Talent.com
Scotiabank
Senior Audit Manager, IT and Cyber Security Audit (Cloud)Scotiabank • Toronto, ON, CA
Senior Audit Manager, IT and Cyber Security Audit (Cloud)

Senior Audit Manager, IT and Cyber Security Audit (Cloud)

Scotiabank • Toronto, ON, CA
11 hours ago
Job type
  • Full-time
Job description

Requisition ID: 257618

Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.


As the 3rd Line of Defense, Internal Audit provides enterprise-wide, independent, and objective assurance over the design and operations of the Bank’s internal controls, risk management and governance processes. We are professionals who thrive in a challenging environment and work with management to find solutions to address control weaknesses.

The Senior Audit Manager is responsible for leading and conducting IT and Cyber Security risk-based audit assessments, of medium to high complexity, following the Bank’s Audit Methodology. This supports the Audit Department’s global mandate by providing independent assurance that business strategies, plans, initiatives, and audit activities are conducted in accordance with applicable regulations, internal policies, and procedures.

The Senior Audit Manager is a dynamic, innovative, and trusted advisor who uses data to deliver industry leading assurance and insights to keep the Bank and our customers safe.

As a Senior Audit Manager, you will support the Director, IT & Cyber Security Audit, by planning and executing risk-based technical audits across Cyber Security, Technology Infrastructure, Applications, Cloud and Digital Banking, to provide opinions on the effectiveness of controls to meet business objectives. In addition, the subject matter expert is expected to be knowledgeable in risks associated with systems development methodologies (Waterfall and Agile), project management, automation and orchestration, data protection, and outsourced IT services.

Key Accountabilities:

  • Acts primarily as Officer in Charge (OIC) for assigned audits. May act as Audit Principal (AP) for low to medium complexity audits.
  • Works with other audit teams as required and carries out specific IT and Cyber Security projects.
  • As OIC/AP, oversees the execution, planning, and reporting. Obtains a thorough understanding of the end-to-end business/unit/process and associated risks, develops an appropriate risk-based audit approach and schedules timing and resources.
  • Ensures audit results are gathered and determines the root cause of the problem. Prepares and/or reviews audit results and findings for presentation to management. Follows-up for corrective action/progress against any reported issues. Ensures relevant information that impacts other audit function areas is shared.
  • Supports a client focused culture throughout their team to deepen client relationships and leverage broader Bank relationships, systems, and knowledge.
  • Understands how the Bank’s risk appetite and risk culture should be considered in day-to-day activities and decisions.
  • Plans, documents, and seeks agreement in advance to the project approach and confirms conclusions upon completion in writing.
  • Ensures Scotiabank standards and the Institute of Internal Auditors (IIA) Code of Ethics are maintained in completion of all assignments.
  • Builds and maintains strong relationships with internal and external stakeholders and regulators as required.
  • Interacts and coordinates with other groups involved. Completes timely review of workpapers, ensuring internal control weaknesses are clearly documented with recommendations addressing the root cause and are communicated timely to management.

Focus Area (Cloud):

  • Acts as a leader and subject matter expert in auditing cloud governance and security controls, covering areas such as risk management, shared responsibility models, identity and access management, secure configuration standards, encryption and key handling, secrets management, network segmentation, monitoring and logging, vulnerability management, and practices that enhance cloud resilience.
  • Brings specialized subject matter expertise in DevSecOps and secure SDLC controls, including CI/CD pipeline governance, build and release integrity, segregation of duties, change and release management, code review practices, security testing automation (SAST/DAST/dependency scanning), container and image security, infrastructure-as-code controls, and developer tooling risk. Utilizes in-depth knowledge to assess technical environments, identify security gaps, and deliver expert guidance to audit teams and stakeholders for effective risk mitigation.
  • Evaluates API-related risks and controls as they intersect with cloud and DevSecOps, including API authentication and authorization, gateway policy enforcement, rate limiting and abuse controls, schema/input validation, monitoring and alerting, third-party integrations, and operational resilience of critical services.

Leadership:

  • Supports ongoing monitoring activities to stay abreast of changes (business/industry/regulatory), emerging risks, and themes or systemic issues that may impact the risk assessment of the audit universe and the audit plan.
  • Supports a high-performance environment and implements a people strategy that attracts, retains, develops, and motivates their team by fostering an inclusive work environment and using a coaching mindset and behaviours; communicating vison/values/business strategy; and managing succession and development planning for the team.
  • Meets Department training requirements.
  • Maintain information security competency through ongoing professional development and staying abreast of emerging technologies, risks and controls in information and cyber security.
  • Provide direction, guidance and expert advice to audit teams globally to allow definition of effective assessments on information and cyber security risk management.
  • When required, prepare and deliver effective presentations on various audit and information security related matters to Audit senior management and relevant stakeholder across the Bank to demonstrate expertise.
  • Identify and advise Audit teams on the use of data analytics and other advanced techniques and tools to improve efficiency and effectiveness of audit assessments.
  • Establish and maintain solid relationship with audit clients to serve as a catalyst of positive change and improvement of information and cyber security risk management.

Functional Competencies

  • At least 5+ years of information technology and cyber security experience.
  • Highly developed interpersonal and communication skills (verbal and written).
  • Ability to work independently and as part of a team of professionals.
  • Curiosity mindset.
  • Working knowledge of the operations and regulatory environments for each unit as applicable.
  • Knowledgeable in cyber security processes areas such as web application security, secure network security architecture, penetration testing, Red Team testing, vulnerability assessments, encryption, data loss prevention, coding assessment, cloud security, DDoS protection, and malware protection.
  • Strong technical knowledge of cloud computing and modern engineering practices, including cloud-native security and operational controls, DevSecOps and CI/CD risk, and API security fundamentals relevant to cloud-based and distributed architectures.
  • Experience in the assessment of threats and risks over IT processes and assets.
  • Excellent analytical skills and proficiency with Microsoft Word, excel, and PowerPoint.
  • Proven ability to work at high levels of ambiguity and in a rapidly changing environment.
  • Knowledge and experience with security assessment tools (exploit tools, vulnerability assessment) and Security Operations Centre software (IDS, IPS, SIEM, etc.).

Education

  • Bachelor’s degree in information technology, Computer Science or equivalent required.
  • One or more of the following certifications: CISA, CISM, CISSP, CCSP, GCIA, CEH is required.
  • Cloud engineering or architecture designation would be an asset.

Location(s): Canada : Ontario : Toronto

Scotiabank is a leading bank in the Americas. Guided by our purpose: "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.

At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our Recruitment team know. If you require technical assistance, please click here. Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.

Create a job alert for this search

Senior Audit Manager, IT and Cyber Security Audit (Cloud) • Toronto, ON, CA

Similar jobs

Senior Cloud Network Architect: Multi-Cloud & Security

FNZToronto, ON, CA
Full-time

A global financial services provider in Toronto is seeking an experienced Network Architect.The role involves designing cloud network architecture, leading network transformation, and collaborating... Show more

 • Promoted

Senior IT Auditor

AvisoToronto, ON, CA
Full-time

Senior IT Internal Auditor – join Aviso's Internal Audit team to evaluate technology risks and strengthen governance.Facilitate systematic and ongoing internal evaluation of risk management, intern... Show more

 • Promoted

EY Senior Manager - Cyber Managed Services

Ernst & Young Advisory Services Sdn BhdToronto, ON, CA
Full-time

Step into a pivotal role as a Senior Manager in Cyber Managed Services at EY, based in Toronto.This position drives market leadership and client growth in the Industrials and Energy sectors.In this... Show more

 • Promoted

Cybersecurity Manager, Red Team Exercises

EQ Bank | Equitable BankToronto, ON, CA
Full-time

Be a key player at Equitable Bank as a Cybersecurity Manager focused on Red Team Exercises.Oversee Cyber Resilience Testing and offensive security strategies in a hybrid role.As the Cybersecurity M... Show more

 • Promoted

IT Audit Manager

Tundra Technical SolutionsToronto, ON, CA
Full-time

Tundra Technical Solutions pay range.This range is provided by Tundra Technical Solutions.Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.Suppor... Show more

 • Promoted

Manager IT Audit and Compliance

XanaduToronto, ON, CA
Full-time

Xanadu’s mission is to build quantum computers that are useful and available to people everywhere.At Xanadu, we are learners, innovators, researchers, collaborators and problem solvers.We are creat... Show more

 • Promoted

Senior Manager, Audit Services (Technology/Investments)

Ontario Teachers' Pension PlanToronto, ON, CA
Full-time

Senior Manager, Audit Services (Technology/Investments).The Senior Manager, Audit Services is responsible for enhancing and protecting Ontario Teachers’ organizational value and reputation, and to ... Show more

 • Promoted

Senior Manager, Technology Risk Governance & Compliance

Corus EntertainmentToronto, ON, CA
Full-time

Risk Governance and Compliance.Toronto, ON (Hybrid, 2‑3 days in office).This role has a broad mandate, supporting both the Head of Enterprise Risk Management and the Head of Cybersecurity and Techn... Show more

 • Promoted

Senior Manager, InfoSec Risk & Governance

Onico SolutionsRichmond Hill, York Region, CA
Full-time

A leading IT solutions provider in Richmond Hill is seeking a Senior Manager for Information Security Risk & Governance.This role involves leading risk management and governance programs while over... Show more

 • Promoted

Senior Sales Manager for Cybersecurity Solutions

TufinToronto, ON, CA
Full-time

Transform enterprise security with your expertise as a Senior Sales Manager.Engage C-level stakeholders, drive account management strategies, and enhance cybersecurity product adoption effectively.... Show more

 • Promoted

Celestica IT Audit Advisor - Remote Flexibility

CelesticaToronto, ON, CA
Remote
Full-time

Join Celestica as an IT Audit Advisor with hybrid flexibility, focusing on high-impact audits and IT risk management.This role is key to driving compliance and operational integrity.Based in Toront... Show more

 • Promoted

Senior IT Auditor

Amphenol HSIOMarkham, ON, CA
Full-time

Amphenol Communications Solutions (ACS), a division of Amphenol Corporation, is a world leader in interconnect solutions for Communications, Mobile, RF, Optics, and Commercial electronics markets.A... Show more

 • Promoted

Senior Audit Manager, IT and Cyber Security Audit (Cloud)

ScotiabankToronto, Ontario, Canada
Full-time

Senior Audit Manager, IT and Cyber Security Audit (Cloud) Requisition ID: 257618.Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.As the 3rd Lin... Show more

 • Promoted

Senior Audit Manager, It And Cyber Security Audit (Cloud)

ScotiabankToronto, Canada
Full-time

Senior Audit Manager, IT and Cyber Security Audit (Cloud)Requisition ID: 257618Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.As the 3rd Line ... Show more

 • Promoted

Senior IT Compliance & Audit Lead — Remote

P2PToronto, ON, CA
Remote
Full-time

A leading crypto firm is seeking a senior IT audit professional.This fully remote role emphasizes managing SOC examinations and establishing audit rigor.Ideal candidates will have over 5 years of e... Show more

 • Promoted

Senior IT Risk & Compliance Auditor (Hybrid – Toronto)

Global Technical Talent, an Inc. 5000 CompanyToronto, ON, CA
Full-time

A leading staffing firm in Toronto is seeking an experienced Audit Specialist to coordinate enterprise-level risk assessments.This hybrid role requires over 7 years of experience in risk management... Show more

 • Promoted

Senior IT Audit Manager

Madison-Davis, LLCToronto, ON, CA
Full-time

Senior IT Audit Manager – Madison-Davis, LLC.A well‑capitalized financial institution is seeking a senior IT audit manager to oversee cybersecurity and infrastructure audit coverage.This is a strat... Show more

 • Promoted

Senior Security Advisory & Risk Architect (Multi-Cloud)

MonerisToronto, ON, CA
Full-time

A leading payment solutions provider is seeking a Security Business Advisory & Consulting professional in Toronto.This role involves providing security and risk assessment guidance across projects ... Show more

 • Promoted

Senior IT Auditor

Amphenol ICCMarkham, York Region, CA
Full-time

Amphenol Communications Solutions (ACS), a division of Amphenol Corporation, is a world leader in interconnect solutions for Communications, Mobile, RF, Optics, and Commercial electronics markets.A... Show more

 • Promoted

Senior Tech Architect - Secure Cloud & Integration (Remote)

KyndrylToronto, ON, CA
Remote
Full-time

A leading technology services firm is seeking a Senior Technology Architect to design secure, enterprise-level access solutions for a public sector client based in Ottawa.This remote role requires ... Show more