Information Security Consultant Lead

**Requisition ID**: 205097

We are committed to investing in our employees and helping you continue your career at ScotiaTech.

**Purpose**

• What’s in it for you?_

Opportunity to showcase your leadership in the Technology Risk Management space by supporting the Global Wealth Engineering team, otherwise known as GWE. An Information Security Advisor provides advisory services to assist in the development and support of sound security strategies and secure control processes to protect the Bank's information and data resources.

• The Team_

Contributes to the overall success of IT&S and ICRM in GWE, ensuring specific individual goals, plans, initiatives are executed / delivered in support of the team’s business strategies and objectives. Ensures all activities conducted follow governing regulations, internal policies and procedures..

**Accountabilities**

• Champions a customer focused culture to deepen client relationships and leverage broader Bank relationships, systems and knowledge.
• Acting as a central point of reference and core competency for Information Security. Assisting in the classification and protection of data resources by providing guidance on secure and cost effective implementation of Bank's security policies and standards.
• Representing Information Security in projects, initiatives, mergers and acquisitions. Working with business lines to develop sound security strategic and tactical plans towards the reliable implementation of consistent and secure control processes to protect the Bank. Drive initiatives and support business functions to assess security risks and to make informed decisions to protect information assets.
• Providing guidance to design, develop and implement sound risk management controls in accordance with Bank's standards that assure the Bank's compliance with industry regulations. Keeping informed and well versed on financial industry regulations demands in different regions based on practical experience.
• Pursuing security and control process improvements to advance security compliance and improve internal processes
• Participate in initiatives and projects driven by various business lines. Guide project and delivery managers to design and establish sound information security practices, facilitating key artifacts such as security desgin documents, threat/risk assessments and data classifications with the owner to ensure that risks are identified and effectively managed. Where required by risk, lead due diligence reviews over third party outsourcing partners to ensure that their security posture aligns with the Bank and industry best practice. Work with the relationship owner and the third party to create and track an action plan for remediation of issues.
• Liaise with internal and external security teams and business lines to develop sound security strategic and tactical plans towards the reliable implementation of consistent and secure control processes to protect the Bank.
• Generate reports associated with the vulnerabilities reported by the different security tools to follow up and manage the remediation of vulnerabilities and weaknesses identified in the technological platform.
• Monitor, follow up, and define specific actions to guarantee the security compliance of the organization's assets.
• Execute tasks to keep the security controls and indicators within the optimal thresholds for decreasing the level of security risk in the Organization.
• Work with our business line partners to assess and ensure compliance to the Bank standards. Escalating risk through appropriate channels.
• Understand how the Bank’s risk appetite and risk culture should be considered in day-to-day activities and decisions.
• Actively pursues effective and efficient operations of his/her respective areas in accordance with Scotiabank’s Values, its Code of Conduct and the Global Sales Principles, while ensuring the adequacy, adherence to and effectiveness of day-to-day business controls to meet obligations with respect to operational, compliance, AML/ATF/sanctions and conduct risk.
• Champions a high-performance environment and contributes to an inclusive work environment.

**Dimensions**

**Education / Experience / Other Information**

• Strong knowledge of cloud security controls, cloud computing concepts, and cloud architecture security.
• Knowledge of financial services' Security Governance Framework (policies and standards) is a strong asset.
• Knowledge of static and dynamic code analysis.
• Knowledge of Identity & Access Management, PKI, Intrusion Prevention, and vulnerability assessments.
• Knowledge of network security components such as firewalls, routers, intrusion detection, anti-virus software.
• Strong Microsoft Office software skills particularly Excel, Word, Visio, and PowerPoint.
• Must have advanced verbal and written communication skills in English (B2)
• Working knowledge of regulatory guidelines related to the financial industry like OSFI.
• University degree i