Scotiabank
Manager, U.S. Information Security & Control
Requisition ID:
244792
Salary Range:
$76,600.00 - $142,300.00
Location:
Dallas, Texas, United States
Purpose The Cyber and Regulatory Audit Manager will participate and manage various aspects of information security, cyber risk assessments, and contribute to the overall success of the U.S. IS&C’s governance, regulatory compliance, and risk program.
What You'll Do Regulatory and Compliance Management (specific to cybersecurity)
Participates in engagements with external regulatory and internal/3rd party auditors requests for information security and cybersecurity.
Monitors, analyzes, and reports on cybersecurity requirements against relevant.S. regulations and cybersecurity standards, such as NYSDFS, FFIEC, and NIST CSF.
Provides support to IT&S auditors and compliance with respect to regulatory and audit information requests.
Continuously monitors and assesses the effectiveness of security controls and processes.
Reviews cybersecurity control library periodically and provides updates as needed.
Participates in annual regulatory control testing exercises.
Cybersecurity and Technology Risk Governance
Understands how the Bank’s risk appetite and risk culture should be considered in day-to-day activities and decisions.
Identifies and assesses cybersecurity and technology risks to ensure compliance with regulations and internal policies.
Performs cybersecurity risk assessments and provides updates to US IS&C senior management.
Risk and Issues Management
Reports and tracks all cybersecurity-related issues that pertain to audits, regulatory requirements, control testing, and other issues.
Provides guidance to internal stakeholders on cybersecurity best practices.
Prepares regular reports and presentation decks on risk management, gap assessment, cybersecurity-related issues for senior management and stakeholders.
Monitors and tracks the progress of risk mitigation efforts related to cybersecurity.
Participates in quarterly and annual Compliance Risk and Control Assessments for cybersecurity.
Actively pursues effective and efficient operations of his/her respective areas in accordance with Scotiabank’s Values, its Code of Conduct, and the Global Sales Principles, while ensuring the adequacy, adherence to and effectiveness of day-to-day business controls to meet obligations with respect to operational, compliance, AML/ATF/sanctions and conduct risk.
Champions a high-performance environment and contributes to an inclusive work environment.
What You'll Bring
Required 5+ years of experience as an Information Security Analyst or related cybersecurity field with technology risk background.
Experience in IT key security controls/mechanisms and risk assessment concepts pertaining to complex data, application, and networking environments.
Prior experience and knowledge with NYDFS, FFIEC, or other US financial regulatory audits.
Strong verbal and written communication skills in English with excellent individual project management and tracking skills.
Cybersecurity related certification is preferred (CISSP, CCSP, CRISC, CISM).
University degree or college diploma in a cybersecurity related field is preferred.
Benefits Scotiabank wants you to be able to bring your best self to work – and life, everyday. With a focus on holistic well‑being, our many flexible benefit programs are designed to help support your unique family, financial, physical, mental, and social health needs.
Equal Opportunity Employer Scotiabank is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other characteristic protected by federal, state, or local law.
#J-18808-Ljbffr
244792
Salary Range:
$76,600.00 - $142,300.00
Location:
Dallas, Texas, United States
Purpose The Cyber and Regulatory Audit Manager will participate and manage various aspects of information security, cyber risk assessments, and contribute to the overall success of the U.S. IS&C’s governance, regulatory compliance, and risk program.
What You'll Do Regulatory and Compliance Management (specific to cybersecurity)
Participates in engagements with external regulatory and internal/3rd party auditors requests for information security and cybersecurity.
Monitors, analyzes, and reports on cybersecurity requirements against relevant.S. regulations and cybersecurity standards, such as NYSDFS, FFIEC, and NIST CSF.
Provides support to IT&S auditors and compliance with respect to regulatory and audit information requests.
Continuously monitors and assesses the effectiveness of security controls and processes.
Reviews cybersecurity control library periodically and provides updates as needed.
Participates in annual regulatory control testing exercises.
Cybersecurity and Technology Risk Governance
Understands how the Bank’s risk appetite and risk culture should be considered in day-to-day activities and decisions.
Identifies and assesses cybersecurity and technology risks to ensure compliance with regulations and internal policies.
Performs cybersecurity risk assessments and provides updates to US IS&C senior management.
Risk and Issues Management
Reports and tracks all cybersecurity-related issues that pertain to audits, regulatory requirements, control testing, and other issues.
Provides guidance to internal stakeholders on cybersecurity best practices.
Prepares regular reports and presentation decks on risk management, gap assessment, cybersecurity-related issues for senior management and stakeholders.
Monitors and tracks the progress of risk mitigation efforts related to cybersecurity.
Participates in quarterly and annual Compliance Risk and Control Assessments for cybersecurity.
Actively pursues effective and efficient operations of his/her respective areas in accordance with Scotiabank’s Values, its Code of Conduct, and the Global Sales Principles, while ensuring the adequacy, adherence to and effectiveness of day-to-day business controls to meet obligations with respect to operational, compliance, AML/ATF/sanctions and conduct risk.
Champions a high-performance environment and contributes to an inclusive work environment.
What You'll Bring
Required 5+ years of experience as an Information Security Analyst or related cybersecurity field with technology risk background.
Experience in IT key security controls/mechanisms and risk assessment concepts pertaining to complex data, application, and networking environments.
Prior experience and knowledge with NYDFS, FFIEC, or other US financial regulatory audits.
Strong verbal and written communication skills in English with excellent individual project management and tracking skills.
Cybersecurity related certification is preferred (CISSP, CCSP, CRISC, CISM).
University degree or college diploma in a cybersecurity related field is preferred.
Benefits Scotiabank wants you to be able to bring your best self to work – and life, everyday. With a focus on holistic well‑being, our many flexible benefit programs are designed to help support your unique family, financial, physical, mental, and social health needs.
Equal Opportunity Employer Scotiabank is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other characteristic protected by federal, state, or local law.
#J-18808-Ljbffr