Audit Manager, IT & Cyber Security Audit (223705)

Requisition ID: 223705

Join a purpose driven winning team committed to results in an inclusive and high-performing culture.

Purpose

Contributes to the overall success of the Emerging Risk & Cyber Security Audit in ensuring specific individual goals plans initiatives are executed / delivered in support of the teams business strategies and objectives. Ensures all activities conducted are in compliance with governing regulations internal policies and procedures. As an Audit Manager you will participate in the execution of risk-based technology audits across Digital Banking Cloud and Architecture of medium to high complexity to provide opinions on the effectiveness of controls to meet business objectives. In addition you are expected to be knowledgeable in risks associated with systems development methodologies (Waterfall and Agile) cyber security automation and orchestration and outsourced IT services.

Accountabilities

The incumbent will be required to work as part of a team that assesses the design and operational effectiveness of governance and internal controls relating to the digital banking cloud services cyber security data protection and management outsourcing infrastructure and project management. Apart from the technical skills noted the incumbent should be proficient at applying risk-based auditing standards practices techniques processes internal/external methodologies and regulatory guidelines to the performance and review of audits. The Banks Internal Audit Department plays a key role in the risk management process of the Bank.

A significant portion of the accountabilities will relate to providing assurance over the Banks cyber security and IT general controls across digital banking (web and mobile applications development) and cloud services in an Agile environment using SecDevOps microservices architecture and third-party outsourcing as follows:

• Execute risk-based information technology audits of moderate to high complexity and conclude whether risks are appropriately managed through the existence of effective control or other techniques.

• Follow the Audit Standard Guidelines of the Bank and specific application project and operations audit methodologies.

• Ensure that audit conclusions and recommendations are properly supported by an orderly accumulation and analysis of documented audit evidence and that the audit report content is clear concise and supported by the audit work completed.

• Perform accountabilities with some supervision and provide audit management and audit client with regular status updates of the assignment. The incumbent is expected to seek and obtain direction perspective and resources as required in order to complete the assigned audit on time and within budget.

• Prepare and discuss audit findings with clients; identifying significant issues in a business context working with audit clients to identify and recommend feasible solutions.

• Establish and maintain positive relationship management with audit clients.

• Maintain information security competency through ongoing professional development and staying abreast of technical matters in the industry.

• Champions a customer focused culture to deepen client relationships and leverage broader Bank relationships systems and knowledge.

• Understand how the Banks risk appetite and risk culture should be considered in day-to-day activities and decisions.

Skills Experience & Functional Competencies

• 3-5 years of experience in information technology information security cyber security IT risk IT audit or a related field.

• Good knowledge of IT processes such as digital banking cloud engineering and operations IT and cyber security.

• Excellent written and verbal communication skills.

• Some knowledge and experience with security assessment tools (e.g. exploit tools vulnerability assessment) would be an added advantage.

• Ability to work independently and as part of a team of professionals.

• Working knowledge of primary Bank business areas (e.g. retail banking) would be an asset.

Education and Other Requirements

• Bachelors degree in information technology computer science or equivalent required.

• One or more of the following certifications: CISA CISM CRISC CRMA CCSP or working towards achieving these.

• Good analytical skills and proficiency with Microsoft Word Excel and PowerPoint.

Location(s): Canada : Ontario : Toronto

Scotiabank is a leading bank in the Americas. Guided by our purpose: for every future we help our customers their families and their communities achieve success through a broad range of advice products and services including personal and commercial banking wealth management and private banking corporate and investment banking and capital markets.

At Scotiabank we value the unique skills and experiences each individual brings to the Bank and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including but not limited to an accessible interview site alternate format documents ASL Interpreter or Assistive Technology) during the recruitment and selection process please let our Recruitment team know. If you require technical assistance please click here. Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however only those candidates who are selected for an interview will be contacted.