Senior Analyst, Cyber Security Control and Defense

Requisition ID: 250977

Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.

The Cyber Security Control & Defense team is responsible for developing, optimizing, maintaining and deploying Email and Web Security policies across the enterprise. The email security practice covers the protection of the enterprise against spoofing, malware, phishing and email fraud. The web security practice is responsible for the control of employee and application access to the Internet, by developing fine‑grained policies to target user and application groups, departments, and address region specific compliance and regulatory requirements.

As a Specialist in the Cyber Security Control & Defense team, you will be a core member of the Cyber Security organization, responsible for the design, building, and deployment of web security policies for users and applications. You are also responsible for the mentoring of junior analysts as well as representing the team in cyber security incidents and investigations.

• Lead the development, tuning, maintenance and deployment of web security policies across the Bank.
• Design and implement policy changes of differing scope to support the bank’s security objectives while ensuring minimal impact to business operations.
• Support end-users by troubleshooting access issues and providing guidance on security best practices and security processes.
• Demonstrate personal accountability for assigned projects, initiatives, and daily processes, producing optimum results with minimal supervision.
• Provide technical leadership and collaborate effectively with team members and cross‑functional teams to resolve incidents and improve security processes bank-wide.
• Communicate professionally and effectively to different groups and audiences within the bank, with different concerns and varying technical savviness.
• Document cases, actions, processes and procedures in a clear, concise and consistent manner; maintaining comprehensive, accurate and up-to-date records of activities, decisions, and outcomes, to ensure preservation of critical information.
• Respond promptly to reports and requests from various audit, compliance, and IT risk teams to remediate security and data‑loss risks.
• Contribute continuous iterative improvements to all processes and procedures within the team’s scope, while adhering to the bank’s risk appetite and risk culture.
• Continuously learn and improve your skills to adapt and respond to emerging threats in an ever‑changing threat landscape.
• You are passionate about utilizing your technical knowledge to find innovative solutions to complex problems.
• You have experience working with policy creation, implementation, and governance.
• You have strong analytical, problem‑solving and troubleshooting skills.
• You enjoy working in a collaborative environment.
• You are an effective team player while being comfortable working autonomously.
• You excel in learning new technologies and implement sustainable solutions to enhance them further.
• You enjoy taking part in initiatives that contribute towards the strategic direction for security related technologies or other controls that help achieve reduce threat levels to the company.
• You thrive in effectively breaking down complex technology knowledge & communicating the same to non‑technical people.
• You are comfortable supporting business operations after hours for on‑call and implementation activities.
• Champions a customer focused culture to deepen client relationships and leverage broader Bank relationships, systems and knowledge.
• Understand how the Bank’s risk appetite and risk culture should be considered in day‑to‑day activities and decisions.
• Actively pursues effective and efficient operations of their respective areas in accordance with Scotiabank’s Values, its Code of Conduct and the Global Sales Principles, while ensuring the adequacy, adherence to and effectiveness of day‑to‑day business controls to meet obligations with respect to operational, compliance, AML/ATF/sanctions and conduct risk.
• Champions a high‑performance environment and contributes to an inclusive work environment.

• 3+ years of hands‑on technical working experience in the implementation and deployment of complex or large‑scale web proxy technologies in an enterprise setting.
• Post‑secondary education in computer science, computer engineering or a related field.
• Strong foundational knowledge in general networking concepts and protocols such as HTTP/S, DNS, TLS, TCP, UDP, SSH.
• Proficient in log analysis and analysing packet captures with tools such as Wireshark.
• Working knowledge of SIEMs, troubleshooting command‑line tools and ticketing systems.
• Experience with Windows and Linux Operating Systems.
• Excellent communication (verbal/written/presentation), negotiating, and interpersonal skills with the ability to summarize material for senior management in English. The same in Spanish is a strong asset.
• Continuous Learner with a Proactive mindset and ability to stay current on evolving cyber security trends and technologies.
• Working knowledge of software development lifecycle and tools including JIRA, Bitbucket (Git), and Confluence.

• Diversity, Equity, Inclusion & Allyship – We strive to create an inclusive culture where every employee is empowered to reach their fullest potential, respected for who they are, and are embraced through bias‑free practices and inclusive values across Scotiabank. We embrace diversity and provide opportunities for all employee to learn, grow & participate through our various Employee Resource Groups (ERGs) that span across diverse gender identities, ethnicity, race, age, ability & veterans.
• Accessibility and Workplace Accommodations – We value the unique skills and experiences each individual brings to the Bank and are committed to creating and maintaining an inclusive and accessible environment for everyone. Scotiabank continues to locate, remove and prevent barriers so that we can build a diverse and inclusive environment while meeting accessibility requirements.
• Upskilling through online courses, cross‑functional development opportunities, and tuition assistance.
• Competitive Rewards program including bonus, flexible vacation, personal, sick days and benefits will start on day one.
• Community Engagement – no matter where you choose to work from; we offer opportunities for community engagement & belonging with our various programs such as hackathons, contests, Humans of Digital and much more!

Location(s): Canada : Ontario : Toronto

Candidates must apply directly online to be considered for this role.