Back to all Jobs See more jobs

Director, IT Risk

  • Full-Time
  • New York, NY
  • Scotiabank
  • Posted 2 years ago – Accepting applications
Job Description

Requisition ID: 126324

Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.


Purpose of Job:


GBME, IT Risk Advisory team plays an important role in the Bank’s Three Lines of Defense Framework, providing First Line of Defense for the GBME portfolio on all technology risk domains, including Cyber Security, Data Privacy, Software Lifecycle Management, Capacity, Incident Management, Disaster and Backup Recovery, Third Party Management, Project Management, and Audit & Regulatory issue remediations.

Director, IT Risk (CIO Risk Advisor) directly supports the CIO/Vice-President, GBME Technology, to collaboratively assess, analyze and quantify technology risks. This role is part of a strategic and comprehensive IT Risk Management Function within the Technology First Line of Defence and ensures design and implementation in accordance with regulatory expectations, risk appetite, organizational risk practices and evolving business practices.

The role includes significant coordination and engagement with peers in GBME management 1st line of defense and 2nd and 3rd line of defense for Technology in the execution of risk management activities, inclusive of regular updates, formal reporting and managing remediation commitments identified (e.g. audit findings).


Major Accountabilities:


  • Advises and supports risk owners in day to day risk management activities and execution. Assists risk owners in adhering to policies, frameworks, standards and guidelines through active engagement, guidance and counselling. Advises on the design and implementation of controls, and remediation plans to mitigate risk.
  • Lead a consistent approach across the regions U.S., APAC, UK.
  • Acts as a primary interface and conduit between the risk owners and other risk groups to lead the facilitation and execution of risk management activities.
  • Compiles and (where applicable) presents risk update reports for various risk groups, including technology risk updates to the monthly Technology Management Committee, Technology Risk Council and local Non-Financial Risk Committee (NFRC).
  • Identifies, assesses, prioritizes and reports on material IT risks for IT and aligned business areas. This will require working with equivalent Risk Advisors in various business areas. Ensures outputs are recorded in the enterprise Global Issue Management system and in full compliance of all policies and common standards, including the IT Risk Management Policy and Framework.
  • Ensures implementation of a strong IT risk culture in partnership with the risk owners and other control functions.
  • Conduct detailed IT Risk assessments and ensure that IT Risk assessments and outputs are recorded in enterprise tools and are in full compliance of defined policies and common standards, including the IT Risk Management Policy and Framework.
  • Work closely with internal and external IT auditors on audits and regulatory exams to demonstrate compliance with obligations and oversee submissions of Requests for Information.
  • Manage the overall remediation plans, including any specific “path to green” plans for applicable risk domains.
  • Partner with Business Internal Control team on Operational Control Self-assessments to conduct risk assessments of key applications/systems supporting key business processes.
  • Manage technology risk and control self assessments for the GBME portfolio.
  • Perform identified thematic risk review assessments for the GBME portfolio.
  • Review and contribute to technology policies and standards under development or review, as applicable.
  • Monitor effectiveness of portfolio impacting governance processes such as change management, project management and architecture reviews, for enforcing control requirements.
  • Engage in business integration projects to ensure all appropriate technology controls and processes are implemented; and enable the implementation of appropriate technology controls and processes in non-integrated subsidiaries.
  • Collaborates with IT Risk directors for other business units to improve risk management practices across the enterprise.
  • Builds a high-performance environment and implements a people strategy that attracts, retains, develops and motivates their team by fostering an inclusive work environment and using a coaching mindset and behaviors; communicating vison/values/business strategy; and, managing succession and development planning for the team.


Functional Competencies


  • Candidates require strong leadership, communication and strategic influencing capability, supported by well-developed analytical and strategic thinking competencies.
  • Extensive knowledge of the regional regulatory and compliance environment and ability to assess impact of regulatory initiatives such as NYDFS, SEC, FINRA, MAS, RBI on IT risk appetite and frameworks.
  • Strong ability to balance competing or conflicting goals of various departments and stakeholders which requires a mature, diplomatic approach and highly developed negotiation and influencing skills.
  • Strong ability to challenge leadership team especially when there is a need to balance control and compliance priorities with competing objectives.
  • Good communication, facilitation and presentation skills for developing communication strategies for Executive approval through to implementation of strategies and programs.
  • Ability to work collaboratively with teams, and manage team members, across multiple locations in multiple countries.


Education/Experience


  • Knowledge and experience in at least 5 technology disciplines, such as software development, API management, system design, information security, technology resilience, technology third party management, cloud computing, midrange and mainframe computing, project management, incident - problem - change management, networks and disaster recovery.
  • Experience in other risk management roles (across any line of defence) is desirable.
  • Experience in managing remediation programs is desirable.
  • Data Analytics and Visual dashboarding skills (PowerBI/Tableau) are desirable.
  • Certified Information Systems Auditor (CISA), CISM (Certified Information Security Manager) and Certified in Risk and Information System Control (CRISC) are desirable


REPORTING RELATIONSHIPS


Reports to:


Direct: CIO, GBME, IT&S

Dotted: Global Head of Business Technology Risk


Direct Reports:


Senior Risk Manager and Risk Manager

Senior IT Risk Manager APAC

Senior IT Risk Manager UK


Location(s): United States : New York : New York City

Scotiabank is a leading bank in the Americas. Guided by our purpose: "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.

At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our Recruitment team know. Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.

Apply to this Job