Support the Director IT Risk Governance, Standards and Controls and lead the governance and operation of the technology and cyber issues lifecycle for the Bank, leveraging ServiceNow Integrated Risk Management as the primary platform of record. Ensure that issues arising from audits, regulatory reviews, risk assessments, security tooling, and control monitoring are consistently captured, risk rated, remediated, and validated in line with the Banks risk appetite and banking regulatory expectations. Is this role right for you? In this role, you will: Define and govern taxonomies for issues, control failures, and root causes consistent with the operational risk and regulatory reporting requirements. Support technology and cyber risk committees/forums to review issue status, challenge remediation, and elevate material items to senior risk and business leadership. Own and maintain the Banks technology and cyber issues management process. Lead the design and continuous improvement of ServiceNow IRM issue and exception management workflows, including automated issue creation from control failures, indicators, audits, and security tools. Define data standards for issues, actions, policy exceptions, residual risk, and ownership to ensure a single, trusted source of truth across ScotiaTech. Partner with Platform/ServiceNow teams to optimize the Risk Workspace, dashboards, notifications, and integrations with vulnerability management, incident, change, and CMDB modules. Oversee the endtoend lifecycle of technology and cyber issues, including internal and external audit findings, regulatory issues, policy and control exceptions, penetration test findings, and operational incidents. Provide effective challenge on issue descriptions, impact/likelihood, regulatory relevance, action plans, and target dates, particularly for high risk or regulatory significant items. Ensure robust closure and independent validation, supported by appropriate evidence captured in ServiceNow IRM and available for audit and regulatory review. Develop ServiceNow and/or Business Intelligence toolsbased dashboards and KRIs to track issue volumes, severities, overdue items, theme clusters (e.g., cloud, identity, payments), and control break trends across ScotiaTech. Produce regular reporting packs for Technology & Cyber leadership, and Risk Committees, highlighting systemic weaknesses, repeat findings, and regulatory hot spots. Drive thematic and rootcause analysis across issues to inform strategic remediation programs (e.g., resilience, identity, data protection) and reduce recurring technology and cyber events. Define integration requirements between ServiceNow IRM and other banking systems (e.g., security tools, operational risk, HR, finance) to automate issue creation, ownership, and status updates. Oversee configuration related to policy exceptions, control attestations, indicators, and automated control monitoring to ensure consistent issue and exception handling. Promote continuous improvement, including workflow simplification, reduced manual effort, and better data quality to support faster and more reliable regulatory and management reporting. Coordinate responses to regulators and Internal Audit relating to technology and cyber findings, remediation status, and evidence requests, leveraging ServiceNow as the authoritative data source. Influence prioritization of remediation against other change portfolios, ensuring customer impact, financial risk, and regulatory expectations are factored into decisions. Promote a transparent, noblame culture that encourages early identification and timely escalation of issues and nearmisses across technology and banking operations. Provide training and coaching to technology, cyber, and business teams on how to use ServiceNow IRM effectively for issues, actions, and policy exceptions. Do you have the skills that will enable you to succeed in this role? We''''d love to work with you if you have: 10+ years in Technology Risk, Cyber Security, Operational Risk, or Internal Audit in banking or financial services, including direct interaction with regulators. 5+ years leading issues and/or integrated risk management programs, including handson experience implementing or governing ServiceNow IRM or a comparable GRC tool. Strong leadership, communication and strategic influencing capability, supported by welldeveloped analytical and strategic thinking competencies. Deep understanding of technology and cyber risk domains most relevant to banks (e.g., core banking platforms, digital channels, cloud, payments, identity, data protection, resilience). Strong knowledge of risk and control frameworks (NIST CSF, ISO 27001, COBIT, FFIEC, operational risk frameworks) and how they map into ServiceNow IRM objects and workflows. Good ability to balance competing or conflicting goals of various departments and stakeholders which requires a mature, diplomatic approach and highly developed negotiation and influencing skills. Good communication, facilitation and presentation skills for developing communication strategies for Executive approval through implementation of strategies and programs. Leads and drives a customerfocused culture throughout their team to deepen client relationships and leverage broader Bank relationships, systems and knowledge. Builds a highperformance environment that attracts, retains, develops and motivates their team by fostering an inclusive work environment with clear communication of vision/values/business strategies and development planning for the team. What''''s in it for you? Diversity, Equity, Inclusion & Allyship We strive to create an inclusive culture where every employee is empowered to reach their fullest potential, respected for who they are, and embraced through biasfree practices and inclusive values across Scotiabank. Accessibility and Workplace Accommodations We value the unique skills and experiences each individual brings to the Bank and are committed to creating and maintaining an inclusive and accessible environment for everyone. Upskilling through online courses, crossfunctional development opportunities, and tuition assistance. Competitive Rewards program including bonus, flexible vacation, personal and sick days, and benefits will start on day one. Community Engagement No matter where you choose to work from, we offer opportunities for community engagement & belonging with our various programs such as hackathons, contests, Humans of Digital and much more! Location: Toronto, Ontario, Canada #J-18808-Ljbffr
Job Title
Director, Technology Risk