U.S. IT Director, Risk

U.S. IT Director, Risk

Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture. Global Banking and Markets (GBM) is a leading Canadian Capital Markets and Investment Banking business with a growing platform in the US and Latin America, operating globally for over 100 years. Scotiabank's strong U.S. presence provides our clients an important bridge to this key global market for trade and investment flows across the Americas and the world. Global Banking & Markets provides a full range of investment banking, credit and risk management products and services relevant to the financing and strategic development needs of our clients. Our products include debt and equity financing, mergers & acquisitions, corporate banking, institutional equity sales, trading and research, fixed income products, derivatives, energy, foreign exchange and precious & metals. We also cross-sell the full range of wholesale products and services offered by the Scotiabank Group. Be part of an innovative, Global Capital Markets and Investment Banking business with a unique geographic footprint that puts capital to work for our clients across industries! We work together to drive ambition for every future!

Purpose

The US IT Risk Director is a strategic leader within the Technology First Line of Defense, responsible for overseeing and enhancing the technology risk management framework for the US portfolio. This role ensures robust risk controls, compliance with regulatory and internal requirements, and the advancement of a strong risk culture across all technology domains. The Director partners closely with senior technology and business leaders, risk owners, and control functions to proactively identify, assess, and mitigate technology risks. US GBME, IT Risk Advisory team plays an important role in the Bank's Three Lines of Defense Framework, providing First Line of Defense for the GBME portfolio on all technology risk domains, including Cyber Security, Data Privacy, Software Lifecycle Management, Capacity, Incident Management, Disaster and Backup Recovery, Third Party Management, Project Management, and Audit & Regulatory issue remediations. Director, IT Risk (CIO Risk Advisor) directly supports the CIO / Vice-President, US GBME Technology, to collaboratively assess, analyze and quantify technology risks. This role is part of a strategic and comprehensive IT Risk Management Function within the Technology First Line of Defense and ensures design and implementation in accordance with regulatory expectations, risk appetite, organizational risk practices and evolving business practices. Additional responsibilities include leading the success of the first line Internal Control and Regulatory Management function for the engineering portfolio, building robust technology risk controls and processes (including non-financial risks such as Cyber Risk, Availability, Resiliency, and Operational Risk), and ensuring all activities are conducted in compliance with governing regulations, internal policies, and procedures.

What You'll Do

Advise and support risk owners in day-to-day risk management activities, ensuring adherence to policies, frameworks, standards, and guidelines. Lead a consistent approach across the regions (U.S., APAC, UK). Act as a primary interface between risk owners and other risk groups, facilitating and executing risk management activities. Compile and present risk update reports for various risk groups, including technology risk updates to the various Technology and Risk committees. Identify, assess, prioritize, and report on material IT risks for IT and aligned business areas; ensure output is recorded in enterprise systems and comply with all policies and standards. Ensure implementation of a strong IT risk culture in partnership with risk owners and other control functions. Conduct detailed IT risk assessments and ensure outputs are recorded in enterprise tools in compliance with defined policies and standards. Work closely with internal and external IT auditors on audits and regulatory exams to demonstrate compliance and oversee submissions of Requests for Information. Manage overall remediation plans, including "path to green" initiatives for applicable risk domains. Partner with Business Internal Control teams on operational control self-assessments for key applications / systems. Manage technology risk and control self-assessments for the GBME portfolio. Perform thematic risk review assessments for the GBME portfolio. Review and contribute to technology policies and standards under development or review. Monitor effectiveness of governance processes such as change management, project management, and architecture reviews. Engage in business integration projects to ensure appropriate technology controls and processes are implemented. Collaborate with IT Risk directors for other business units to improve risk management practices across the enterprise. Champion a customer-focused culture and deepen relationships with senior leadership, peers, and functional groups. Provide directions to 1st Line of Defense teams and risk owners to build their capability to identify, assess, mitigate, and monitor risks. Oversee analyses of systems or asset data and deliver monthly / quarterly reporting for senior management, Internal Controls, Compliance, Audit, and Operational Risk stakeholders. Develop reports and presentations to deliver updates on KPIs / KRIs to various audiences, including senior business risk committees. Coordinate SOX control testing, facilitate evidence collection, and prepare quarterly SOX attestations. Ensure compliance with information security regulations, user education, and cybersecurity. Lead the design and operation of compliance monitoring and improvement activities to ensure compliance with internal security policies and applicable laws and regulations. Provide and maintain technical expertise on security aspects of systems, applications, and networks. Review system development, maintenance, and acquisition efforts to ensure efficient and adequate security provisions. Actively pursue effective and efficient operations, ensuring adherence to operational risk, regulatory compliance risk, AML / ATF risk, and conduct risk frameworks. Understand and apply the organization's risk appetite and risk culture in day-to-day activities and decisions. Build a high-performance environment and implement a people strategy that attracts, retains, develops, and motivates the team.

What You'll Bring

Minimum 7+ years of technology and non-financial risk management experience (governance, operations, audit, cyber, control functions, compliance, risk management). Demonstrated expertise in at least five technology disciplines, such as software development, API management, system design, information security, technology resilience, third party management, cloud computing, project management, incident / problem / change management, networks, and disaster recovery. Experience in managing remediation programs and other risk management roles (across any line of defense) is desirable. Strong leadership, communication (verbal and written), and influencing skills, with the ability to engage at all organizational levels. Advanced negotiation, project management, governance, and stakeholder management skills. Strong presentation design and delivery capabilities. Data analytics and visual dashboarding skills (Power BI / Tableau) are desirable. Knowledge or understanding of risk / control frameworks (ITIL, ISO, COBIT, NIST, FFIEC) is desirable. Relevant certifications are an asset (CISA, CISM, CRISC, CISSP, ITIL V3 Foundation, COBIT).

If your experience is closely related but doesn't align perfectly with every qualification, we do encourage you to apply - you might be the right candidate for this or other roles at Scotiabank! At Scotiabank, every employee is empowered to reach their fullest potential, respected for who they are and, embraced for their differences. That's why we work to grow and diversify talent and engage employees in a performance-oriented culture. Scotiabank wants you to be able to bring your best self to work and life, every day. With a focus on holistic well-being, our many flexible benefit programs are designed to help support your unique family, financial, physical, mental, and social health needs.