Requisition ID: 224240
Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.

The Team Lead is responsible for providing advisory services to business lines, subsidiaries, and affiliates, enabling the achievement of the Bank's Information Security Policy. Specifically, the Team Lead will perform and oversee security services for specific projects to assist in the assessment and deployment of technological solutions that integrate security practices to protect Bank information and data resources, by:

• Collaborating with various business lines, IT support functions in support of IS&C Control functions.

• Supporting business lines to develop sound security strategic and tactical plans towards the reliable implementation of consistent and secure control processes to protect the Bank.

• Driving initiatives and supporting business functions to assess security risks and to make informed decisions to protect information assets.

• Providing guidance to design, develop and implement sound risk management controls in accordance with Bank's standards and in support of regulatory or audit requirements specific to cyber and information security that impact US Bank operations.

• Participating in the design and management of security solutions that protect Bank infrastructure, applications, and services, when applicable.

• Pursuing security and control process improvements to advance security compliance and improve internal processes.

• Reporting to management on the status of the system of internal controls with recommendations for remediation of risks.

Is this role right for you? In this role you will:

Leadership and Mentoring

• Drive a customer-focused culture throughout their team to deepen client relationships, accelerate the delivery of secure solutions and platforms, leveraging broader Bank relationships, systems, and information security knowledge.

• Support training initiatives on security best practices.

• Mentor junior team members and assist in their professional development.

Security Solutioning

• Participate in key initiatives and projects driven by various business lines. Advise Project and Delivery Managers to design and establish sound information security practices, ensuring that risk is effectively managed.

• Conduct comprehensive security assessments.

• Provide guidance on security controls that protect Bank applications and infrastructure.

• Review architecture and solution design documentation to identify and assess potential risks.

• Overview and guidance on Security Assessments as required.

• Support the development of security patterns.

• Enforce security patterns, policies, standards, and procedures to protect the integrity, availability, and confidentiality of the Bank applications and infrastructure.

Governance

• Comply with internal processes and procedures to perform Security Assessments and certifications and provide Security Advisory services.

• Perform risk management remediation activities.

• Assist with the improvement of Bank Information Security Policies and Standards.

• Support new and existing processes and governance of the US and Global Cybersecurity and Information Security Programs.

Compliance

• Ensure that Bank security solutions evaluated align with industry regulations and organizational compliance requirements.

• Assist in the audit process, responding to compliance assessments and audits.

• Support activities relating to regulatory requirements impacting US banking operations.

Continuous Improvement

• Stay updated with emerging trends in information security and propose improvements to the current security posture and processes.

• Evaluate new information security controls, technologies, tools, and processes to enhance the organization's security.

• Keep informed and well versed on financial industry regulations demands in US, based on practical experience.

• Help to define and implement operational efficiencies in support of the advisory services.
  

Do you have the skills that will enable you to succeed in this role? We'd love to work with you if you have:

• Post-secondary education in Computer Science or in a related field.

• At least 5 years of hands-on technical work experience in performing threat risk assessments on complex applications and network environments.

• At least 3 years of experience in security solution architecture, software development, and/or hands-on experience with implementations of security controls.

• Experience supporting complex projects providing security advice to ensure information security risks are mitigated.

• Certifications (CISSP, CISM, CCSP, CRISC, Cloud oriented Google, Microsoft or AWS certificates) are nice to have.

• Familiar with industry standards and frameworks e.g. NIST 800-53, ISO 27001, ISO27002, ISO 27017, ISO27018, PCI DSS.

• Familiarity with US regulatory requirements affecting US Financial Services.

• Knowledge of Vulnerability Management.

• Knowledge of cloud technologies and cloud security (GCP or Azure or AWS, Kubernetes and IAM, CI/CD pipelines, Terraforms, infrastructure as a code).

• Advanced communication (verbal/written/presentation) skills in English.

• Experience implementing and using Governance & Risk Management & Compliance tools (e.g. Service Now, RSA Archer) and project planning tools.
  

What's in it for you?

• Diversity, Equity, Inclusion & Allyship - We strive to create an inclusive culture where every employee is empowered to reach their fullest potential, respected for who they are, and are embraced through bias-free practices and inclusive values across Scotiabank. We embrace diversity and provide opportunities for all employee to learn, grow & participate through our various Employee Resource Groups (ERGs) that span across diverse gender identities, ethnicity, race, age, ability & veterans.

• Accessibility and Workplace Accommodations - We value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. Scotiabank continues to locate, remove and prevent barriers so that we can build a diverse and inclusive environment while meeting accessibility requirements.

• Upskilling through online courses, cross-functional development opportunities, and tuition assistance.

• Competitive Rewards program including bonus, flexible vacation, personal, sick days and benefits will start on day one.

• Dynamic Ecosystem - Free tea & coffee, universal washrooms, and lots of space for team collaboration.

• Community Engagement - No matter where you choose to work from; we offer opportunities for community engagement & belonging with our various programs such as hackathons, contests, cooking with friends, Humans of Digital and much more!

Working location condition: Hybrid#LI-Hybrid

Location(s): Canada : Ontario : Scarborough || Canada : Ontario : Toronto
Scotiabank is a leading bank in the Americas. Guided by our purpose: "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.
At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our Recruitment team know. If you require technical assistance, please click here. Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.