Requisition ID: 205097 We are committed to investing in our employees and helping you continue your career at ScotiaTech. Purpose An Information Security Advisor provides advisory services to assist in the development and support of sound security strategies and secure control processes to protect the Bank's information and data resources. The Team Contributes to the overall success of IT&S and ICRM in GWE, ensuring specific individual goals, plans, and initiatives are executed/delivered in support of the team's business strategies and objectives. Ensures all activities conducted follow governing regulations, internal policies, and procedures. Accountabilities Champions a customer-focused culture to deepen client relationships and leverage broader Bank relationships, systems, and knowledge. Acts as a central point of reference and core competency for Information Security, assisting in the classification and protection of data resources by providing guidance on secure and cost-effective implementation of Bank's security policies and standards. Represents Information Security in projects, initiatives, mergers, and acquisitions. Works with business lines to develop sound security strategic and tactical plans towards the reliable implementation of consistent and secure control processes to protect the Bank. Drives initiatives and supports business functions to assess security risks and make informed decisions to protect information assets. Provides guidance to design, develop, and implement sound risk management controls in accordance with Bank's standards that assure the Bank's compliance with industry regulations. Keeps informed and well-versed on financial industry regulations demands in different regions based on practical experience. Pursues security and control process improvements to advance security compliance and improve internal processes. Participates in initiatives and projects driven by various business lines, guiding project and delivery managers to design and establish sound information security practices. Leads due diligence reviews over third-party outsourcing partners to ensure that their security posture aligns with the Bank and industry best practice. Works with the relationship owner and the third party to create and track an action plan for remediation of issues. Generates reports associated with the vulnerabilities reported by different security tools to follow up and manage the remediation of vulnerabilities and weaknesses identified in the technological platform. Monitors, follows up, and defines specific actions to guarantee the security compliance of the organization's assets. Works with business line partners to assess and ensure compliance with Bank standards, escalating risk through appropriate channels. Understands how the Bank's risk appetite and risk culture should be considered in day-to-day activities and decisions. Actively pursues effective and efficient operations of respective areas in accordance with Scotiabank's Values, its Code of Conduct, and the Global Sales Principles. Champions a high-performance environment and contributes to an inclusive work environment. Dimensions Direct reporting line to Director, ICRM GWE. Several projects related to a portfolio of approx. +150 banking applications. No budget, project, or financial oversight. Education / Experience / Other Information Must have a solid understanding and experience with security controls/mechanisms and threat/risk assessment techniques pertaining to complex data, application, and network environments. Strong knowledge of cloud security controls, cloud computing concepts, and cloud architecture security. Knowledge of financial services' Security Governance Framework (policies and standards) is a strong asset. Knowledge of cryptographic concepts leveraged in modern applications and systems. Knowledge of static and dynamic code analysis. Knowledge of Identity & Access Management, PKI, Intrusion Prevention, and vulnerability assessments. Knowledge of network security components such as firewalls, routers, intrusion detection, anti-virus software. Strong Microsoft Office software skills particularly Excel, Word, Visio, and PowerPoint. Must have advanced verbal and written communication skills in English (B2). Working knowledge of regulatory guidelines related to the financial industry like OSFI. University degree in computer science/related field or relevant work experience. Certifications CISSP, CISM, CCSP, CRISC, or alike are nice to have. Other technical certifications are nice to have. Working Conditions Work in a standard office-based environment; non-standard hours are a common occurrence. ScotiaTech is a business unit within ScotiaGBS, a Scotiabank Group company located in Bogota, Colombia. The ScotiaTech hub was created to support different technology systems and processes of the Bank. We offer an inclusive, positive work environment, and competitive benefits. At ScotiaTech, we value the unique skills and experiences each individual brings and are committed to creating and maintaining an inclusive and accessible environment for everyone. Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at ScotiaTech; however, only those candidates who are selected for an interview will be contacted. #J-18808-Ljbffr