Apply Now

Director, Information Security - TPRM & PCI Compliance

Ottawa, Canada | Scotiabank Global Banking and Markets

  • Industry:
    Banking / Investment Banking
  • Position Type:
    Full-Time
  • Functions:
    General Management
    IT / Information Technology
  • Experience:
    5-7 years
Job Description:
86 people have viewed this job

In Technology at Scotia, we’re questioning everything about how we bank today to come up with the right solutions for our customers tomorrow. Reinvention starts here — and it starts with you. 


The Team


Scotiabank’s Security Advisory Services group is responsible for providing advisory services to business lines, subsidiaries and affiliates enabling the achievement of the Bank's Information Security policies. The TPRM (Third Party Risk Management) Advisory team is responsible for ensuring the bank’s third-party relationships are established and maintained on the basis of strong Cyber Security practices. The TPRM team works with business partners throughout the bank to manage risk associated to the security of Scotiabank’s supply chain. The PCI Program provides centralized enterprise expertise, governance and oversight on PCI-DSS (Payment Card Industry – Data Security Standard).


The Role


The Director, Information Security will be responsible for managing a team of Security Advisors who assess the security practices of key Scotiabank third-party relationships.


The ideal candidate is a highly motivated, collaborative, technically experienced and well-organized individual. The role will manage the relationship with Global Risk Management, Global Procurement, and other security teams. In addition, the role will provide leadership guidance to Senior Managers and Security Advisors on the TPRM team and be responsible for continuous improvement of processes, practices and reporting on effectiveness of the program. The Director will also lead the PCI-DSS center of excellence including producing Annual Report on Compliance (RoC) and/or Attestation of Compliance (AoC) for various business units. 


Is this role right for you?  In this role, you will:


• You have proven people management experience.


• You have experience defining and overseeing effectiveness of processes.


• You have an appreciation for and experience with risk management methodology.


• You have hands-on experience with Third Party Risk Management processes.


• You have experience with PCI-DSS.


• You are detail-oriented and can effectively manage multiple priorities. 


• You are able to provide input into the design, implementation, operation and maintenance of the Bank’s Information Security policies, standards, procedures, guidelines and directives by ensuring new regulatory requirements are incorporated appropriately.


• You love to lead & drive a customer-focused culture throughout the team and deepen client relationships, leverage broader bank relationships, systems and knowledge to achieve the department’s goals.


Where could you work? Both at home and in the office. 


We’re focused on being an employer of choice for the communities we serve and offering a hybrid work environment for top Tech talent in Canada’s capital city.  


We’re creating a local ScotiaTech Hub in Ottawa. You’ll have the opportunity both to work remotely and head to the Ottawa office for in-person moments that foster team cohesiveness and collaboration.


Do you have the skills that will enable you to succeed in this role? We’d love to work with you if you have:


• You have a Bachelor’s or Master’s Degree in Computer Science, Information Systems, or other related field, or equivalent work experience.


• You possess advanced communication (verbal/written/presentation) skills in English and/or Spanish. You are able to explain security risks and associated controls to internal stakeholders in a constructive and concise manner


• You have 5+ years of hands-on industry experience and keep current with emerging trends, best practices, directions and issues in information security technology and global regulatory developments.


• You have 5+ years of hands-on experience with risk management standards and frameworks (ISO 27001, NIST CSF, PCI DSS, etc.).


• You have familiarity with Banking Regulatory bodies (OSFI, NY DFS, US Federal Reserve, etc..)


• You have experience with GRC and TPRM tools (Archer RSA, Metricstream, Coupa Risk Assess)


• You have used industry leading productivity tools to produce quantitative/qualitative reports, data flow diagrams & visual presentations.


• You possess relevant security certifications (i.e. CISA, CISSP, CISM, CCSP, CRISC).


What's in it for you?


• We have an inclusive and collaborative working environment that encourages creativity and curiosity and celebrates success 


• We provide you with the tools and technology needed to create meaningful customer experiences 


• You’ll get to work with and learn from diverse industry leaders, who have hailed from top technology companies around the world 


• Our work from home social channel offers weekly virtual yoga, social events, learning opportunities, and lots more. 


• We offer a competitive total rewards package, including a performance bonus, company matching programs (on pension & profit sharing), and generous vacation


Location(s):  Canada : Ontario : Ottawa 


Scotiabank is a leading bank in the Americas. Guided by our purpose: "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.  


Other companies hiring with Ivy Exec

 Company Logos