Thanks for your interest in ScotiaTech, Scotiabank'snew and innovative Technology hub in Bogota. Join a purpose drivenwinning team that promotes creativity and innovation in afast-paced environment, where we’re always committed to results, inan inclusive, diverse, and high-performing culture. Purpose TheTechnology Control Testing team plays an important role in the Bank’s Three Lines of Defense Framework, providing First Line of Defense for all lines of business on all technology risk domains,including Cyber Security, Data Privacy, Software LifecycleManagement, Capacity, Incident Management, Disaster and BackupRecovery, Third Party Management, Project Management, and Audit& Regulatory issue remediations. Senior Manager, TechnologyControl Testing directly supports the Head of Technology ControlTesting to collaboratively assess high risk processes acrossbusiness lines and manage the execution of the control testexercise(s). This role is part of a strategic and comprehensive ITRisk Management Function within the Technology First Line of Defense, and ensures design and implementation in accordance withregulatory expectations, risk appetite, organizational riskpractices and evolving business practices. The role includessignificant coordination and engagement with peers across allbusiness lines and technology functions. This includes 1st, 2nd,and 3rd lines of defense for Technology in the execution of riskmanagement activities, inclusive of regular updates, formalreporting and managing remediation commitments identified (e.g.,audit findings). Accountabilities - Champions a customer focusedculture to deepen client relationships and leverage broader Bankrelationships, systems and knowledge. - Ensures specific goals,plans, initiatives are executed / delivered in support of theteam’s business strategies and objectives and all activitiesconducted are in compliance with governing regulations, internalpolicies and procedures. - Identifies and tests design andoperating effectiveness attributes for IT General controls andautomated controls. - Leads and/or manages IT General controls andautomated control walkthroughs and assesses controls foreffectiveness. - Advises and supports risk owners in day-to-dayrisk management activities and execution. Assists risk owners inadhering to policies, frameworks, standards and guidelines throughactive engagement, guidance and counselling. Advises on the designand implementation of controls, and remediation plans to mitigaterisk. - Acts as a primary interface and conduit between the riskowners and other risk groups to lead the facilitation and executionof risk management activities. - Compiles and (where applicable)presents risk update reports to Senior Management. - Identifies,assesses, prioritizes and reports on material IT risks for IT andaligned business areas. This will require working with equivalent Risk Advisors in various business areas. Ensures outputs arerecorded in the enterprise Global Issue Management system and infull compliance of all policies and common standards, including theIT Risk Management Policy and Framework. - Develop or enhancemonitoring tools to evaluate the design and operating effectivenessof the key controls in the Business. Monitoring will includereviewing key indicators, sample testing and conducting thematicreviews. - Lead internal control reviews of high-risk processesincluding procedure testing, establishing test plans and testscripts, providing recommendations, providing feedback andreporting to the Head of Technology COE. - Based on the activitiesin the area under review, be able to identify, articulate, andchallenge management on the strength of their control program. -Work with Compliance officers to identify regulatory risks andintegrate regulatory controls and monitoring into the overalltechnology control testing plan. - Document and monitor progress ofremedial actions for issues identified through Technology Controltesting and by others, including Internal Audit, Compliance,regulators, and management self-identified issues. - Ensuresimplementation of a strong IT risk culture in partnership with therisk owners and other control functions. - Review and contribute totechnology policies and standards under development or review, asapplicable. - Monitor effectiveness of portfolio impactinggovernance processes such as change management, project managementand architecture reviews, for enforcing control requirements. -Engage in business integration projects to ensure all appropriatetechnology controls and processes are implemented; and enable theimplementation of appropriate technology controls and processes innon-integrated subsidiaries. - Collaborates with IT Risk SeniorManagers for other business units to improve risk managementpractices across the enterprise. - Builds a high-performanceenvironment and implements a people strategy that attracts,retains, develops and motivates their team by fostering aninclusive work environment and using a coaching mindset andbehaviors; communicating vision/values/business strategy; andmanaging succession and development planning for the team. -Provide ongoing coaching and guidance to less experienced Technology COE staff to ensure there is a consistent understandingof the overall risk program, KRIs, monitoring plan and governancestructure. - Understand how the Bank’s risk appetite and riskculture should be incorporated into day-to-day activities anddecisions. - Actively pursues effective and efficient operations ofhis/her respective areas in accordance with Scotiabank’s Values,its Code of Conduct and the Global Sales Principles, while ensuringthe adequacy, adherence to and effectiveness of day-to-day businesscontrols to meet obligations with respect to operational,compliance, AML/ATF/sanctions and conduct risk. - Champions ahigh-performance environment and contributes to an inclusive workenvironment. Education / Experience - Requires an undergraduatedegree combined with an Information Security professionaldesignation such as CISM, CISA, CCSP, CISSP or CRISC are desirable. - Experience with the following is recommended: ISO27001, COBIT,CIS, and NIST frameworks. Exposure to SOX requirements. - Needexperience in a wide area of risk controls such as vendor risk,application risk, infrastructure risk, application risk. Reportingskills to prepare status of IT control framework to seniormanagement. - Experience in IT Control Testing, Auditory, RiskManagement or GRC (Governance, Risk and Compliance). - Experiencein other risk management roles (across any line of defense) isdesirable. - Knowledge of security principles, cloud security, andIT processes. - B1+ level of English. Working Conditions Work in astandard office-based environment; non-standard hours are a commonoccurrence. #LI-Hybrid Location(s): Colombia : Bogota : BogotaScotiaTech is a business unit within ScotiaGBS, a Scotiabank Groupcompany located in Bogota, Colombia. The ScotiaTech hub was createdto support different technology systems and processes of the Bank. We offer an inclusive, positive work environment, and competitivebenefits. At ScotiaTech, we value the unique skills and experienceseach individual brings and are committed to creating andmaintaining an inclusive and accessible environment for everyone. Candidates must apply directly online to be considered for thisrole. We thank all applicants for their interest in a career atScotiaTech; however, only those candidates who are selected for aninterview will be contacted. #J-18808-Ljbffr Engineering