience, third party management, cloud computing, project management, incident/problem/change management, networks, and disaster recovery.
  • Strong leadership, communication (verbal and written), and influencing skills, with the ability to engage at all organizational levels.
  • Advanced negotiation, project management, governance, and stakeholder management skills.
  • Strong presentation design and delivery capabilities.
  • Understand and apply the organization’s risk appetite and risk culture in day-to-day activities and decisions.

Nice To Haves

  • Experience in managing remediation programs and other risk management roles (across any line of defense) is desirable.
  • Data analytics and visual dashboarding skills (Power BI/Tableau) are desirable.
  • Knowledge or understanding of risk/control frameworks (ITIL, ISO, COBIT, NIST, FFIEC) is desirable.
  • Relevant certifications are an asset (CISA, CISM, CRISC, CISSP, ITIL V3 Foundation, COBIT).

Responsibilities

  • Advise and support risk owners in day-to-day risk management activities, ensuring adherence to policies, frameworks, standards, and guidelines.
  • Lead a consistent approach across the regions (U.S., APAC, UK).
  • Act as a primary interface between risk owners and other risk groups, facilitating and executing risk management activities.
  • Compile and present risk update reports for various risk groups, including technology risk updates to the various Technology and Risk committees.
  • Identify, assess, prioritize, and report on material IT risks for IT and aligned business areas; ensure output is recorded in enterprise systems and comply with all policies and standards.
  • Ensure implementation of a strong IT risk culture in partnership with risk owners and other control functions.
  • Conduct detailed IT risk assessments and ensure outputs are recorded in enterprise tools in compliance with defined policies and standards.
  • Work closely with internal and external IT auditors on audits and regulatory exams to demonstrate compliance and oversee submissions of Requests for Information.
  • Manage overall remediation plans, including “path to green” initiatives for applicable risk domains.
  • Partner with Business Internal Control teams on operational control self-assessments for key applications/systems.
  • Manage technology risk and control self-assessments for the GBME portfolio.
  • Perform thematic risk review assessments for the GBME portfolio.
  • Review and contribute to technology policies and standards under development or review.
  • Monitor effectiveness of governance processes such as change management, project management, and architecture reviews.
  • Engage in business integration projects to ensure appropriate technology controls and processes are implemented.
  • Collaborate with IT Risk directors for other business units to improve risk management practices across the enterprise.
  • Champion a customer-focused culture and deepen relationships with senior leadership, peers, and functional groups.
  • Provide directions to 1st Line of Defense teams and risk owners to build their capability to identify, assess, mitigate, and monitor risks.
  • Oversee analyses of systems or asset data and deliver monthly/quarterly reporting for senior management, Internal Controls, Compliance, Audit, and Operational Risk stakeholders.
  • Develop reports and presentations to deliver updates on KPIs/KRIs to various audiences, including senior business risk committees.
  • Coordinate SOX control testing, facilitate evidence collection, and prepare quarterly SOX attestations.
  • Ensure compliance with information security regulations, user education, and cybersecurity.
  • Lead the design and operation of compliance monitoring and improvement activities to ensure compliance with internal security policies and applicable laws and regulations.
  • Provide and maintain technical expertise on security aspects of systems, applications, and networks.
  • Review system development, maintenance, and acquisition efforts to ensure efficient and adequate security provisions.
  • Actively pursue effective and efficient operations, ensuring adherence to operational risk, regulatory compliance risk, AML/ATF risk, and conduct risk frameworks.
  • Understand and apply the organization’s risk appetite and risk culture in day-to-day activities and decisions.
  • Build a high-performance environment and implement a people strategy that attracts, retains, develops, and motivates the team

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Director

Education Level

No Education Listed

Number of Employees

5,001-10,000 employees

Job Search Resources

Similar U.S. IT Director, Risk job opportunities

Director - IT Risk Management
AAA-The Auto Club Group
AAA-The Auto Club Group8d • $145,000 - $163,000 • Hybrid
Associate Director - Cyber and IT Risk
Royal Bank of Canada
Royal Bank of Canada • Jersey City, NJ1d • $110,000 - $190,000
IT Risk Officer
Old National Bank
Old National Bank • Lake Elmo, MN12d
Director, U.S. Sales
PEAK PRODUCTS MANUFACTURING
PEAK PRODUCTS MANUFACTURING • Marietta, GA13d
U.S. Banks Privacy Risk Analyst
Morgan Stanley
Morgan Stanley • New York, NY10d • $57,000 - $115,000
Operational Risk Specialist
Sun Life
Sun Life • Wellesley, CT12d • $82,700 - $124,100 • Hybrid
Explore More Jobs

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service