Senior Lead, Security Advisory Transformation @ Scotiabank

Requisition ID: 223022

Join a purpose-driven winning team, committed to results, in an inclusive and high-performing culture.

The Senior Lead Transformation is responsible for providing guidance to business lines to ensure the design, development, and implementation of technological solutions that integrate security practices, assisting them in making informed decisions to protect Bank information and data resources, by:

1. Working with business lines, Solution Architects, and Enterprise Architects to develop sound security strategic and tactical plans towards the reliable implementation of consistent and secure control processes, by assessing security risk.
2. Designing and developing sound risk management controls in accordance with Bank's standards that ensure the Bank's compliance with industry regulations.
3. Pursuing security and control process improvements to advance security compliance.
4. Reporting to management on the status of the system of internal controls with recommendations for remediation of risks.

Is this role right for you? In this role, you will:

1. Threat risk assessment advisory & governance.
2. Review and work on initiatives to improve threat risk assessment (TRA) process.
3. Manage overall initiatives under TRA transformation such as developing processes and documentation.
4. Work with different control functions within the bank (e.g., Pattern & Policy as Code, Application security, cloud security, and Threat Modelling teams) and Enterprise Architecture organization, to improve current threat risk assessment processes.
5. Provide strategic guidance and technical expertise to business lines, IT support functions, and IS&C Control functions to implement the transformed TRA processes.
6. Manage and align TRA transformation processes with IS&C and Enterprise Architecture, providing strategic guidance and technical expertise.
7. Provide training and mentorship on transformed TRA processes to the Enterprise.

Security Solutioning:

1. Provide inputs to security assessment processes for platforms and applications to ensure inclusion of sound security controls.
2. Conduct comprehensive security assessments, as needed.
3. Evaluate existing security solutions and propose enhancements or new designs to address emerging threats and business requirements.
4. Provide guidance and technical expertise on threat methodology and risk assessment frameworks and the creation of relevant threat modelling artifacts, as needed.
5. Conduct or provide Quality Assurance on Threat Modelling as required.
6. Support the development of security patterns.
7. Enforce security patterns, policies, standards, and procedures to protect the integrity, availability, and confidentiality of the Bank applications and infrastructure.
8. Conduct and enhance security assessments and solutions, ensuring the application of security patterns, policies, and threat modeling.

Mentoring and Training:

1. Provide guidance and training to the Enterprise on the transformed TRA processes.

Compliance:

1. Ensure that TRA transformed processes align with industry regulations and organizational compliance requirements.
2. Contribute to the audit process, responding to compliance assessments and audits.

Do you have the skills that will enable you to succeed in this role? We'd love to work with you if you have:

1. Post-secondary education in Computer Science or in a related field.
2. At least 5 years of hands-on technical work experience in performing threat risk assessments on complex applications, network environments, and threat modelling.
3. Experience in security solution architecture, software development, and/or hands-on experience with implementations of security controls will be an added advantage.
4. Strong experience leading complex projects providing security advice to ensure information security risks are mitigated.
5. Certifications (CISSP, CISM, CCSP, CRISC, Cloud oriented Google, Microsoft or AWS certificates) are nice to have.
6. Familiar with industry standards and frameworks e.g., NIST 800-53, ISO 27001, ISO27002, ISO 27017, ISO27018, PCI DSS.
7. Solid knowledge of cloud technologies and cloud security (GCP or Azure or AWS, Kubernetes and IAM, CI/CD pipelines, Terraform, infrastructure as code).
8. Advanced communication (verbal/written/presentation) skills in English.
9. Technical Skills:
10. Experience in threat modeling, identifying risks in cloud environments, and advising on security best practices during cloud migration and modernization projects.
11. Strong knowledge of cloud security governance frameworks (e.g., NIST, ISO 27001, SOC 2, CIS Benchmarks) and regulatory compliance requirements (e.g., GDPR, PIPEDA, PCI DSS).
12. Experience in providing security advisory services, guiding teams through cloud security best practices and modernization security strategies.

What's in it for you?

1. Diversity, Equity, Inclusion & Allyship - We strive to create an inclusive culture where every employee is empowered to reach their fullest potential, respected for who they are, and are embraced through bias-free practices and inclusive values across Scotiabank.
2. Accessibility and Workplace Accommodations - We value the unique skills and experiences each individual brings to the Bank and are committed to creating and maintaining an inclusive and accessible environment for everyone.
3. Upskilling through online courses, cross-functional development opportunities, and tuition assistance.
4. Competitive Rewards program including bonus, flexible vacation, personal, sick days, and benefits will start on day one.
5. Community Engagement - no matter where you choose to work from; we offer opportunities for community engagement & belonging with our various programs such as hackathons, contests, cooking with friends, Humans of Digital, and much more!

Work arrangements: Hybrid

#LI-Hybrid

Location(s): Canada : Ontario : Toronto

Scotiabank is a leading bank in the Americas. Guided by our purpose: "for every future", we help our customers, their families, and their communities achieve success through a broad range of advice, products, and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.

At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our Recruitment team know. If you require technical assistance, please click here. Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.