Requisition ID: 207935
Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.
Purpose
This position is responsible for leading and conducting risk-based audit assessments of medium to high complexity following the Bank's Audit Methodology. As a Senior Audit Manager, you will support the Director, Emerging Risk & Cyber Security Audit, by planning and executing risk-based technical audits, across Cyber Security, Technology Infrastructure, Cloud and Digital Banking, to provide opinions on the effectiveness of controls to meet business objectives. In addition, the subject matter expert is expected to be knowledgeable in risks associated with systems development methodologies (Waterfall and Agile), project management, automation and orchestration, data protection and outsourced IT services.
Key Accountabilities
Execution:
-
Plan and lead collaborative risk-based Information and Cyber Security audits of moderate to high complexity in a local and global context and conclude whether risks are appropriately managed through the existence of effective control or other techniques.
-
When assuming a supervisory role, the auditor is expected to develop a comprehensive audit plan clearly outlining the objective, scope, deliverables, approach, resourcing and schedule.
-
Ensure quality of assignments through effective application of the Audit Standard Methodology of the Bank and appropriate use of specific applications and tools.
-
Strive for efficient use of audit resources by monitoring execution of audits assigned, timely escalation, and management of conflicts. The incumbent is expected to seek and obtain direction, perspective and resources as required in order to complete the assigned audit on time and within budget.
-
Prepare and deliver effective presentations to clients at audit opening and closing meetings as a means of communicating and gaining their agreement and understanding of audit plans and audit results.
-
Provide value-adding and effective audit recommendations to client senior management identifying significant issues in a business context, working with audit clients to identify and recommend feasible solutions.
-
Present audits conclusions and reports in a relevant context and applicable to the Bank by ensuring they are supported by an orderly accumulation and analysis of documented audit evidence and that the content is clear and concise.
-
Perform accountabilities with minimal supervision and provide audit management and audit client with regular status updates of assignments.
-
Actively seek to be informed of industry and corporate initiatives and trends in order to support effective audit continuous monitoring of the Banks proper management of information and cyber security risks.
Leadership:
-
Maintain information security competency through ongoing professional development and staying abreast of emerging technologies, risks and controls in information and cyber security.
-
Provide direction, guidance and expert advice to audit teams globally to allow definition of effective assessments on information and cyber security risk management.
-
When required, prepare and deliver effective presentations on various audit and information security related matters to Audit senior management and relevant stakeholder across the Bank as a means to demonstrate expertise.
-
Identify and advise Audit teams on the use of data analytics and other advanced techniques and tools in order to improve efficiency and effectiveness of audit assessments.
-
Establish and maintain solid relationship with audit clients to serve as a catalyst of positive change and improvement of information and cyber security risk management.
Functional Competencies
-
7 years of information and cyber security experience.
-
Excellent written and verbal communication skills.
-
Experience in the assessment of threats and risks over IT processes and assets.
-
Knowledge and experience with security assessment tools (exploit tools, vulnerability assessment) and Security Operations Centre software (IDS, IPS, SIEM, etc.).
-
Knowledgeable in cyber security processes areas such as web application security, secure network security architecture, penetration testing, Red Team testing, vulnerability assessments, encryption, data loss prevention, coding assessment, cloud security, DDoS protection, and malware protection.
-
Excellent analytics skills and proficiency with Microsoft Word, excel, and Powerpoint
-
Ability to work independently and as part of a team of professionals
Education
-
Bachelor's degree in Information Technology, Computer Science or equivalent required.
-
One or more of the following certifications: CISA, CISM, CISSP, CCSP, GCIA, CEH is required.
-
Cloud engineering or architecture designation would be an asset.
Location(s): Canada : Ontario : Toronto
Scotiabank is a leading bank in the Americas. Guided by our purpose: "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.
At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our Recruitment team know. If you require technical assistance, please click here. Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.