Requisition ID: 223463
Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.

We are seeking a Director, Application Security to join our Cloud & Application Security Product and Architecture team. The ideal candidate has strong stakeholder engagement skills to support CIO teams in various applicable Cloud and Application Security assessments including SAST, DAST, MAST, SCA/SBoM, CNAPP, CWPP, CSPM, and IaC Security prior to production release which can be used as input to a TRA or as an evidence for Change Management process to allow the code pass to production. The incumbent will also provide leadership in the DevSecOps Transformation journey and develop the target state vision and lead the team in executing/delivering on the plan from current state to target state, in collaboration with product team, engineers, architects, operations and control function teams

Is this role right for you? In this role, you will:

• Establish and drive the Bank's DevSecOps practice in alignment with the Application Security Standard, Cloud Security Standard and Legal and Regulatory requirements.

• Maintain structure to deliver the following current services - Application Release Assessment, Dynamic Web/API Assessment, Static Code Assessment, Software Composition Assessment, Mobile Assessment, Mobile Application Security Program, Secure Development Training, and Cloud Workload Protection Platform Operation.

• Integrate security into the software development lifecycle and encourage developer adoption of security tools.

• Develop and maintain KPIs/KRIs and reports to measure service coverage across Application teams and build understanding of the Bank's application security risk profile. Facilitate forums and prepare the team for constructive collaboration sessions with cross-functional teams, technology and business channels, and control functions.

• Define and report on overall product status, metrics, key achievements, next steps and risks with a data-driven approach.

• Drive collaboration between senior execs, platforms, product managers, IT owners, security and technology experts etc.

• Work with CIO teams, platform teams, and SMEs to define timelines, strategy, funding estimates, strategic and tactical recommendations and spearhead socialization and buy-ins from stakeholders.

Do you have the skills that will enable you to succeed in this role? We'd love to work with you if you have:

• University degree, preferably in Computer Engineering, Computer Science or related field, and a minimum of 10 years' experience in Information Security leadership roles in a complex, global organization.

• 7+ years' experience in an operations (or equivalent) capacity required.

• 5+ years' experience in working with Regulatory, Compliance, Risk and Audit functions.

• Solid understanding of application security, cloud security, solution architecture, infrastructure architecture.

• Experience in the information security industry and with security software products.

• Excellent interpersonal and communication skills.

• Strong planning and organizational skills; can manage multiple tasks and meet deadlines.

• Experience in the information security industry and with security software products.

• Experience in working with complex processes.

• Willing to learn and grow, and demonstrates resilience to ever-changing priorities.

• Solid understanding of managing a team / service designed to assess an application's security posture prior to release into production.

• Deep knowledge of various Application and Cloud Security domains like SAST, DAST, MAST, OSSS, API Security, RAST / IAST, CNAPP, CWPP, CSPM, IaC Security, etc.

• Operations governance based on the defined enterprise standard solution architecture and design patterns.

• Proven expertise in delivering security training and awareness based on the Bank's security guiding principles, standards and policies to the developer community in the Bank.

• Excellent interpersonal and communication skills

• Strong planning and organizational skills; can manage multiple tasks and meet deadlines.

What's in it for you?

• Diversity, Equity, Inclusion & Allyship - We strive to create an inclusive culture where every employee is empowered to reach their fullest potential, respected for who they are, and are embraced through bias-free practices and inclusive values across Scotiabank. We embrace diversity and provide opportunities for all employee to learn, grow & participate through our various Employee Resource Groups (ERGs) that span across diverse gender identities, ethnicity, race, age, ability & veterans.

• Accessibility and Workplace Accommodations - We value the unique skills and experiences each individual brings to the Bank and are committed to creating and maintaining an inclusive and accessible environment for everyone. Scotiabank continues to locate, remove and prevent barriers so that we can build a diverse and inclusive environment while meeting accessibility requirements.

• Upskilling through online courses, cross-functional development opportunities, and tuition assistance.

• Competitive Rewards program including bonus, flexible vacation, personal, sick days and benefits will start on day one.

• Community Engagement - no matter where you choose to work from; we offer opportunities for community engagement & belonging with our various programs such as hackathons, contests, cooking with friends, Humans of Digital and much more!

Work arrangements: Hybrid

#LI-Hybrid

Location(s): Canada : Ontario : Toronto
Scotiabank is a leading bank in the Americas. Guided by our purpose: "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.
At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our Recruitment team know. If you require technical assistance, please click here. Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.