Manager, Technology Risk & Control Self-Assessment
Scotiabank · Dallas, TX · 6 days ago
EngineeringFull-time
Purpose
Contributes to the overall success of the Technology, Risk and Control Self-Assessment program globally ensuring specific individual goals, plans, and initiatives are executed/delivered in support of the team’s business strategies and objectives. Ensures all activities are conducted in compliance with governing regulations, internal policies and procedures.
What You’ll Do
- Support end-to-end execution of Technology RCSAs across assigned systems, platforms, and services.
- Coverage of risk identification sessions, inherent risk scoring, control mapping, and residual risk assessments.
- Gather, analyze, and document risk and control information in accordance with approved RCSA methodology.
- Audit control design and operating effectiveness across key technology domains (e.g., access management, change management, resiliency, third-party risk).
- Identify control gaps, emerging risks, and required remediation actions and escalate material issues as appropriate.
- Support validation of assessment outcomes with First Line stakeholders. Stakeholder Coordination
- Partner with First Line Technology teams to collect required data and supporting evidence.
- Coordinate with Second and Third Line teams to support review and challenge processes.
- Maintain accurate documentation, issue logs, and remediation tracking for assigned RCSAs
- Contribute to RCSA status updates, findings, and emerging risk themes.
- Assist in preparing summaries and materials for senior management and governance forums.
- Support continuous improvement of RCSA tools, templates, and procedures.
- Apply quality standards and escalate risks, issues, or execution challenges as appropriate.
What You’ll Bring
- Hands-on experience executing risk assessments or similar governance processes.
- 5–8+ years of experience in Technology Risk, Operational Risk, IT Audit, or RCSA within a large financial institution. Foundational understanding of technology and cyber risks, strong analytical skills, and experience working in a regulated environment.
- Industry certifications desirable (e.g. CISSP)
- Knowledge of relevant regulatory rules (OSFI, FFIEC, NYDFS 500) and frameworks (NIST, COBIT) is preferred
- Experience supporting regulatory compliance and risk management frameworks (e.g., NIST, ISO, FFIEC) is preferred.
- Bachelor’s degree in Information Systems, Computer Science, Risk Management, or related field.