Director, Cybersecurity Risk Management

Director, Cybersecurity Risk Management Requisition ID: 245907 Salary Range: 157,700.00 - 264,200.00 _Please note that the Salary Range shown is a guideline only. Salary offered may vary based on factors, including, but not limited to, the successful candidateu2019s relevant knowledge, skills, and experience._ Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture. Global Banking and Markets Global Banking and Markets (GBM) is a leading Canadian Capital Markets and Investment Banking business with a growing platform in the US and Latin America, operating globally for over 100 years. Scotiabanku2019s strong U.S. presence provides our clients an important bridge to this key global market for trade and investment flows across the Americas and the world. Global Banking & Markets provides a full range of investment banking, credit and risk management products and services relevant to the financing and strategic development needs of our clients. Our products include debt and equity financing, mergers & acquisitions, corporate banking, institutional equity sales, trading and research, fixed income products, derivatives, energy, foreign exchange and precious & metals. We also cross-sell the full range of wholesale products and services offered by the Scotiabank Group. Be part of an innovative, Global Capital Markets and Investment Banking business with a unique geographic footprint that puts capital to work for our clients across industries We work together to drive ambition for every future Purpose The Director, Cybersecurity Risk Management will lead the charge in strengthening Scotiabanku2019s second line of defense (2LoD) Cybersecurity risk oversight of the first line implementation of cybersecurity programs, initiatives and delivery. This role requires a visionary leader with a deep understanding of cybersecurity principles, risk management, and compliance frameworks. The ideal candidate will possess strong communication and leadership skills, the ability to navigate complex regulatory landscapes, and a commitment to continuous improvement in the face of a rapidly evolving cybersecurity environment. What You'll Do u2022 Partner with global Risk team to develop and maintain a comprehensive Cybersecurity and Technology Risk Management Framework. u2022 Serve as a subject matter expert and trusted risk oversight partner on cyber risks, regulatory reporting, and audit requirements, supporting requests and providing guidance across key cybersecurity domains, including Security Event Detection, Red Team, Cyber Incident Response, Cyber Threat Intelligence, Cyber Assurance, Exercise & Simulations, Technology Resilience, Scenario Analysis, Third Party Cyber and Application Security. u2022 Conduct effective challenge of high-risk items (e.g., new software, risk acceptances), ensuring actionable risk-based insights and solutions. u2022 Partner with stakeholders in CISO, business, technology, and all three lines of defense to drive security compliance and awareness. u2022 Lead risk oversight and challenge of first line risk management strategies and compliance activities, ensuring that the organization's cybersecurity posture is robust and resilient against top and emerging threats. u2022 Provide insights and recommendations on cybersecurity trends, best practices, internal and external audit reports, and regulatory changes that may impact the organization. u2022 Identify risk scenarios using the MITRE ATT&CK Framework, calculate scoring, and present to executive leadership to drive risk-based action. u2022 Collaborate with the Cyber Security Incident Response Team (CSIRT) to ensure timely monitoring, detection, and response to threats. u2022 Ensure adherence to cyber risk management regulations, including FFIEC, OSFI, and other applicable laws. u2022 Build and mentor a high-performing team, providing training and development opportunities to ensure team members stay current in the field. u2022 Ensure alignment with the Banku2019s risk appetite and culture in all activities and decisions. u2022 Create an environment in which the team pursues effective and efficient operations of their respective areas in accordance with Scotiabanku2019s Values, its Code of Conduct, and the Global Sales Principles, while ensuring the adequacy, adherence to, and effectiveness of day-to-day business controls to meet obligations with respect to operational, compliance, AML/ATF/sanctions, and conduct risk. What Youu2019ll Bring u2022 University degree, preferably in Computer Engineering, Computer Science or related field, and a minimum of 10 yearsu2019 experience in increasingly senior Information Security roles in a complex, global organization. u2022 Cybersecurity, technology, or risk management certifications such as CISSP, CCSP, CEH, CISM, etc. u2022 Strong understanding and experience with regulatory and industry cybersecurity frameworks and guidance, including CRI Sector Profile, NIST, FFIEC, OSFI, and MITRE ATT&CK. u2022 Preferred certifications include CISA or equivalent, and familiarity with compliance frameworks (e.g., ISO or NIST). u2022 10+ years of related IT process experience, including internal audit, external audit, or risk assessment. u2022 Experience with financial sector regulatory practices and second line of defense effective challenge. u2022 Excellent written and verbal communication skills, with the ability to communicate security objectives and concepts to technology and business teams to technical and non-technical stakeholders. u2022 Strong leadership and collaboration skills. Excellent oral and written communication, ability to present confidently to senior executives, attention to detail and strong planning and management ability. u2022 Solid understanding and operation of cybersecurity disciplines, including Cloud Security, AI/ML, Network Security, Threat Modeling, Vulnerability Management, and Technology Resiliency. u2022 Advanced analytical reasoning skills, applying critical thinking and problem-solving techniques to break down business, technical, and operational objectives. u2022 Proven ability to lead through change, manage dependencies, and control change in high-pressure, shifting environments. u2022 Understanding of cybersecurity diligence methods, including vulnerability assessments and penetration testing. u2022 Ability to interact and influence at all levels of management across functions. Interested? If your experience is closely related but doesnu2019t align perfectly with every qualification, we do encourage you to apply - you might be the right candidate for this or other roles at Scotiabank At Scotiabank, every employee is empowered to reach their fullest potential, respected for who they are and, embraced for their differences. Thatu2019s why we work to grow and diversify talent and engage employees in a performance-oriented culture. What's in it for you? Scotiabank wants you to be able to bring your best self to work u2013 and life, every day. With a focus on holistic well-being, our many flexible benefit programs are designed to help support your unique family, financial, physical, mental, and social health needs. Location(s): United States : Texas : Dallas Scotiabank is a leading bank in the Americas. Guided by our purpose:

Created: 2025-12-25