This job board retrieves part of its jobs from: Healthcare Jobs | Professional Careers | Toronto Jobs

To post a job, login or create an account |  Post a Job

  Toronto Jobs  

Bringing the best, highest paying job offers near you

previous arrow
next arrow

Director IT Risk (Risk Advisory) – Payments Technology


This is a Contract position in Toronto, ON posted January 5, 2021.




Requisition ID: 91023


Join the Global Community of Scotiabankers to help customers become better off.


Purpose of Job

Global Payment and Cash Management Technology IT Risk Advisory team plays an important role in the Bank’s Three Lines of Defense Framework, providing First Line of Defense for the Global Payment and Cash Management Technology portfolio on all technology risk domains, including Cyber Security, Data Privacy, Software Lifecycle Management, Capacity, Incident Management, Disaster and Backup Recovery, Third Party Management, Project Management, and Audit & Regulatory issue remediations.  

Director, IT Risk (CIO Risk Advisor) directly supports the CIO/Vice-President, Global Payment and Cash Management Technology, to collaboratively assess, analyze and quantify technology risk, design controls and assist in their implementation and testing within the business line. This role is part of a strategic and comprehensive IT Risk Management Function within the Technology First Line of Defence and ensures design and implementation in accordance with regulatory expectations, risk appetite, organizational risk practices and evolving business practices.

The role includes significant coordination and engagement with peers in Global Banking and Markets 1st line of defense and 2nd and 3rd line of defense for Technology in the execution of risk management activities, inclusive of regular updates, formal reporting and managing remediation commitments identified (e.g. audit findings).


Major Accountabilities

  • Advises and supports risk owners in day to day risk management activities and execution. Assists risk owners in adhering to policies, frameworks, standards and guidelines through active engagement, guidance and counselling. Advises on the design and implementation of controls, and remediation plans to mitigate risk.
  • Acts as a primary interface and conduit between the risk owners and other risk groups to lead the facilitation and execution of risk management activities.
  • Compiles and (where applicable) presents risk update reports for various risk groups, including technology risk updates to the monthly Global Banking and Markets Core Risk Committee (CRC) and the Technology Risk Council.
  • Identifies, assesses, prioritizes and reports on material IT risks for IT and aligned business areas. This will require working with equivalent Risk Advisors in various business areas. Ensures outputs are recorded in the enterprise Global Issue Management system and in full compliance of all policies and common standards, including the IT Risk Management Policy and Framework.
  • Ensures implementation of a strong IT risk culture in partnership with the risk owners and other control functions.
  • Monitors, tracks, and manages technology risk indicators for the portfolio
  • Manage the overall remediation plans, including any specific “path to green” plans for applicable risk domains.
  • Oversees audit issue remediation to meet the annual enterprise target, and SOX control testing across the portfolio by working with Internal and External Audit.
  • Partner with Business Internal Control team on Operational Control Self-assessments to conduct risk assessments of key applications/systems supporting key business processes.
  • Manage technology risk and control self assessments for the portfolio.
  • Perform identified thematic risk review assessments for the portfolio.
  • Conduct New Initiative Risk Assessments (NIRA) for applicable initiatives and provide consulting on technology risks as applicable.
  • Identify pervasive technology risk issues or issues that are common across the landscape.
  • Performs control testing and monitoring as applicable.
  • Review and contribute to technology policies and standards under development or review, as applicable.
  • Monitor effectiveness of portfolio impacting governance processes such as change management, project management and architecture reviews, for enforcing control requirements.  
  • Collaborates with IT Risk directors for other business units to improve risk management practices across the enterprise.
  • Builds a high-performance environment and implements a people strategy that attracts, retains, develops and motivates their team by fostering an inclusive work environment and using a coaching mindset and behaviors; communicating vison/values/business strategy; and, managing succession and development planning for the team.



  • Candidates require strong leadership, communication and strategic influencing capability, supported by well-developed analytical and strategic thinking competencies.
  • Strong ability to balance competing or conflicting goals of various departments and stakeholders which requires a mature, diplomatic approach and highly developed negotiation and influencing skills.
  • Strong ability to challenge leadership team especially when there is a need to balance control and compliance priorities with competing objectives.
  • Good communication, facilitation and presentation skills for developing communication strategies for Executive approval through to implementation of strategies and programs.
  • Ability to work collaboratively with teams, and manage team members, across multiple locations


Experience and Education

  • Knowledge and experience in at least 5 technology disciplines, such as software development, API management, system design, information security, technology resilience, technology third party management, cloud computing, midrange and mainframe computing, project management, incident – problem – change management, networks and disaster recovery.
  • Knowledge of cash management and payments business is desirable
  • Experience in other risk management roles (across any line of defence) is desirable.
  • Experience in managing remediation programs is desirable.
  • Data Analytics and Visual dashboarding skills (PowerBI/Tableau) are desirable.
  • Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP) and Certified in Risk and Information System Control (CRISC) are desirable.



Location(s):  Canada : Ontario : Toronto 

As Canada’s International Bank, we are a diverse and global team. We speak more than 100 languages with backgrounds from more than 120 countries. Our employees are committed to a superior customer experience and use the Bank’s six guiding sales practice principles to ensure they act with honesty and integrity.


At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our Recruitment team know. If you require technical assistance, please click here. Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.