Senior Manager, Cyber & IT Risk, Group Risk Management, Tangerine

Requisition ID: 231809

Tangerine is Canadas leading direct bank. We offer flexible and accessible banking options innovative products and award-winning Client service. The reason why Tangerine employees come to work each day is to help Canadians live better lives. We focus on making a difference in our communities and that includes our own internal community. Its important to us that our employees feel empowered and enthusiastic about belonging to our Orange culture.

As the Senior Manager Cyber Security and IT Risk you will contribute to the overall successful development and execution of a second line of defense program for Cyber Security and IT risk perform assessments of risk management practices carried out by the first lines of defense and carry out quantitative analysis of threat and vulnerability scenarios which may impact IT systems operations as well as business processes supporting the Banks multiple delivery channels ensuring all operate within the Banks risk appetite levels for Cyber Security and IT services.

You will contribute to the development execution and ultimately the overall success of a second line of defense function within the Global Cyber Security and IT Risk Management Program. You will also deliver challenge and carry out independent assessment and oversight of risk management practices carried out by the first line of defense.

Is this role right for you In this role you will:

• Leads and drives a customer focused culture throughout their team to deepen client relationships and leverage broader Bank relationships systems and knowledge.
• Deliver objective evaluation and oversight of risk management practices carried out by the first line of defense to ensure that the Tangerines processes and controls relating to Cyber Security and IT Risks are sufficient to maintain the consistent operation of systems the continuous availability and integrity of data and the confidentiality of sensitive information.
• Rank and quantify cyber IT and related risks in terms of probability of event and potential dollar impact.
• Design scoring and quantification methodologies to support risk appetite discussions and enable sound decision making.
• At Tangerine guide IT Security and other control functions on Cyber Security and IT Risk management processes systems and procedures; review and provide advice relating to policies frameworks standards and control objectives; and ultimately build and sustain a risk aware culture.
• Collaborate with internal and external partners to ensure information sharing and support complementary and contrasting risk oversight initiatives as appropriate
• Establish and maintain effective relationships with all key stakeholders and applicable support areas across Tangerine Bank and the BNS ERM team to remain current on new developments and emerging risks
• Participate in major incident investigation when necessary validating root cause of; IT and Cyber related incidents and loss events to the relevant failures in IT control processes as well as quantitative loss impacts as assessed by the 1st line of Defense
• Understand how Tangerine Banks risk appetite and risk culture should be considered in day-to-day activities and decisions.
• Monitor the IT Risk Profile KRIs and associated Risk Metrics of Tangerine Bank to proactively identify changes in the profile and emerging risks while reporting on identified information technology and cyber-security vulnerabilities in terms business executives can understand and use
• Periodically analyze risks to identify common themes patterns or trends at an aggregate level
• Support in-depth analysis on areas with high inherent risk and evaluate the effectiveness of risk responses
• Monitor and report the status of Managements IT risk response plans
• Support the identification and reporting submissions for Tangerine IT Risk related information for regulatory requirements.
• Understand how the Banks risk appetite and risk culture should be considered in day-to-day activities and decisions.
• Creates an environment in which their team pursues effective and efficient operations of their respective areas in accordance with Scotiabanks Values its Code of Conduct and the Global Sales Principles while ensuring the adequacy adherence to and effectiveness of day-to-day business controls to meet obligations with respect to operational compliance AML/ATF/sanctions and conduct risk.
• Builds a high performance environment and implements a people strategy that attracts retains develops and motivates their team by fostering an inclusive work environment and using a coaching mindset and behaviours; communicating vison/values/business strategy; and managing succession and development planning for the team.

Do you have the skills that will enable you to succeed Wed love to work with you if you have:

• Strong understanding of IT risk management frameworks in a global banking environment.
• Able to convey complex concepts and ideas on issues requiring interpretation and opinion.
• Maintain in-depth knowledge of cyber and IT risks and controls across various information system architecture and engineering domains such as data protection application security identity and access management vulnerability management change management network security endpoint security logging and monitoring and incident management. Stay actively engaged in the industry on the latest in cyber risk and emerging operational risks.
• Demonstrate a sense of urgency in implementing programs and evaluating priorities; be decisive action-oriented and practical.
• Analyze and think through highly complex issues then appropriately execute and implement against a well-thought-through framework in a seamless manner.
• Be a global citizen comfortable in all geographies regions and cultures.
• Demonstrate strong leadership communication and presentation skills including the ability to adapt style to suit the different needs of any audience
• Independent in judgment and with a high standard of conduct and ethics. Able to challenge and be challenged while maintaining the highest levels of professionalism.
• Good negotiation skills and ability to resolve conflict between teams or individuals so that functional / organizational objectives are achieved.
• Excellent analytical skills; critical thinking and problem solving skills.
• Good interpersonal skills
• Strong expertise in IT Risk Management with experience spanning multiple domains (e.g. Logical Access Data Leakage Disaster Recovery Change Management Incident Management)
• Experience with Cybersecurity Risk Management is preferred
• A minimum of 7 years of experience in technology risk management departments preferably in a financial institution
• Industry certifications desirable (e.g. CISSP)
• Advanced knowledge of relevant regulatory rules (OSFI FFIEC NYDFS 500) and frameworks (NIST COBIT) is preferred
• 5 years of experience or equivalent expertise in technology risk management information security or a related field with a focus on risk assessment and control evaluation
• Demonstrated expertise in regulatory compliance risk management frameworks and industry best practices (e.g. NIST ISO FFIEC GDPR)
• Proficiency in data security risk management & controls security governance and analytical thinking with a track record of implementing effective risk mitigation strategies
• Advanced knowledge of data analytics and data literacy

Whats in it for you

• An inclusive & collaborative working environment that encourages creativity curiosity and celebrates success!
• We offer a competitive rewards package: Performance bonus Employee Share Ownership Program and Pension Plan Matching Health Benefits from day one!
• Your career matters! You will have access to career development and progression opportunities.

Location(s): Canada : Ontario : Toronto

At Tangerine we value the unique skills and experiences each individual brings to the team and are committed to creating and maintaining an inclusive and accessible environment. If you require accommodation during the recruitment and selection process please let our Recruitment team know.