Senior Information Security Advisor, Cloud (IT infrastructure and DC) - (scarborough, ontario)
Posted: Tuesday, August 22, 2017 3:50 PM
Requisition ID: 1282
Join the Global Community of Scotiabankers to help customers become better off.
The incumbent is responsible for providing advisory services to business lines, subsidiaries and affiliates enabling the achievement of the Banks Information Security Policy. Specifically, the incumbent will provide advisory services to assist in the development and support of sound security strategies and secure control processes to protect the Banks information and data resources, by:
- Acting as a central point of reference and core competency for Information Security. Assisting in the classification and protection of data resources by providing guidance on secure and cost effective implementation of Banks security policies and standards.
- Representing Information Security in projects, initiatives, mergers and acquisitions. Working with business lines to develop sound security strategic and tactical plans towards the reliable implementation of consistent and secure control processes to protect the Bank. Drive initiatives and support business functions to assess security risks and to make informed decisions to protect information assets.
- Leading security due diligence reviews over third party services providers to determine if implemented security and control practices align with the Bank and industry best practices. Working with the relationship owner and the 3rd party to create and track an action plan for remediation of identified issues.
- Providing guidance to design, develop and implement sound risk management controls in accordance with Banks standards that assure the Banks compliance with industry regulations. Keeping informed and well versed on financial industry regulations demands in different regions based on practical experience.
- Pursuing security and control process improvements to advance security compliance and improve internal processes.
1. Participate in initiatives and projects driven by various business lines. Guide project and delivery managers to design and establish sound information security practices, facilitating key artifacts such as security design documents, threat/risk assessments and data classifications with the owner to ensure that risk is identified and effectively managed. Where required by risk, lead due diligence reviews over third party outsourcing partners to ensure that their security posture aligns with the Bank and industry best practice. Work with the relationship owner and the 3rd party to create and track an action plan for remediation of issues.
2. Provide first line subject matter expert advice on pervasive Banks information security standards, policies and processes, information security world class standards and major regulations in the industry.
3. Liaise with internal and external security teams, local and international, and participate in reviews that pertain to compliance with Bank and Regulatory IT security controls and guidelines.
4. Work with our business line partners to assess risk and avoid deviations to Bank standards; where possible, identifying secure solutions. When unavoidable, escalate deviations or risk acceptance requests through appropriate channels.
- Strong knowledge of cloud security controls and experience in deployments and cloud architecture security.
- Must have a solid understanding and experience with security controls/mechanisms and threat/risk assessment techniques pertaining to complex data, application and networking environments.
- Must have advanced verbal and written communication skills in English, especially report writing ability. Excellent written and spoken English
- Well developed Communication skills are required, and the ability to confidently present ideas and recommendations at formal presentation and conference calls.
- Proven ability to meet deadlines for multiple assignments and adapt quickly t
• Location: Toronto
• Post ID: 85153503 toronto