Senior Manager, IT & Cybersecurity Risk / Enterprise Risk Asia Pacific
City : Singapore, 01, SG, 048583
Category : IT Business Analysts
Industry : Financial Services/Banking
Employer : Scotiabank
Requisition ID: 192520
Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.
• Contributes to the overall success of the IT & Cybersecurity Risk Management in Asia Pacific ensuring specific individual goals, plans, initiatives are executed / delivered in support of the team’s business strategies and objectives. Ensures all activities conducted are in compliance with governing regulations, internal policies and procedures.
• Develops and executes (independently and / or in conjunction with Enterprise program) a second line of defence program of objective assessment of risk management practices carried out by the first line of defence to ensure that the Bank’s global/regional IT systems operations and technology components supporting multiple delivery channels are within the established risk appetite levels for IT service availability, support and information security (including cybersecurity).
• Guides IT, Business and other Control Functions on Cybersecurity & IT Risk management best practices, emerging technologies and processes to build and sustain a risk aware culture. Recommend or review of IT security policies, frameworks, standards and/or control environment enhancement.
• The role encompasses second line of defence oversight for IT and cybersecurity risk (including IT outsourcing) over Scotiabank’s Asia Pacific (APAC) operations in Singapore, Hong Kong, China, Australia, India and Japan.
• The role resides within the Enterprise Risk management function and encompasses contribution to other Enterprise Risk management activities for Operational Risk, Third Party Risk and other non-financial risks.
• Champions a customer focused culture to deepen client relationships and leverage broader Bank relationships, systems and knowledge.
• Execution of a second line of defence program of objective assessment of risk management practices carried out by the first line of defence for Scotiabank APAC region.
• Monitor and challenge the IT Risk Profile, KRIs and associated Risk Metrics of the Bank to proactively identify changes in the profile and emerging risks, as well as ensure the accuracy, completeness and proper response to improve metrics as required.
• Monitor cybersecurity risks and the controls in place within the Bank, and the understanding of these risks to Senior Management.
• Provide clear and comprehensive reporting to Senior Management, Global Risk Management (GRM) and Regulators (as required) to adequately present the Bank’s IT risk profile, trending issues, recommendations and mitigating factors.
• Challenge the output of the first line in the IT Risk & Control Self-Assessment (RCSA) process covering APAC entities, functional processes and/or business lines.
• Perform deep dives and scenario analysis to assess the effectiveness of controls surrounding key IT and cybersecurity processes and to identify remediation for gaps to actively mitigate IT and cybersecurity risks.
• Coordinate with GRM – Cyber & IT Risk Management and other enterprise teams to share best practices and methodologies intended to improve the IT control environment.
• Maintain relationships with key stakeholders across the Bank and applicable Control & Support Functions (C&SFs) to remain current on new developments and emerging IT & cybersecurity risks.
• Support regulatory requests and submissions for IT & cybersecurity risk-related information.
• Understand the local and regional regulatory landscape and act as subject matter expert in matters of IT & cybersecurity risk management.
• Maintain knowledge of emerging trends, threats and changes (e.g. regulatory, best practices) in the Information Security industry
• Contribute to or support other Enterprise Risk Management activities including:
• Support business units and corporate support functions in their Enterprise Risk management programs, through advice, review and/ or challenge
• Develop and prepare risk reports
• Develop / maintain local procedures, policies, addendums and frameworks and ensure their alignment with global enterprise-level standards and compliance with local regulations
• Conduct due diligence to assess and provide effective challenge in the New Initiative risk management program
• Implement, review, assess and enhance operational risk management tools and methodologies
• Support responses to regulatory requests for enterprise risk-related information
• Understand how the Bank’s risk appetite and risk culture should be considered in day-to-day activities and decisions.
• Actively pursues effective and efficient operations of his/her respective areas in accordance with Scotiabank’s Values, its Code of Conduct and the Global Sales Principles, while ensuring the adequacy, adherence to and effectiveness of day-to-day business controls to meet obligations with respect to operational, compliance, AML/ATF/sanctions and conduct risk.
• Champions a high-performance environment and contributes to an inclusive work environment.
Reporting Relationships (Job Titles only)
Primary Manager: Director – Head of Enterprise Risk, Asia Pacific (Solid Line) and Director – Global IT & Cyber Risk, Global Risk Management (Dotted Line)
Direct Reports: Nil
Shared Reports (solid/dotted if applicable): Nil
• Strong team orientation
• Strong interpersonal skills
• Demonstrated experience operating in a dynamic environment
• Strong sense of accountability for work deliverables, and ability to work both autonomously and collaboratively with stakeholders
• Comfortable working with ambiguous and/or differing data points, while applying sound judgement in assessments and decisions
• Ability to work well under pressure while maintaining a high level of professionalism
• Ability to understand and interpret technical information and complex topics, and effectively communicate them in writing and speech
• Detail-oriented and able to produce reports and other presentation materials to a high standard
• Critical thinking, problem solving and creativity
• Commitment to continued self-development of technical and non-technical knowledge
Education / Experience / Other Information
• 7 to 10 years experience in Cyber/ IT Security, Cyber/IT Risk Management, Cyber/IT Governance and/or Cyber/IT Audit
• Professional certifications in IT Risk or Information Security Risk such as CRISC, CISA, CISSP, CISM, CCSP, etc.
• Experience across major Cyber/ IT Security areas (Disaster Recovery, Incident Management, Logical Access, Vulnerability, Hardening, Intrusion, Data Loss, etc.)
• Experience in assessing and measuring the impact of IT/Cybersecurity risks
• Experience using COBIT, ITIL or other IT Operation specific industry frameworks
• Experience using NIST, ISO and other Security specific industry frameworks
• Demonstrated ability to analyze, interpret, and effectively present conclusions from voluminous and complex data
• Strong understanding of APAC cyber and technology risk industry developments, regulations and requirements, globally and across multiple APAC jurisdictions
• Excellent interpersonal and relationship-building skills with all stakeholders, including senior management
• Strong communication (written and spoken), listening, presentation and facilitation skills
• Experience working in an international organization is an asset
• Strong strategic and critical thinking to influence enterprise risk program
Location(s): Singapore : Singapore : Singapore
Scotiabank is a leading bank in the Americas. Guided by our purpose: "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.
At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our Recruitment team know. If you require technical assistance, please click here. Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.