Director, U.S. Cybersecurity and Infrastructure Audit

Requisition ID: 203015

Salary Range: 220,000.00 - 250,000.00

Please note that the Salary Range shown is a guideline only. Salary offered may vary based on factors, including, but not limited to, the successful candidate’s relevant knowledge, skills, and experience.

Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.

Global Banking and Markets

Global Banking and Markets (GBM) is a leading Canadian Capital Markets and Investment Banking business with a growing platform in the US and Latin America, operating globally for over 100 years. Scotiabank’s strong U.S. presence provides our clients an important bridge to this key global market for trade and investment flows across the Americas and the world.

Global Banking & Markets provides a full range of investment banking, credit and risk management products and services relevant to the financing and strategic development needs of our clients. Our products include debt and equity financing, mergers & acquisitions, corporate banking, institutional equity sales, trading and research, fixed income products, derivatives, energy, foreign exchange and precious & metals. We also cross-sell the full range of wholesale products and services offered by the Scotiabank Group.

Be part of an innovative, Global Capital Markets and Investment Banking business with a unique geographic footprint that puts capital to work for our clients across industries! We work together to drive ambition for every future!

Purpose

The Director of U.S. Cybersecurity and Infrastructure Audit is a member of the U.S. Audit Management team and the Global Cybersecurity (Cyber) Audit Center of Excellence (COE), responsible for leading and effectively overseeing audit activities across Cybersecurity and Infrastructure in the U.S. and serving as an interface with the U.S. CISO.

The incumbent is responsible for determining, and has overall ownership over the audit universe, plans, coverage, and strategy, assessing and opining on remediation of issues and the cybersecurity and infrastructure U.S. control environment. Additionally, the incumbent is to ensure that strategies, plans and initiatives and audit activities are conducted in compliance in compliance with regulatory requirements and internal policies and procedures. The incumbent is responsible for contributing to the overall success of the U.S. Audit Department and the Global Cyber Audit COE by ensuring that specific individual, team and departmental goals, metrics, plans, and initiatives are executed and delivered in support of the overall Audit strategies and objectives.

This is a critical role within the U.S. and the Global Cybersecurity Audit COE that requires subject matter expertise, leadership, and regulatory knowledge across the U.S. The incumbent should have extensive knowledge of Cybersecurity and U.S. regulatory requirements, be proficient in applying risk-based auditing standards, practices, and techniques, and demonstrate a strong working knowledge of the U.S. and Global regulatory environment and emerging risks.

What You’ll Do

Stakeholder Relationships

• Lead and drive a customer focused culture at all levels of their team to deepen client relationships and leverage broader Bank relationships, systems and knowledge.

• Develops and maintains effective communication and engagement with internal and external stakeholders (globally and locally) and the U.S. CISO, including establishing routine touchpoints and appropriate handling of conflicts and issue resolution, and active involvement as a non-voting member on appropriate committees and working groups.

• Builds a strong relationship with the various. regulators in the U.S., assesses emerging regulatory expectations and guidelines, and works to continuously strengthen the U.S. Audit Program.

Audit Accountabilities

• As part of Cyber Audit COE, oversees COE activities for U.S. Cyber related audits and audit activity (e.g., issues, continuous. monitoring, etc).

• Develop and maintain U.S. Cyber Audit Strategy in alignment to global audit strategy and Cyber/IT Audit COEs strategy and collaborate with other audit teams on strategy execution.

• Establishes and leads the audit strategy, universe, risk assessment and plan over U.S. Cyber Audit activities.

• Develop and implement a flexible Annual Audit Plan using an appropriate risk-based methodology that meet U.S. and global regulatory requirements, frameworks/guidance and expectations (FRB, DFS, FFIEC, NIST, etc).

• Responsible for Cyber Risk Remediation Program and validation of implemented controls and processes.

• Contribute to and take the lead in preparing and presenting audit reports and results to Management Committee(s), regulators / examinations, and stakeholder meetings.

• Identifies systemic/emerging issues and/or strategic changes planned/undertaken by the auditee that will impact the audit plan including review of business/strategic plans, review and update the Risk Assessment Database for entities assigned, attend periodic meetings with key management officers to understand changes and new business initiatives and review Key Performance Indicators.

• Reviews plans against market conditions and re-assess and provide new ideas on an ongoing basis with respect to processes / controls to be audited.

• Directs the planning of thematic audits or assigned areas by ensuring the scope and extent of work is in accordance with the approved plan, timing and budget are reasonable, procedures are efficient, appropriate resources are assigned, and risks understood.

• Oversees and coordinates development of Detailed Audit Programs (DAPs) as required.

• Supervises staff in the audit and execution of assignments including the appropriate nature and extent of audit coverage.

• Responsible for the ongoing assessment of the safety and soundness of cyber / technology processes, policies and procedures within assigned products/portfolios/business lines, including key performance indicators, changes, provisions, etc. Responsible for ensuring that the processes adequately support meets regulatory expectation, business strategies, plans and initiatives.

• Ensures audit results are gathered, determine the root cause of the problem and the associated impact and report accordingly. Ensures audit reports are written to a consistent high standard and are finalized within established department metrics.

• Monitors and follow-up for corrective action/progress against any reported issues. Ensure relevant information that impacts other audit function areas is shared.

• Carry out specific projects or investigations of a complex and/or confidential nature. Plan, document and seek agreement in advance to the project approach and confirm conclusions upon completion in writing.

• Ensure Scotiabank standards and the Institute of Internal Auditors (IIA) Code of Ethics are maintained in completion of all assignments.

• Understand how the Bank’s risk appetite and risk culture should be considered in day-to-day activities and decisions.

Human Resource Management

• Build a high-performance environment and implement a people strategy that attracts, retains, develops, and motivates the team for continuous. learning and improvement by fostering an inclusive work environment; communicating vison/ strategy; coaching and supporting development goals; and managing succession and development planning for the team.

• Creates an environment in which his/her team pursues effective and efficient operations of his/her respective areas in accordance with Scotiabank’s Values, its Code of Conduct and the Global Sales Principles, while ensuring the adequacy, adherence to and effectiveness of day-to-day business controls to meet obligations with respect to operational, compliance, AML/ATF/sanctions and conduct risk.

• Be proactive in identifying and owning responsibility for leading change within Audit (U.S. and Globally).

• Manages the development of staff by establishing and monitoring the execution of goals and development plans and conducting periodic performance assessments. Provides ongoing direction and coaching to staff and assists with team development through training and monitoring.

• Manage recruiting, interviewing, selection, and onboarding of audit staff.

• Manage self-development by/through confirming job expectations and develops and manages his/her personal development plan and identifying mentors/coaches.

What You’ll Bring

• University degree (graduate level ) in technology, business or other relevant area

• IT Audit /Information Security professional designation (CISA, CISSP, Cyber Certified), experience with FFIEC, NIST, ITIL, etc.

• Minimum of 12 years Technology experience.

• In-depth knowledge of IT and Cyber risk and related processes, governance framework, methodology, Risk management and applicable regulatory requirement.

• Demonstrated strong leadership in being strategic, coaching and developing talent.

• Ability to build strong relationships with the various regulators in the U.S., assess emerging regulatory expectations and guidelines, and continuously strengthen the U.S. Cyber Audit Program.

• Experience in working in a global bank, with global Audit counterparts and stakeholders, matrix reporting lines and in a fast paced and changing environment.

• Responsible for direct/indirect reports.

Interested?

If your experience is closely related but doesn’t align perfectly with every qualification, we do encourage you to apply - you might be the right candidate for this or other roles at Scotiabank!

At Scotiabank, every employee is empowered to reach their fullest potential, respected for who they are and, embraced for their differences. That’s why we work to grow and diversify talent and engage employees in a performance-oriented culture.

What's in it for you?

Scotiabank wants you to be able to bring your best self to work – and life, every day. With a focus on holistic well-being, our many flexible benefit programs are designed to help support your unique family, financial, physical, mental, and social health needs.

Location(s): United States : New York : New York City

Scotiabank is a leading bank in the Americas. Guided by our purpose: "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.

At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our Recruitment team know. If you require technical assistance, pleaseclick here (https://www.scotiabank.com/careers/en/careers/technical-support-for-applicants.html) . Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.