Director, Cybersecurity and IT Risk Management, Regulatory, Compliance, Audit

Requisition ID: 214337

Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.

Leads and oversees the execution of the bank's second line of defense (2LoD) Cybersecurity and IT strategy and roadmap within Operational Risk / Global Risk Management (GRM) globally ensuring business strategies, plans and initiatives are executed/delivered in compliance with governing regulations, internal policies and procedures.

This role leads Cyber & IT Risk transformation activities, manages regulatory change management, and supports audit and regulatory activities. A deep understanding of cybersecurity frameworks, regulatory standards, and best practices is a requirement in the role to ensure the bank's Cybersecurity and IT posture is robust and resilient.

This is an exciting opportunity to work in a high-profile role that provides a broad perspective and exposure across Cybersecurity, Technology and Operational Risk Management.

**Is this role right for you? In this role, you will**:

- Leads and drives a customer focused culture throughout their team to deepen client relationships and leverage broader Bank relationships, systems and knowledge.
- Lead the implementation of a comprehensive Second Line of Defense (2LoD) cybersecurity and IT strategy, governance framework and IT maturity roadmap, ensuring alignment with the bank's security posture and resilience and regulatory requirements.
- Effectively partnering in Global Cyber and Technology Risk, Internal Audit and Regulatory Relations teams to ensure that regulatory examination requirements across second lines of defense are met. Collaborate with senior leaders in Global Cybersecurity and Technology to ensure integrated activities across regulatory remediation. Foster relationships with internal and external stakeholders, ensuring timely and effective communication with management.
- Oversee and support internal and external audits, including documentation preparation, auditor coordination, and addressing audit findings.
- Develop and uphold 2LoD cybersecurity and IT policies, procedures, and standards to ensure compliance and best practices.
- Ensure that remediation activities are traceable to root causes and regulatory responses in partnership with senior leaders.
- Review and challenge all regulatory submissions to ensure accuracy, validity, completeness, and alignment with internal Scotiabank policies, standards, and regulatory requirements.
- Understand how the Bank’s risk appetite and risk culture should be considered in day-to-day activities and decisions.
- Creates an environment in which their team pursues effective and efficient operations of their respective areas in accordance with Scotiabank’s Values, its Code of Conduct, and the Global Sales Principles, while ensuring the adequacy, adherence to and effectiveness of day-to-day business controls to meet obligations with respect to operational, compliance, AML/ATF/sanctions and conduct risk.
- Builds a high-performance environment and implements a people strategy that attracts, retains, develops, and motivates their team by fostering an inclusive work environment and using a coaching mindset and behaviors; communicating vison/values/business strategy; and managing succession and development planning for the team.

**Do you have the skills that will enable you to succeed in this role? We’d love to work with you if you have experience with**:

- University degree, preferably in Computer Engineering, Computer Science or related field, and a minimum of 10 years’ experience in increasingly senior Information Security roles in a complex, global organization.
- Financial services and, specifically, banking experience is mandatory.
- Experienced in driving cross functional senior executive steering committees with a global presence.
- Professional Certification is preferred: CISA or equivalent, compliance frameworks (e.g. ISO or NIST)
- 12+ years of related IT process experience including previous internal audit experience, external audit experience or risk assessment experience.
- Experience with financial sector regulatory practices and second line of defense effective challenge.
- Excellent written and verbal communication skills, with the ability to communicate security objectives and concepts to technology and business teams to technical and non-technical stakeholders.
- Ability to lead teams in a highly complex and matrixed organization.
- Ability to lead through influence, excellence and example is essential to success.
- Strong leadership and collaboration skills. Excellent oral and written communication, ability to present confidently to senior executives, attention to detail and strong planning and management ability.
- Experience with and knowledge of formal project management methodologies is desired.
- English fluency required and Spanish preferred.

**What's in it for you?**
- We have an inclusive and collaborative work environment that values curiosi