Senior Information Security Advisor, TPRM
Requisition ID: 68242
Join the Global Community of Scotiabankers to help customers become better off.
The Senior Information Security Advisor is responsible for providing advisory services to business lines, subsidiaries and affiliates enabling the achievement of the Bank's Information Security Policy. Specifically, the incumbent will provide advisory services to assist in the development and support of sound security strategies and secure control processes to protect the Bank's information and data resources, by:
Key Job Accountabilities
- Acting as a central point of reference and core competency for Information Security. Assisting in the classification and protection of data resources by providing guidance on secure and cost effective implementation of Bank's security policies and standards.
- Representing Information Security in projects, initiatives, mergers and acquisitions. Working with business lines to develop sound security strategic and tactical plans towards the reliable implementation of consistent and secure control processes to protect the Bank. Drive initiatives and support business functions to assess security risks and to make informed decisions to protect information assets.
- Leading security due diligence reviews over third party services providers to determine if implemented, the security and control practices align with the Bank and industry best practices. Working with contract managers and the third parties to create and track an action plan for remediation of identified issues.
- Providing guidance to design, develop and implement sound risk management controls in accordance with Bank's standards that assure the Bank's compliance with industry regulations. Keeping informed and well versed on financial industry regulations demands in different regions based on practical experience.
- Pursuing security and control process improvements to advance security compliance and improve internal processes.
- Protect the bank by effectively managing information risk resulting from use of third party relationships. Guide business lines, contract managers and internal risk partners with the establishment and maintenance of comprehensive third party risk management practices.
- Evaluate third parties and their information risk management practices to ensure they are aligned with our bank's expectations.
- Identify and quantify risks in a manner which business line partners are able to appreciate and, as such, prioritise appropriately.
- Be the primary point of reference and core competency for Information Security as it relates to management of third party risk.
- Contribute to the development and maintenance of our Bank's information security policies, standards and directives as they relate to third party risk.
- Liaise with internal and external security teams and business lines to develop strategic and tactical plans which see the design and effective operation of security controls.
- Must have a solid understanding and experience with Third Party Risk Management Information Security practices related to supplier onboarding, continuous monitoring, and issue management
- Must have a solid understanding and experience with security controls/mechanisms and threat/risk assessment techniques pertaining to complex data, application and network environments
- Must have strong verbal and written communication skills in English. Spanish verbal skill is nice to have.
- Working knowledge of regulatory guidelines related to the financial services industry (OSFI B10, NYDFS NYCCR 500, etc), including knowledge of industry standards/frameworks related to Information Security (ISO27001/27002, NIST CSF, GDPR, etc).
- Excellent relationship management and negotiation skills to assist in the communication and finalization of the Bank's security requirements and standards to internal teams and third party relationships.
- Strong knowledge of the following technology domains:
- Cloud security controls, cloud computing concepts, and cloud architecture security
- Cryptographic concepts leveraged in modern applications and systems
- UNIX and Windows operating systems with emphasis on security features
- Static and dynamic code analysis
- Identity & Access Management, PKI, Intrusion Prevetnion, and vulnerability assesments
- Database technologies (Oracle, DB2, Sybase, SQL Server, etc)
- Network security components such as firewalls, routers, intrusion detection, anti-virus software
- Microsoft Office software skills particularly Excel, Word, Visio, and Powerpoint
- Knowledge of Agile, Lean, Rapid Labs and other accelerated project frameworks would be an asset
- University degree in computer science/related field or relevant work experience
- Certifications in CISSP, CEH, CCSP, CISA, CRISC are nice to have
Location(s): Canada : Ontario : Scarborough || Canada : Ontario : Toronto
As Canada's International Bank, we are a diverse and global team. We speak more than 100 languages with backgrounds from more than 120 countries. We value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our Recruitment team know. If you require technical assistance please click here . Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted. Job Segment:
Bank, Banking, Information Security, Developer, Security, Finance, Technology