Cybersecurity Associate

**Requisition ID**: 221573

Thanks for your interest in ScotiaTech, Scotiabank's new and innovative Technology hub in Bogota.

Join a purpose driven winning team that promotes creativity and innovation in a fast-paced environment, where we’re always committed to results, in an inclusive, diverse, and high-performing culture.

**Purpose**

Contributes to the overall success of Scotiabank UY cybersecurity strategy, ensuring specific individual goals, plans, and initiatives are executed/delivered to support the team’s business strategies and objectives. Ensures all activities comply with governing regulations, internal policies, and procedures.

**Accountabilities**
- Champions a customer focused culture to deepen client relationships and leverage broader Bank relationships, systems and knowledge.
- Implement the methodology, processes, and other security artifacts required in the Vulnerability Management of infrastructure components.
- Monitor, follow up, and define specific actions to guarantee the security compliance and hardening of the Organization's assets.
- Ensure the implementation and maintenance of the cybersecurity tools and guarantee their configuration according to the baselines and internal standards.
- Implement and maintain the Data Loss Prevention Program according to global policies and tools. Manage and monitor the DLP exceptions process and inventory to mitigate the data leaked risk.
- Establish security controls on identity and access management include the centralized provisioning and periodic certification of user identities, user accounts linked to those identities, management of privileged access, and the selection and integration of identity management tools.
- Execute tasks to keep the security controls and indicators within the optimal thresholds for decreasing the level of security risk in the Organization. Also, execute security tests, ensuring compliance with the guidelines and procedures.
- Support the Incident Management and Investigation processes.
- Create Dashboards to monitor and follow up on the Organization's security control status and give an overall security status in different periods of time. Attend all security alerts related to all security tools.
- Generate reports associated with the vulnerabilities reported by the different security tools to follow up and manage the remediation of vulnerabilities and weaknesses identified in the technological platform.
- Understand how the Bank’s risk appetite and risk culture should be incorporate into in day-to-day activities and decisions.
- Actively pursues effective and efficient operations of his/her respective areas in accordance with Scotiabank’s Values, its Code of Conduct and the Global Sales Principles, while ensuring the adequacy, adherence to and effectiveness of day-to-day business controls to meet obligations with respect to operational, compliance, AML/ATF/sanctions and conduct risk.
- Champions a high-performance environment and contributes to an inclusive work environment.

**Dimensions**
- Relationship with all the employees of the Scotiatech and the Bank.
- All the countries that Scotiatech provides services.
- Budget: N/A
- Relationships with internal and externals controls units
- Responsible for leading all the initiatives mentioned in Accountabilities Section.

**Education / Experience / Other Information**
- Post-secondary education in IT or security-related field.
- At least 3 years of experience in Information Security and Cybersecurity.
- 2 years of hands-on technical experience within the IAM/PAM field, including experience with AD
- Knowledge of vulnerability management, DLP management, KPIs/KRIs, Access Control, and Security monitoring tools.
- Knowledge of security standards (NIST, PCI-DSS, ISO 27001) and best security practices.
- Advanced communication (verbal/written/presentation) skills in English. The same in Spanish is a strong asset.
- Analytical experience, attention to detail, excellent critical thinking, logic, and problem-solving ability.
- Certifications related to security are considered an asset (e.g., CC, CISSP, ISO27001).
- You must effectively communicate technical information to both technical and non-technical personnel
- Bilingual English/Spanish language skills (B2 English level)

**Working Conditions**

Work in a standard office-based environment; non-standard hours are a common occurrence.

LI-Hybrid

Location(s): Bogotá or Home-Office

ScotiaTech is a business unit within ScotiaGBS, a Scotiabank Group company located in Bogota, Colombia. The ScotiaTech hub was created to support different technology systems and processes of the Bank. We offer an inclusive, positive work environment, and competitive benefits.