IT & Cybersecurity Risk / Enterprise Risk Asia

Requisition ID: 192520

Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.

Purpose
- Contributes to the overall success of the IT & Cybersecurity Risk Management in Asia Pacific ensuring specific individual goals, plans, initiatives are executed / delivered in support of the team’s business strategies and objectives. Ensures all activities conducted are in compliance with governing regulations, internal policies and procedures.
- Develops and executes (independently and / or in conjunction with Enterprise program) a second line of defence program of objective assessment of risk management practices carried out by the first line of defence to ensure that the Bank’s global/regional IT systems operations and technology components supporting multiple delivery channels are within the established risk appetite levels for IT service availability, support and information security (including cybersecurity).
- Guides IT, Business and other Control Functions on Cybersecurity & IT Risk management best practices, emerging technologies and processes to build and sustain a risk aware culture. Recommend or review of IT security policies, frameworks, standards and/or control environment enhancement.
- The role encompasses second line of defence oversight for IT and cybersecurity risk (including IT outsourcing) over Scotiabank’s Asia Pacific (APAC) operations in Singapore, Hong Kong, China, Australia, India and Japan.
- The role resides within the Enterprise Risk management function and encompasses contribution to other Enterprise Risk management activities for Operational Risk, Third Party Risk and other non-financial risks.

Accountabilities
- Champions a customer focused culture to deepen client relationships and leverage broader Bank relationships, systems and knowledge.
- Execution of a second line of defence program of objective assessment of risk management practices carried out by the first line of defence for Scotiabank APAC region.
- Monitor and challenge the IT Risk Profile, KRIs and associated Risk Metrics of the Bank to proactively identify changes in the profile and emerging risks, as well as ensure the accuracy, completeness and proper response to improve metrics as required.
- Monitor cybersecurity risks and the controls in place within the Bank, and the understanding of these risks to Senior Management.
- Provide clear and comprehensive reporting to Senior Management, Global Risk Management (GRM) and Regulators (as required) to adequately present the Bank’s IT risk profile, trending issues, recommendations and mitigating factors.
- Challenge the output of the first line in the IT Risk & Control Self-Assessment (RCSA) process covering APAC entities, functional processes and/or business lines.
- Perform deep dives and scenario analysis to assess the effectiveness of controls surrounding key IT and cybersecurity processes and to identify remediation for gaps to actively mitigate IT and cybersecurity risks.
- Coordinate with GRM - Cyber & IT Risk Management and other enterprise teams to share best practices and methodologies intended to improve the IT control environment.
- Maintain relationships with key stakeholders across the Bank and applicable Control & Support Functions (C&SFs) to remain current on new developments and emerging IT & cybersecurity risks.
- Support regulatory requests and submissions for IT & cybersecurity risk-related information.
- Maintain knowledge of emerging trends, threats and changes (e.g. regulatory, best practices) in the Information Security industry
- Contribute to or support other Enterprise Risk Management activities including:

- Support business units and corporate support functions in their Enterprise Risk management programs, through advice, review and/ or challenge
- Develop and prepare risk reports
- Develop / maintain local procedures, policies, addendums and frameworks and ensure their alignment with global enterprise-level standards and compliance with local regulations
- Conduct due diligence to assess and provide effective challenge in the New Initiative risk management program
- Implement, review, assess and enhance operational risk management tools and methodologies
- Support responses to regulatory requests for enterprise risk-related information
- Understand how the Bank’s risk appetite and risk culture should be considered in day-to-day activities and decisions.
- Actively pursues effective and efficient operations of his/her respective areas in accordance with Scotiabank’s Values, its Code of Conduct and the Global Sales Principles, while ensuring the adequacy, adherence to and effectiveness of day-to-day business controls to meet obligations with respect to operational, compliance, AML/ATF/sanctions and conduct risk.
- Champions a high-performance environment and contributes to an inclusive work environment.

Reporting Relationships (Job Titles only)
Primary Manager: Director - Head of Enterprise