Jobs · Engineering · Texas

Manager, Technology Risk & Control Self-Assessment

Scotiabank · Dallas, TX · 6 days ago
EngineeringFull-time

Purpose

Contributes to the overall success of the Technology, Risk and Control Self-Assessment program globally ensuring specific individual goals, plans, and initiatives are executed/delivered in support of the team’s business strategies and objectives. Ensures all activities are conducted in compliance with governing regulations, internal policies and procedures.

What You’ll Do

  • Support end-to-end execution of Technology RCSAs across assigned systems, platforms, and services.
  • Coverage of risk identification sessions, inherent risk scoring, control mapping, and residual risk assessments.
  • Gather, analyze, and document risk and control information in accordance with approved RCSA methodology.
  • Audit control design and operating effectiveness across key technology domains (e.g., access management, change management, resiliency, third-party risk).
  • Identify control gaps, emerging risks, and required remediation actions and escalate material issues as appropriate.
  • Support validation of assessment outcomes with First Line stakeholders. Stakeholder Coordination
  • Partner with First Line Technology teams to collect required data and supporting evidence.
  • Coordinate with Second and Third Line teams to support review and challenge processes.
  • Maintain accurate documentation, issue logs, and remediation tracking for assigned RCSAs
  • Contribute to RCSA status updates, findings, and emerging risk themes.
  • Assist in preparing summaries and materials for senior management and governance forums.
  • Support continuous improvement of RCSA tools, templates, and procedures.
  • Apply quality standards and escalate risks, issues, or execution challenges as appropriate.

What You’ll Bring

  • Hands-on experience executing risk assessments or similar governance processes.
  • 5–8+ years of experience in Technology Risk, Operational Risk, IT Audit, or RCSA within a large financial institution. Foundational understanding of technology and cyber risks, strong analytical skills, and experience working in a regulated environment.
  • Industry certifications desirable (e.g. CISSP)
  • Knowledge of relevant regulatory rules (OSFI, FFIEC, NYDFS 500) and frameworks (NIST, COBIT) is preferred
  • Experience supporting regulatory compliance and risk management frameworks (e.g., NIST, ISO, FFIEC) is preferred.
  • Bachelor’s degree in Information Systems, Computer Science, Risk Management, or related field.

Similar jobs