IT Risk Specialist

Scotiabank’s new and innovative Technology hub in Bogotá invites you to join a purpose-driven team that promotes creativity and innovation in a fast-paced environment, where we’re always committed to results in an inclusive, diverse, and high-performing culture. Purpose Contributes to the overall success of first line Technology as well as Internal Controls & Regulatory Management (ICRM) ensuring specific individual goals, plans, initiatives are executed/delivered in support of IT & S and the businesses strategies and objectives. Directly support the relevant IT Risk / ICRM Team to collaboratively assess, evaluate and quantify IT risk, design controls and assist in their implementation within the business line. Accountabilities Support the IT Risk team in providing the 1st Line of Defense (1B) function in technology with ongoing guidance to support the implementation of, and compliance to established IT Standards, Policies, Procedures, regulatory and cyber requirements through active engagement, guidance and counselling. Provide support to 1st Line of Defense (1A) teams, Risk owners, to build their capability to identify, assess, mitigate and monitor risks associated with their use of information and IT systems. Conduct risk assessments, Risk Control Self-Assessments (RCSAs) and ensure observations, issues and outputs are recorded in enterprise tools; support IT risk control testing and monitoring and help Risk Owners with remediation plans. Identify, review and triage risk incidents, support root cause analyses. Ensure that IT Risk assessments and outputs are recorded in enterprise tools and that status is updated periodically. Perform gap analyses to identify non-compliance with new risk controls, frameworks, policies, risk indicators, metrics and limits and track remediation status. Monitor performance of KPIs and KRIs. Operationalize programs to improve KRI performance to meet banks risk tolerance. Support IT Risk / ICRM team to provide governance of and track SOX evidence collection. Advocate for IT Risk / ICRM and promote a strong risk culture in partnership with the risk owner. Reporting Relationships (Job Titles only) Primary Manager: IT Risk Specialist, CCA Technology Direct Reports: Not applicable Shared Reports Not applicable Education / Experience / Other Information Experience with ITSM tools (ServiceNow, a plus) with strong understanding of SRE and service management principles. Knowledge of IT Asset management tools, providing support to asset owners in the onboarding and maintenance of their applications in the tool, monitor processes and the data quality of corresponding portfolio information assets through the tools. Candidates should have a breadth of IT, and/or non-financial Risk management experience (governance, operations, audit, control functions, compliance, risk management) over 3+ years. Candidate requires intermediate communication (both verbal and written) supported by analytical competencies. Proficient written and verbal communication required at all levels of the organization is essential. Requires expert IT Risk management experience in 1+ areas including but not limited to systems design, security, availability/stability/resiliency, disaster recovery, third party risk management, change management, release management, audit, regulatory risk, logical access, software currency. Exposure to cloud controls would be an asset. Strong Microsoft Excel and data analytics skills expected. Knowledge or understanding of Risk / Control frameworks is desirable (ITIL, ISO, COBIT, NIST). Degree or diploma in Computer Science, Engineering, Business Commerce or equivalent experience. Any relevant Certifications would be an asset – C ISA, CRISC, CISSP, ITIL Foundation Certification in IT Service Management (ITSM), COBIT. Working Conditions Work in a standard office-based environment, remote or in bank buildings; your portfolio may dictate working hours aligned to other geographies and time zones. Travel to International locations may be required. Multiple and at times conflicting priorities arise with most work required under tight project’s deadlines. Location(s): Colombia – Bogotá ScotiaTech is a business unit within ScotiaGBS, a Scotiabank Group company located in Bogotá, Colombia. The ScotiaTech hub was created to support different technology systems and processes of the Bank. We offer an inclusive, positive work environment, and competitive benefits. At ScotiaTech, we value the unique skills and experiences each individual brings and are committed to creating and maintaining an inclusive and accessible environment for everyone. Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at ScotiaTech; however, only those candidates who are selected for an interview will be contacted. #J-18808-Ljbffr