Toronto Employment Platform

Senior Audit Manager, Cyber Security

Requisition ID: 99287Join the Global Community of Scotiabankers to help customers become better off.


Job Purpose

As a Senior Audit Manager, you will support the Director, Emerging Technologies & Cyber Security by planning and executing risk-based digital banking, cloud services and architecture audits of medium to high complexity to provide opinions on the effectiveness of controls to meet business objectives. In addition, the subject matter expert is expected to be knowledgeable in risks associated with systems development methodologies (Waterfall and Agile), digital banking, cloud concepts and services, automation and outsourced IT services.


Key Accountabilities

The incumbent will be required to work as part of a team that assess the design and operational effectiveness of governance and internal controls relating to the cloud services, digital banking, data protection and management, outsourcing, infrastructure and project management supporting business lines and processes. This position requires strong skillsets around the ability to motivate and influence staff and auditees. Apart from the technical skills noted, the incumbent should be proficient at applying risk-based auditing standards, practices, techniques, processes, internal/external methodologies and regulatory guidelines to the performance and review of audits. The Bank’s Internal Audit Department plays a key role in the risk management process of the Bank.

A significant portion of the accountabilities will relate to providing assurance over the Bank’s IT controls including IT General Controls including cloud services, mobile and web development, DevOps, Agile development, microservices architecture, third-party outsourcing as follows:

– Plan and lead collaborative risk-based information technology audits of moderate to high complexity and conclude whether risks are appropriately managed through the existence of effective control or other techniques. 
– For those audits where the incumbent assumes a supervisory role, the incumbent is expected to develop a comprehensive audit plan clearly outlining the objective, scope, deliverables, approach, resourcing and schedule.
– Follow the Audit Standard Guidelines of the Bank and specific application, project and operations audit methodologies.
– Ensure that audit conclusions and recommendations are properly supported by an orderly accumulation and analysis of documented audit evidence, and that the audit report content is clear, concise and supported by the audit work completed.
– Perform accountabilities with minimal supervision and provide audit management and audit client with regular status updates of the assignment. The incumbent is expected to seek and obtain direction, perspective and resources as required in order to complete the assigned audit on time and within budget.
– Prepare and deliver effective presentations to clients at audit opening and closing meetings as a means of communicating and gaining their agreement and understanding of audit plans and audit results.
– When required, prepare and present effective presentations on various audit and technology related matters as a means to share information and demonstrate expertise. 
– Prepare and discuss audit findings with client senior management; identifying significant issues in a business context, working with audit clients to identify and recommend feasible solutions.
– Establish and maintain positive relationship management with audit clients.
– Maintain information security competency through ongoing professional development and staying abreast of technical matters in the industry.


Skills, Experience & Functional Competencies

– 7 years of information technology and information security or cyber security experience. 
– Knowledgeable in IT processes such as cloud engineering/operations, enterprise architecture, secure web and mobile application development using Agile practices, network management, DevOps pipelines, and microservices architecture.
– Excellent written and verbal communication skills including presentation skills.
– Experience in the assessment of threats and risks over IT processes and assets.
– Knowledge and experience with security assessment tools (e.g. exploit tools, vulnerability assessment).
– Working knowledge of primary Bank business areas (e.g. retail banking) would be an asset.


Education & Other Requirements

– Bachelor’s degree in Information Technology, Computer Science or equivalent required.
– One or more of the following certifications: CISA, CISM, CRISC, CRMA, CISSP, GCIA, CEH, OSCP, OSCE is required.
– Cloud (Microsoft Azure or Google Cloud) engineering or architecture designation would be an asset.
– TOGAF or equivalent architecture designation would be an asset.

Location(s):  Canada : Ontario : Toronto 

As Canada’s International Bank, we are a diverse and global team. We speak more than 100 languages with backgrounds from more than 120 countries. Our employees are committed to a superior customer experience and use the Bank’s six guiding sales practice principles to ensure they act with honesty and integrity.At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our Recruitment team know. If you require technical assistance, please click here. Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.

Only candidates can apply for this job.
Share this job

About Us

Talent Portal is a Toronto-based Job Board and Employment Platform. We are dedicated at helping talents reach their dream career.Candidates can search for jobs and set job alerts to receive new job notifications via email; Employers can post jobs online, and receive applications via email. It is free for both employees and employers.

Company Search

Social Networks