Manager, U.S. Cyber and IT Risk Management

Requisition

Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.

The role will contribute to the implementation of the U.S. Cyber and IT Risk Management Framework across the second line of defense. The framework encompasses oversight, reporting, governance, communications, and education. As part of the second line of defense for businesses in the United States, IT Risk provides independent oversight and challenge as well as assists in the development of the methodologies, policies, process, and tools to support the U.S. Cyber and IT Risk Management Framework.

Contributes to the overall success of Cyber and IT Risk Management in the United States, ensuring specific individual goals, plans, initiatives are executed/delivered in support of the team’s business strategies and objectives. Ensures all activities conducted are in compliance with governing regulations, internal policies and procedures.

• Assist with the development of U.S. Cyber and IT Risk Management Framework and best practices within the Bank while acting as a center of excellence for IT and Cyber Risk in the U.S.
• Collaborate with the lines of business by acting in a consultative capacity to advise on IT risks that influence their business and ability to meet established strategic objectives, while maintaining oversight and objective challenge.
• Execute effective challenges of IT Risk components of the first line in the Risk & Control Self-Assessment (RCSA) process for the U.S., covering Legal Entities, Processes and Business Lines.
• Execute effective challenge of IT Incidents to define root causes and provides input into remediation actions.
• Assist with Deep Dives or Thematic Reviews to assess the effectiveness of controls surrounding key processes, and to identify remediation for gaps to actively and demonstrably mitigate IT risks.
• Execute challenges IT risks within scenario analysis.
• Monitor Cyber security risks and the controls in place within the bank, as well as external Cyber security reporting which may impact the bank.
• Monitor compliance with IT Risk Policies, Standards and Guidelines.
• Assist with monthly and quarterly IT and Cyber Risk reporting for U.S. committees
• Has good knowledge of risk management practices required to create a culture of risk management compliance.
• Identifies, assesses, and monitors IT related risks based on risk management policies and procedures.
• Executes and challenges work of first line of defense for risk management purposes.
• Exhibits best practice risk management skills through effective internal risk controls, risk monitoring, risk assessment and improvement of risk management processes.
• Understands how the Bank’s risk appetite and risk culture should be considered in day-to-day activities and decisions.
• Actively pursues effective and efficient operations of his/her respective areas in accordance with Scotiabank’s Values, its Code of Conduct and the Global Sales Principles, while ensuring the adequacy, adherence to and effectiveness of day-to-day business controls to meet obligations with respect to operational, compliance, AML/ATF/sanctions and conduct risk.
• Champions a high-performance environment and contributes to an inclusive work environment.

• Good understanding of IT risk management frameworks in a global banking environment.
• Able to convey complex concepts and ideas on issues requiring interpretation and opinion.
• Independent in judgment and with a high standard of conduct and ethics. Able to challenge and be challenged while maintaining the highest levels of professionalism.
• Good negotiation skills and ability to resolve conflict between teams or individuals so that functional / organizational objectives are achieved.
• Excellent analytical skills; critical thinking and problem solving skills.
• Strong oral and written skills on a business level in English, good presentation skills, and an ability to work with all levels of the organization.
• Good interpersonal skills
• Expertise in IT Risk Management (e.g. Logical Access, Data Leakage, Disaster Recovery)
• Experience with Cybersecurity Risk Management is preferred
• 3-5 years of…