Director, Application Security

Join a purpose-driven, high-performing team committed to results within an inclusive culture.

We are seeking a Director, Application Security to join our Cloud & Application Security Product and Architecture team. The ideal candidate will have strong stakeholder engagement skills to support CIO teams in assessments such as SAST, DAST, MAST, SCA / SBoM, CNAPP, CWPP, CSPM, and IaC Security. These assessments are used as input for TRA or Change Management processes prior to production release. The incumbent will lead the DevSecOps transformation, develop the target state vision, and guide the team in executing the plan collaboratively with product teams, engineers, architects, operations, and control functions.

Key Responsibilities include:

1. Establish and drive the Bank's DevSecOps practice aligned with security standards and regulatory requirements.
2. Maintain and deliver services such as Application Release Assessment, Web/API Assessment, Static Code Assessment, Software Composition Assessment, Mobile Security, Secure Development Training, and Cloud Workload Protection.
3. Integrate security into the SDLC and promote developer adoption of security tools.
4. Develop KPIs/KRIs and reports to measure service coverage and security risk profile, facilitating cross-functional collaboration.
5. Define and report on product status, metrics, achievements, next steps, and risks using a data-driven approach.
6. Foster collaboration among senior executives, platform teams, product managers, and security experts.
7. Work with CIO teams and stakeholders to define timelines, strategies, funding, and secure buy-in.

Qualifications include:

• University degree in Computer Engineering, Computer Science, or related field, with 10+ years in Information Security leadership in a global organization.
• 7+ years in operations or equivalent roles.
• 5+ years working with Regulatory, Compliance, Risk, and Audit functions.
• Strong understanding of application and cloud security, solution and infrastructure architecture.
• Experience with security software products and the security industry.
• Excellent interpersonal and communication skills.
• Strong planning, organizational skills, and experience managing complex processes.
• Willingness to learn, adapt, and demonstrate resilience.
• Deep knowledge of Application and Cloud Security domains like SAST, DAST, MAST, OSSS, API Security, RAST / IAST, CNAPP, CWPP, CSPM, IaC Security.
• Experience in security training and awareness for developer communities.

What’s in it for you?

• Inclusive culture emphasizing Diversity, Equity, Inclusion & Allyship.
• Accessible environment with accommodations available.
• Upskilling opportunities through courses, development programs, and tuition assistance.
• Competitive rewards, bonuses, flexible vacation, and benefits starting Day 1.
• Community engagement activities like hackathons, contests, and social programs.

Work arrangement: Hybrid (LI-Hybrid)

Scotiabank, guided by our purpose "for every future," is committed to diversity and inclusion. We value each individual's skills and experiences and provide accommodations during recruitment if needed. Candidates should apply directly online. Only shortlisted candidates will be contacted.