Senior Manager, U.S. Information Security & Control

Company: Scotiabank
Location: New York
Posted on: April 14, 2025

Job Description:

Title: Senior Manager, U.S. Information Security & ControlRequisition ID: 221297Salary Range:117,400.00-224,700.00Please note that the Salary Range shown is a guideline only. Salary offered may vary based on factors, including, but not limited to, the successful candidate's relevant knowledge, skills, and experience.Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.Global Banking and MarketsGlobal Banking and Markets (GBM) is a leading Canadian Capital Markets and Investment Banking business with a growing platform in the US and Latin America, operating globally for over 100 years. Scotiabank's strong U.S. presence provides our clients an important bridge to this key global market for trade and investment flows across the Americas and the world.Be part of an innovative, Global Capital Markets and Investment Banking business with a unique geographic footprint that puts capital to work for our clients across industries! We work together to drive ambition for every future!PurposeThe Information Security & Control Senior Manager will participate and manage various aspects of information security and contribute to the overall success of the U.S. Information Security & Control's governance and risk program.This role requires a seasoned professional with a strong background in information security, vendor risk management, technology risk, compliance, policy, and governance. The Information Security Manager will manage and evaluate vulnerability and technology risks, implement risk mitigation strategies, and safeguard the Bank from potential informational security threats. They will also play a pivotal role in reviewing and implementing security policies, procedures, and controls to protect the organization's data, systems, and networks.The role will be expected to work closely with the management team to establish and maintain robust vulnerability management and cybersecurity and technology risk program to proactively safeguard the organization from security threats by ensuring that vulnerabilities are identified, monitored, and treated.What You'll Do

• Establish and maintain a detailed understanding of Scotiabank's Third-Party Risk Management (TPRM) practices and priorities. Specifically, as it relates to Information Security.
• Evaluation of security controls and contract language to ensure Scotiabank's third parties maintain a security posture aligned with industry best practices and our internal controls.
• Cybersecurity and Technology Risk Governance:
  • Understand how the Bank's risk appetite and risk culture should be considered in day-to-day activities and decisions.
  • Identifying and assessing cybersecurity and technology risks to ensure compliance with regulations and internal policies.
  • Identify and evaluate potential technology risks that would impact the Bank, including disaster and data backup recovery.
  • Communicate risk assessments and updates to executive leadership and collaborate with various departments to manage risks effectively.
  • Policy and Procedure Development:
    • Review and maintain cybersecurity policies, standards, and procedures.
    • Provide guidance to internal stakeholders on cybersecurity best practices.
    • Prepare regular reports and presentation decks on risk management for senior management and stakeholders.
    • Provide insights and recommendations for continuous improvement.
    • Vulnerability Analysis Risk Management
      • Identifying and assessing vulnerabilities, prioritizing and coordinating remediation efforts, and ensuring compliance with industry standards and internal policies.
      • Monitor and track the progress of risk mitigation efforts related to cybersecurity.
      • Analyze scan results to assess the severity and potential impact of identified vulnerabilities.
      • Maintain detailed records of vulnerability assessments, scans, and remediation efforts
      • Prepare and present vulnerability reports to senior management and relevant stakeholders.
      • Actively pursues effective and efficient operations of his/her respective areas in accordance with Scotiabank's Values, its Code of Conduct, and the Global Sales Principles, while ensuring the adequacy, adherence to and effectiveness of day-to-day business controls to meet obligations with respect to operational, compliance, AML/ATF/sanctions and conduct risk.
      • Champions a high-performance environment and contributes to an inclusive work environment.What You'll Bring
        • Required 7+ years of experience in Information Security or related cybersecurity field with vulnerability and technology risk background
        • Experience in IT key security controls/mechanisms and risk assessment concepts pertaining to complex data, application, and networking environments
        • Have strong verbal and written communication skills in English with excellent individual project management and tracking skills.
        • Understanding of Third-Party Risk Management related to Information Security
        • Cybersecurity related certification is preferred (CRISC, CISM, CISSP)
        • University degree or college diploma in a cybersecurity related field is preferredInterested?If your experience is closely related but doesn't align perfectly with every qualification, we do encourage you to apply - you might be the right candidate for this or other roles at Scotiabank!At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our Recruitment team know. If you require technical assistance, please click here . Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.
          #J-18808-Ljbffr

Keywords: Scotiabank, New Rochelle , Senior Manager, U.S. Information Security & Control, Executive , New York, New York