Senior Security Advisor

Requisition ID : 181847

Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.

The Information Security Specialist is responsible for providing security advisory services to business lines, subsidiaries, and affiliates enabling the achievement of the Bank's Information Security Policy and industry best practices.

Key Accountabilities

Participate in initiatives and projects driven by various business lines. Guide project and delivery managers to design and establish sound information security practices, facilitating key artifacts such as security design documents, threat / risk assessments and data classifications with the owner to ensure that risks are identified and effectively managed.

Where required by risk, lead due diligence reviews over third party outsourcing partners to ensure that their security posture aligns with the Bank and industry best practice.

Work with the relationship owner and the third party to create and track an action plan for remediation of issues.

• Acting as a central point of reference and core competency for Information Security, providing first line subject matter expert advise on classification and protection of data through Bank's information security standards, policies and processes, and industry best practices.
• Liaise with internal and external security teams and business lines to develop sound security strategic and tactical plans towards the reliable implementation of consistent and secure control processes to protect the Bank.
• Work with our business line partners to assess and ensure compliance to the Bank standards. Escalating risk through appropriate channels.

Qualifications

• Must have a solid understanding and experience with security controls / mechanisms and threat / risk assessment techniques pertaining to complex data, application and network environments
• Knowledge of cloud security controls, cloud computing concepts, and cloud architecture security is a strong asset
• Knowledge of financial services' Security Governance Framework (policies and standards) is a strong asset
• Knowledge of Agile, Lean, Rapid Labs and other accelerated project frameworks would be an asset
• Strong knowledge of cryptographic concepts leveraged in modern applications and systems
• Strong knowledge of UNIX and Windows operating systems with emphasis on security features
• Sound knowledge of static and dynamic code analysis
• Sound knowledge of identity & Access Management, PKI, Intrusion Prevention, and vulnerability assessments
• Sound knowledge on one or more of the following databases, Oracle, DB2, Sybase, SQL Server
• Sound knowledge of network security components such as firewalls, routers, intrusion detection, anti-virus software
• Working knowledge of regulatory guidelines related to the financial industry like OSFI
• University degree in computer science / related field or relevant work experience
• Certifications in CISSP, CEH, CCSP, CISA and / or CRISC

LI-Hybrid #Cyberatscotia

Location(s) : Canada : Ontario : Toronto

Scotiabank is a leading bank in the Americas. Guided by our purpose : "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.

At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone.

If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our Recruitment team know.

If you require technical assistance, please click here. Candidates must apply directly online to be considered for this role.

We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.