Director, Vulnerability Management Operations

Requisition ID : 181341

Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.

Purpose

The Director of Vulnerability Management Governance & Reporting is responsible for the leadership and facilitation of Infrastructure security vulnerability identification, risk evaluation, remediation validation and reporting activities and deliverables.

This leader is expected to develop the processes and automation in delivering vulnerability management reporting and remediation more efficient.

The roles interfaces with senior management across the multiple business lines, IT owner, Enterprise and IT risk and audit and to communicate the security risk from the vulnerability report and set remediation priorities.

Accountabilities & Responsibilities

• Work in close partnership with Product Managers, Solution Architects, Security Governance and Managers on matters relating to security of their current and future applications being produced and supported by the organization.
• Present strategies and articulate recommendations to stakeholders on remediation priorities and SLA
• Actively coach and mentor other developers in your business groups around application security
• Identify and report initiative progress, challenges and risks including key performance to find areas for improvement
• Must have the ability to generate reports and tailor communication strategies for various levels of technical staff, executive management, and business clients.
• Comfortable with Application Security vulnerabilities such as XXE, CSRF, SSRF, difference between XSS types, Open Redirects, RFI, LFI.
• Lead a team to monitor the effectiveness of the remediation process and escalate to senior management when necessary.
• Lead a team to ensure the categorization, vulnerability assessment, communication and assignment of known vulnerabilities in the Bank environments to technology and business owner via the service now automated remediation processes
• Partner and collaborate with business and technology teams to provide vulnerability and security expertise as the teams develop remediation solutions for security vulnerabilities
• Lead initiatives to enhance Bank compliance posture interacting with Bank's Auditor, risk and information security resources
• Foster a team culture of continuous improvement, mentoring and learning, data driven decisions, and accountability for delivery of key metrics and deliverables
• Keeps abreast of industry best practices, vendor capabilities and academic frameworks to sustain best-in-class program

Education & Skills

Effectively manages Vulnerability Management resources by ensuring resources are appropriately trained, tasked and delivering against milestones.

Escalates skill set issues to Unified Vulnerability Management Leadership and recommends corrective action

• Supports and executes effective resource and activity forecasting Produces complex, high-priority recurring, automated and ad-hoc vulnerability, and status reports with the purpose of measuring progress towards goals, measuring performance against objectives, and identifying improvement opportunities in the areas of vulnerability identification, assessment, assignment and remediation.
• Must be able to simplify security and technical concepts for teams within our business and technology teams
• Strong understanding of vulnerability life cycle, remediation processes
• Use and Knowledge of Enterprise power BI, ServiceNow SecOps VR and CMDB
• Bachelor's degree in Computer Science, Information Technology or equivalent experience desired;

Master's degree preferred 5+ years of IT leadership across Operations, Software Engineering, and Software Development roles.

• 5+ years of people management, leading highly technical individual contributors and subordinate people managers.
• 5+ years' experience as a manager with emphasis on IT Security and technical solutions
• CISSP and / or CISA designation beneficial but not required.
• An understanding of network and web related protocols (such as, TCP / IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
• Excellent written and verbal communication skills
• Demonstrable teamwork skills and resourcefulness
• Possess self-drive to keep moving things forward even in the face of ambiguity and imperfect knowledge (avoid "analysis paralysis")
• Strong sense of ownership, urgency, and drive
• Sharp analytical abilities and proven design skills

LI-Hybrid #Cyberatscotia

Location(s) : Canada : Ontario : Toronto

Scotiabank is a leading bank in the Americas. Guided by our purpose : "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.

At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone.

If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our Recruitment team know.

If you require technical assistance, please click here. Candidates must apply directly online to be considered for this role.

We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.