U.S. IT Director, Risk

Requisition ID: 242179

Salary Range:157700.00-264200.00

Please note that the Salary Range shown is a guideline only. Salary offered may vary based on factors including but not limited to the successful candidates relevant knowledge skills and experience.

Join a purpose driven winning team committed to results in an inclusive and high-performing culture.

Global Banking and Markets

Global Banking and Markets (GBM) is a leading Canadian Capital Markets and Investment Banking business with a growing platform in the US and Latin America operating globally for over 100 years. Scotiabanks strong U.S. presence provides our clients an important bridge to this key global market for trade and investment flows across the Americas and the world.

Global Banking & Markets provides a full range of investment banking credit and risk management products and services relevant to the financing and strategic development needs of our clients. Our products include debt and equity financing mergers & acquisitions corporate banking institutional equity sales trading and research fixed income products derivatives energy foreign exchange and precious & metals. We also cross-sell the full range of wholesale products and services offered by the Scotiabank Group.

Be part of an innovative Global Capital Markets and Investment Banking business with a unique geographic footprint that puts capital to work for our clients across industries! We work together to drive ambition for every future!

Purpose

The US IT Risk Director is a strategic leader within the Technology First Line of Defense responsible for overseeing and enhancing the technology risk management framework for the US portfolio. This role ensures robust risk controls compliance with regulatory and internal requirements and the advancement of a strong risk culture across all technology domains. The Director partners closely with senior technology and business leaders risk owners and control functions to proactively identify assess and mitigate technology risks.

US GBME IT Risk Advisory team plays an important role in the Banks Three Lines of Defense Framework providing First Line of Defense for the GBME portfolio on all technology risk domains including Cyber Security Data Privacy Software Lifecycle Management Capacity Incident Management Disaster and Backup Recovery Third Party Management Project Management and Audit & Regulatory issue remediations.

Director IT Risk (CIO Risk Advisor) directly supports the CIO/Vice-President US GBME Technology to collaboratively assess analyze and quantify technology risks. This role is part of a strategic and comprehensive IT Risk Management Function within the Technology First Line of Defense and ensures design and implementation in accordance with regulatory expectations risk appetite organizational risk practices and evolving business practices.

Additional responsibilities include leading the success of the first line Internal Control and Regulatory Management function for the engineering portfolio building robust technology risk controls and processes (including non-financial risks such as Cyber Risk Availability Resiliency and Operational Risk) and ensuring all activities are conducted in compliance with governing regulations internal policies and procedures

What Youll Do

• Advise and support risk owners in day-to-day risk management activities ensuring adherence to policies frameworks standards and guidelines.
• Lead a consistent approach across the regions (U.S. APAC UK).
• Act as a primary interface between risk owners and other risk groups facilitating and executing risk management activities.
• Compile and present risk update reports for various risk groups including technology risk updates to the various Technology and Risk committees.
• Identify assess prioritize and report on material IT risks for IT and aligned business areas; ensure output is recorded in enterprise systems and comply with all policies and standards.
• Ensure implementation of a strong IT risk culture in partnership with risk owners and other control functions.
• Conduct detailed IT risk assessments and ensure outputs are recorded in enterprise tools in compliance with defined policies and standards.
• Work closely with internal and external IT auditors on audits and regulatory exams to demonstrate compliance and oversee submissions of Requests for Information.
• Manage overall remediation plans including path to green initiatives for applicable risk domains.
• Partner with Business Internal Control teams on operational control self-assessments for key applications/systems.
• Manage technology risk and control self-assessments for the GBME portfolio.
• Perform thematic risk review assessments for the GBME portfolio.
• Review and contribute to technology policies and standards under development or review.
• Monitor effectiveness of governance processes such as change management project management and architecture reviews.
• Engage in business integration projects to ensure appropriate technology controls and processes are implemented.
• Collaborate with IT Risk directors for other business units to improve risk management practices across the enterprise.
• Champion a customer-focused culture and deepen relationships with senior leadership peers and functional groups.
• Provide directions to 1st Line of Defense teams and risk owners to build their capability to identify assess mitigate and monitor risks.
• Oversee analyses of systems or asset data and deliver monthly/quarterly reporting for senior management Internal Controls Compliance Audit and Operational Risk stakeholders.
• Develop reports and presentations to deliver updates on KPIs/KRIs to various audiences including senior business risk committees.
• Coordinate SOX control testing facilitate evidence collection and prepare quarterly SOX attestations.
• Ensure compliance with information security regulations user education and cybersecurity.
• Lead the design and operation of compliance monitoring and improvement activities to ensure compliance with internal security policies and applicable laws and regulations.
• Provide and maintain technical expertise on security aspects of systems applications and networks.
• Review system development maintenance and acquisition efforts to ensure efficient and adequate security provisions.
• Actively pursue effective and efficient operations ensuring adherence to operational risk regulatory compliance risk AML/ATF risk and conduct risk frameworks.
• Understand and apply the organizations risk appetite and risk culture in day-to-day activities and decisions.
• Build a high-performance environment and implement a people strategy that attracts retains develops and motivates the team

What Youll Bring

• Minimum 7 years of technology and non-financial risk management experience (governance operations audit cyber control functions compliance risk management).
• Demonstrated expertise in at least five technology disciplines such as software development API management system design information security technology resilience third party management cloud computing project management incident/problem/change management networks and disaster recovery.
• Experience in managing remediation programs and other risk management roles (across any line of defense) is desirable.
• Strong leadership communication (verbal and written) and influencing skills with the ability to engage at all organizational levels.
• Advanced negotiation project management governance and stakeholder management skills.
• Strong presentation design and delivery capabilities.
• Data analytics and visual dashboarding skills (Power BI/Tableau) are desirable.
• Knowledge or understanding of risk/control frameworks (ITIL ISO COBIT NIST FFIEC) is desirable.
• Relevant certifications are an asset (CISA CISM CRISC CISSP ITIL V3 Foundation COBIT).

Interested

If your experience is closely related but doesnt align perfectly with every qualification we do encourage you to apply - you might be the right candidate for this or other roles at Scotiabank!

At Scotiabank every employee is empowered to reach their fullest potential respected for who they are and embraced for their differences. Thats why we work to grow and diversify talent and engage employees in a performance-oriented culture.

Whats in it for you

Scotiabank wants you to be able to bring your best self to work and life every day. With a focus on holistic well-being our many flexible benefit programs are designed to help support your unique family financial physical mental and social health needs.

#DALLAS

Location(s): United States : Texas : Dallas

Scotiabank is a leading bank in the Americas. Guided by our purpose: for every future we help our customers their families and their communities achieve success through a broad range of advice products and services including personal and commercial banking wealth management and private banking corporate and investment banking and capital markets.

At Scotiabank we value the unique skills and experiences each individual brings to the Bank and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including but not limited to an accessible interview site alternate format documents ASL Interpreter or Assistive Technology) during the recruitment and selection process please let our Recruitment team know. If you require technical assistance please click here. Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however only those candidates who are selected for an interview will be contacted.