Jobs · Management · Texas

Director, U.S. Deputy CISO

Scotiabank · Dallas, TX · 1 wk ago
ManagementFull-time

About the role

Join a purpose-driven winning team, committed to results, in an inclusive and high-performing culture.

Responsibilities

  • Champion a customer-focused culture to deepen relationships with senior leadership, peers, and functional groups by leveraging IT and risk expertise.
  • Partner across senior executives, US CIO, Global CISO, Risk, Operations, compliance, and legal teams to deliver improved US regulatory outcomes and strategies.
  • Support in the US 1st line Technology Risk, Cyber Security, and Internal Controls teams.
  • Collaborate with the MD & US CISO to lead frequent interactions and reporting to US Federal Regulators.
  • Support in overseeing the 1B function in highly regulated US Technology realm, guiding the implementation of, and compliance to, established IT standards, policies, procedures, regulatory, operational risk, and cyber risk requirements.
  • Lead the US 1st Line of Defense (1A) teams and Risk owners to build their capability in identifying, assessing, mitigating, and monitoring risks associated with their use of information and IT systems.
  • Interface and counsel with the 1A risk owners and other risk groups or advisors in various business areas (Internal Controls, Audit, Cyber Security, Privacy, Fraud, Resilience, Availability) to facilitate risk management activities.
  • Oversee the analysis of systems or asset data and deliver monthly / quarterly reporting for senior management, Internal Controls, GRM, Compliance, Audit, Operational Risk, or 1A stakeholders.
  • Develop or manage programs to establish Key Risk Indicators (KRIs) within the bank’s risk tolerance and prioritize risk activities, ensuring timely remediation and escalation when necessary.
  • Evangelize for Technology Risk and promote a strong risk culture in partnership with the risk owners.
  • Coordinate SOX control testing. Facilitate evidence collection and escalate conflicts or roadblocks to relevant SMEs to ensure control testing is completed as per schedule. Prepare quarterly SOX attestations.
  • Ensure sound and consistent information security architectures are leveraged and effectively communicated to local business lines and technology support groups.
  • Support in directing, assuring, and advancing the security of the Scotiabank Group's networks, including the reliability and manageability of logical access security and application change control operations locally.
  • Pursue security and control process improvements and the protection of emerging technologies and new delivery systems, collaborating with the Central ESS/CSS/GSS functions.
  • Work closely with Global Security Operation Services, Global Advisory Services, and Enterprise Security Services to facilitate communication, support, and transmit the Bank's Information Security vision as developed by the global CISO.
  • Create an environment where their team pursues effective and efficient operations of their respective areas in accordance with Scotiabank's Values, Code of Conduct, and Global Sales Principles, while ensuring the adequacy, adherence to, and effectiveness of day-to-day business controls to meet obligations with respect to operational, compliance, AML/ATF/sanctions, and conduct risk.
  • Champion a customer-focused culture to deepen client relationships and leverage broader Bank relationships, systems, and knowledge.
  • Accountable for understanding, communicating, and ensuring compliance with Scotiabank's Information Security Policies as defined by Global Security Operation Services and Enterprise Security Services functions.
  • Lead the design and operation of related compliance monitoring and improvement activities to ensure compliance both with internal security policies and applicable laws and regulations.
  • Provide and maintain technical expertise on security aspects of systems, applications, and networks currently resident in the company and those planned for in the future.
  • Review system development, maintenance, and acquisition efforts to ensure efficient and adequate security provisions.
  • Actively pursue effective and efficient operations of his/her respective areas, while ensuring the adequacy, adherence to, and effectiveness of day-to-day business controls to meet obligations with respect to operational risk, regulatory compliance risk, AML/ATF risk, and conduct risk, including but not limited to responsibilities under the Operational Risk Management Framework, Regulatory Compliance Risk Management Framework, AML/ATF Global Handbook, and the Guidelines for Business Conduct.
  • Champion a high-performance environment and implement a people strategy that attracts, retains, develops, and motivates their team by fostering an inclusive work environment, communicating vision/values/business strategy, and managing succession and development planning for the team.
  • Understand how the Bank's risk appetite and risk culture should be considered in day-to-day activities and decisions.

Qualifications

  • Breadth of Technology and non-financial Risk management experience: 10+ years (governance, operations, audit, cyber, control functions, compliance, risk management).
  • Expert leadership, communication (both verbal and written), and influencing capability, supported by well-developed logical thinking competencies. Proficient written and verbal communication required at all levels of the organization is essential.
  • Expert Technology risk management experience in multiple areas including but not limited to: internal controls, systems design, security, availability/stability/resiliency, disaster recovery, third-party risk management, change management, release management, audit, regulatory risk, logical access, software currency. Exposure to cloud controls would be an asset.
  • Proven experience in risk or Cyber security leadership, preferably with deep knowledge of US and GBM businesses including related systems, procedures, regulations expected.
  • Ability to balance competing goals of various departments and stakeholders, requiring a mature, diplomatic approach and advanced negotiation, project management, governance, and influencing skills.
  • Strong presentation design and delivery expected as part of the leadership team. Data Analytics and Visual dashboarding would be desirable.
  • Knowledge or understanding of Risk / Control frameworks (ITIL, ISO, COBIT, NIST, FFIEC).
  • Advanced degree in Computer Science, Engineering, Business Commerce, or equivalent experience. Additional relevant certifications would be an asset - ITIL V3 Foundation Cert. in ITSM, COBIT, CRISC, CISSP.

Similar jobs

Deputy CISO

RK&KBaltimore, MD· 1 wk ago
Information Technology$180k–$220k/yrapply on recruiting.adp.com

DEPUTY DIRECTOR

State of LouisianaBaton Rouge, LA· 1 wk ago
Management$20/hrapply on governmentjobs.com