Senior Manager, Cyber & IT Risk, Group Risk Management, Tangerine

Senior Manager, Cyber Security and IT Risk, Group Risk Management, Tangerine — this role contributes to the second line of defense for Cyber Security and IT risk, performs assessments of risk management practices carried out by the first line of defense, and carries out quantitative analysis of threat and vulnerability scenarios which may impact IT systems operations as well as business processes supporting the Bank’s multiple delivery channels, ensuring all operate within the Bank’s risk appetite levels for Cyber Security and IT services.

Requisition ID : 231809

Tangerine is Canada’s leading direct bank. We offer flexible and accessible banking options, innovative products, and award-winning Client service. The reason why Tangerine employees come to work each day is to help Canadians live better lives. We focus on making a difference in our communities, and that includes our own internal community. It’s important to us that our employees feel empowered and enthusiastic about belonging to our Orange culture.

You will contribute to the development, execution and ultimately the overall success of a second line of defense function within the Global Cyber Security and IT Risk Management Program. You will also deliver challenge and carry out independent assessment and oversight of risk management practices carried out by the first line of defense.

• Leads and drives a customer focused culture throughout their team to deepen client relationships and leverage broader Bank relationships, systems and knowledge.
• Deliver objective evaluation and oversight of risk management practices carried out by the first line of defense to ensure that Tangerine’s processes and controls relating to Cyber Security and IT Risks are sufficient to maintain the consistent operation of systems, the continuous availability and integrity of data and the confidentiality of sensitive information.
• Rank and quantify cyber, IT, and related risks in terms of probability of event and potential dollar impact.
• Design scoring and quantification methodologies to support risk appetite discussions and enable sound decision making.
• Guide IT, Security, and other control functions on Cyber Security and IT Risk management processes, systems and procedures; review and provide advice relating to policy frameworks, standards and control objectives; and ultimately build and sustain a risk aware culture.
• Collaborate with internal and external partners to ensure information sharing and support complementary and contrasting risk oversight initiatives as appropriate.
• Establish and maintain effective relationships with all key stakeholders and applicable support areas across Tangerine Bank and the BNS ERM team, to remain current on new developments and emerging risks.
• Participate in major incident investigations when necessary, validating root cause of IT and cyber related incidents and loss events to the relevant failures in IT control processes, as well as quantitative loss impacts as assessed by the 1st line of Defense.
• Understand how Tangerine Bank’s risk appetite and risk culture should be considered in day-to-day activities and decisions.
• Monitor the IT Risk Profile, KRIs and associated Risk Metrics of Tangerine Bank to proactively identify changes in the profile and emerging risks, while reporting on identified information technology and cyber-security vulnerabilities in terms business executives can understand and use.
• Periodically analyze risks to identify common themes, patterns or trends at an aggregate level.
• Support in-depth analysis on areas with high inherent risk and evaluate the effectiveness of risk responses.
• Monitor and report the status of Management’s IT risk response plans.
• Support the identification and reporting submissions for Tangerine IT Risk related information for regulatory requirements.
• Creates an environment in which their team pursues effective and efficient operations of their respective areas in accordance with Scotiabank’s Values, its Code of Conduct and the Global Sales Principles, while ensuring the adequacy, adherence to and effectiveness of day-to-day business controls to meet obligations with respect to operational, compliance, AML / ATF / sanctions and conduct risk.
• Builds a high performance environment and implements a people strategy that attracts, retains, develops and motivates their team by fostering an inclusive work environment and using a coaching mindset and behaviours; communicating vision / values / business strategy; and, managing succession and development planning for the team.

• Strong understanding of IT risk management frameworks in a global banking environment.
• Able to convey complex concepts and ideas on issues requiring interpretation and opinion.
• Maintain in-depth knowledge of cyber and IT risks and controls across various information system architecture and engineering domains, such as data protection, application security, identity and access management, vulnerability management, change management, network security, endpoint security, logging and monitoring, and incident management. Stay actively engaged in the industry on the latest in cyber risk and emerging operational risks.
• Demonstrate a sense of urgency in implementing programs and evaluating priorities; be decisive, action-oriented, and practical.
• Analyze and think through highly complex issues, then appropriately execute and implement against a well-thought-through framework in a seamless manner.
• Be a global citizen comfortable in all geographies, regions, and cultures.
• Demonstrate strong leadership, communication, and presentation skills, including the ability to adapt style to suit the different needs of any audience.
• Independent in judgment and with a high standard of conduct and ethics. Able to challenge and be challenged while maintaining the highest levels of professionalism.
• Good negotiation skills and ability to resolve conflict between teams or individuals so that functional / organizational objectives are achieved.
• Excellent analytical skills; critical thinking and problem solving skills.
• Good interpersonal skills.
• Strong expertise in IT Risk Management, with experience spanning multiple domains (e.g. Logical Access, Data Leakage, Disaster Recovery, Change Management, Incident Management).
• Experience with Cybersecurity Risk Management is preferred.
• A minimum of 7 years of experience in technology risk management departments, preferably in a financial institution.
• Industry certifications desirable (e.g. CISSP).
• Advanced knowledge of relevant regulatory rules (OSFI, FFIEC, NYDFS 500) and frameworks (NIST, COBIT) is preferred.
• 5+ years of experience or equivalent expertise in technology risk management, information security, or a related field, with a focus on risk assessment and control evaluation.
• Demonstrated expertise in regulatory compliance, risk management frameworks, and industry best practices (e.g., NIST, ISO, FFIEC, GDPR).
• Proficiency in data security, risk management & controls, security governance, and analytical thinking, with a track record of implementing effective risk mitigation strategies.
• Advanced knowledge of data analytics and data literacy.

• An inclusive & collaborative working environment that encourages creativity, curiosity, and celebrates success!
• We offer a competitive rewards package : Performance bonus, Employee Share Ownership Program, and Pension Plan Matching, Health Benefits from day one!
• Your career matters! You will have access to career development and progression opportunities.

Canada : Ontario : Toronto

At Tangerine we value the unique skills and experiences each individual brings to the team, and are committed to creating and maintaining an inclusive and accessible environment. If you require accommodation during the recruitment and selection process, please let our Recruitment team know.

Mid-Senior level

Full-time

Information Technology

Banking