Scotiabank

Senior Audit Manager, IT and Cyber Security Audit (Cloud)

Scotiabank$100K — $130K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 5+ years of IT and cyber security experience.
  • Bachelor's degree in IT, Computer Science, or equivalent.
  • Certifications such as CISA, CISM, CISSP, CCSP are required.
  • Strong knowledge of cloud security and DevSecOps practices.
  • Excellent communication and analytical skills.

Responsibilities

  • Lead and conduct risk-based audit assessments for IT and Cyber Security.
  • Oversee audit execution, planning, and reporting as Officer in Charge.
  • Prepare and present audit results and findings to management.
  • Support client relationships to enhance service delivery.
  • Act as a subject matter expert in cloud security and governance controls.
  • Provide direction and expert advice to global audit teams.
  • Maintain professional development and stay current with emerging technologies.

Benefits

  • Collaborative work environment promoting team dynamics.
  • Focus on professional development and ongoing training initiatives.
  • Inclusive workplace culture fostering diversity.
  • Access to advanced audit tools and technology.
  • Opportunity to engage with stakeholders at various levels.
Full Job Description
Requisition ID: 257618

As the 3rd Line of Defense, Internal Audit provides enterprise-wide, independent, and objective assurance over the design and operations of the Bank's internal controls, risk management and governance processes. We are professionals who thrive in a challenging environment and work with management to find solutions to address control weaknesses.

The Senior Audit Manager is responsible for leading and conducting IT and Cyber Security risk-based audit assessments, of medium to high complexity, following the Bank's Audit Methodology. This supports the Audit Department's global mandate by providing independent assurance that business strategies, plans, initiatives, and audit activities are conducted in accordance with applicable regulations, internal policies, and procedures.

The Senior Audit Manager is a dynamic, innovative, and trusted advisor who uses data to deliver industry leading assurance and insights to keep the Bank and our customers safe.

As a Senior Audit Manager, you will support the Director, IT & Cyber Security Audit, by planning and executing risk-based technical audits across Cyber Security, Technology Infrastructure, Applications, Cloud and Digital Banking, to provide opinions on the effectiveness of controls to meet business objectives. In addition, the subject matter expert is expected to be knowledgeable in risks associated with systems development methodologies (Waterfall and Agile), project management, automation and orchestration, data protection, and outsourced IT services.

Key Accountabilities:
  • Acts primarily as Officer in Charge (OIC) for assigned audits. May act as Audit Principal (AP) for low to medium complexity audits.
  • Works with other audit teams as required and carries out specific IT and Cyber Security projects.
  • As OIC/AP, oversees the execution, planning, and reporting. Obtains a thorough understanding of the end-to-end business/unit/process and associated risks, develops an appropriate risk-based audit approach and schedules timing and resources.
  • Ensures audit results are gathered and determines the root cause of the problem. Prepares and/or reviews audit results and findings for presentation to management. Follows-up for corrective action/progress against any reported issues. Ensures relevant information that impacts other audit function areas is shared.
  • Supports a client focused culture throughout their team to deepen client relationships and leverage broader Bank relationships, systems, and knowledge.
  • Understands how the Bank's risk appetite and risk culture should be considered in day-to-day activities and decisions.
  • Plans, documents, and seeks agreement in advance to the project approach and confirms conclusions upon completion in writing.
  • Ensures Scotiabank standards and the Institute of Internal Auditors (IIA) Code of Ethics are maintained in completion of all assignments.
  • Builds and maintains strong relationships with internal and external stakeholders and regulators as required.
  • Interacts and coordinates with other groups involved. Completes timely review of workpapers, ensuring internal control weaknesses are clearly documented with recommendations addressing the root cause and are communicated timely to management.


Focus Area (Cloud):
  • Acts as a leader and subject matter expert in auditing cloud governance and security controls, covering areas such as risk management, shared responsibility models, identity and access management, secure configuration standards, encryption and key handling, secrets management, network segmentation, monitoring and logging, vulnerability management, and practices that enhance cloud resilience.
  • Brings specialized subject matter expertise in DevSecOps and secure SDLC controls, including CI/CD pipeline governance, build and release integrity, segregation of duties, change and release management, code review practices, security testing automation (SAST/DAST/dependency scanning), container and image security, infrastructure-as-code controls, and developer tooling risk. Utilizes in-depth knowledge to assess technical environments, identify security gaps, and deliver expert guidance to audit teams and stakeholders for effective risk mitigation.
  • Evaluates API-related risks and controls as they intersect with cloud and DevSecOps, including API authentication and authorization, gateway policy enforcement, rate limiting and abuse controls, schema/input validation, monitoring and alerting, third-party integrations, and operational resilience of critical services.


Leadership:
  • Supports ongoing monitoring activities to stay abreast of changes (business/industry/regulatory), emerging risks, and themes or systemic issues that may impact the risk assessment of the audit universe and the audit plan.
  • Supports a high-performance environment and implements a people strategy that attracts, retains, develops, and motivates their team by fostering an inclusive work environment and using a coaching mindset and behaviours; communicating vison/values/business strategy; and managing succession and development planning for the team.
  • Meets Department training requirements.
  • Maintain information security competency through ongoing professional development and staying abreast of emerging technologies, risks and controls in information and cyber security.
  • Provide direction, guidance and expert advice to audit teams globally to allow definition of effective assessments on information and cyber security risk management.
  • When required, prepare and deliver effective presentations on various audit and information security related matters to Audit senior management and relevant stakeholder across the Bank to demonstrate expertise.
  • Identify and advise Audit teams on the use of data analytics and other advanced techniques and tools to improve efficiency and effectiveness of audit assessments.
  • Establish and maintain solid relationship with audit clients to serve as a catalyst of positive change and improvement of information and cyber security risk management.


Functional Competencies
  • At least 5+ years of information technology and cyber security experience.
  • Highly developed interpersonal and communication skills (verbal and written).
  • Ability to work independently and as part of a team of professionals.
  • Curiosity mindset.
  • Working knowledge of the operations and regulatory environments for each unit as applicable.
  • Knowledgeable in cyber security processes areas such as web application security, secure network security architecture, penetration testing, Red Team testing, vulnerability assessments, encryption, data loss prevention, coding assessment, cloud security, DDoS protection, and malware protection.
  • Strong technical knowledge of cloud computing and modern engineering practices, including cloud-native security and operational controls, DevSecOps and CI/CD risk, and API security fundamentals relevant to cloud-based and distributed architectures.
  • Experience in the assessment of threats and risks over IT processes and assets.
  • Excellent analytical skills and proficiency with Microsoft Word, excel, and PowerPoint.
  • Proven ability to work at high levels of ambiguity and in a rapidly changing environment.
  • Knowledge and experience with security assessment tools (exploit tools, vulnerability assessment) and Security Operations Centre software (IDS, IPS, SIEM, etc.).


Education
  • Bachelor's degree in information technology, Computer Science or equivalent required.
  • One or more of the following certifications: CISA, CISM, CISSP, CCSP, GCIA, CEH is required.
  • Cloud engineering or architecture designation would be an asset.


Location(s): Canada : Ontario : Toronto

About Scotiabank

Scotiabankers are committed to helping individuals, companies, and communities to thrive in a changing world. From personal and business banking, brokerage, and insurance, to private wealth, and the most sophisticated commercial, corporate and institutional services, they serve the diverse needs of some 21 million customers in more than 55 countries. Founded in 1832 in Halifax, Nova Scotia, their growth has always been fuelled by the success of their customers and their longevity secured by an unshakable commitment to carefully and expertly managing risk and capital. That focus on doing what's right for customers—short- andlong-term—has made us a global financial services leader. Headquartered in Canada, they are over 86, 000 Scotiabankers strong. Each of us are committed to being the best at understanding their customers' needs and all of us working together to deliver practical advice and relevant solutions that help their customers become financially better off.

Scotiabank Careers

Join Scotiabank, a premier financial institution, and become part of a diverse and inclusive team that’s leading the way in global banking. At Scotiabank, we offer more than just job opportunities; we provide a platform for professional growth and innovation in the financial services industry.

Work You’ll Do

At Scotiabank, we’re not just filling positions; we’re cultivating leaders. Dive into a workplace where diversity training and leadership development shape the path to your future. Our commitment to professional growth is evident in our robust training programs and continuous learning opportunities that foster innovation and strategic thinking.

Explore a World of Opportunities

Whether you’re looking for a full-time position, an internship, or a leadership role, Scotiabank has a spectrum of opportunities to fit your career ambitions. Our team is composed of individuals who bring a wealth of skills and perspectives to our company, driving us forward with their creativity and strategic insights.

Innovative Work Environment

Scotiabank’s culture is one of collaboration and respect, where each team member’s contribution is valued. Engage in meaningful work that challenges you to leverage your skills and push the boundaries of what’s possible in the banking sector. Our innovative projects not only support the growth of the company but also ensure our position as a leader in the industry.

Benefits and Growth

Choosing a career at Scotiabank means opting for a life of growth and opportunity. Our employees enjoy competitive benefits, including comprehensive health coverage, retirement plans, and flexible working conditions, all designed to support your career and personal life. We believe in nurturing our team’s potential by providing them with the tools they need to succeed both professionally and personally.

Join Our Team

Ready to take the next step in your career? Explore the job opportunities at Scotiabank by searching our open positions that match your skills and interests. We are continuously hiring and looking for passionate, curious, and solution-driven team players.

Networking and Professional Development

Stay connected and advance your career through Scotiabank’s extensive networking opportunities. Participate in events that connect you with other professionals and leaders within the industry. Our career resources will help you prepare your resume, ace your interviews, and land the job that best suits your career goals.

Stay Ahead

Keep up to date with the latest in career tips, industry insights, and company news—all from the people who work here at Scotiabank. Personalize your experience by subscribing to job alert emails tailored to your preferences and be the first to know about new openings and exciting developments. Join Scotiabank and be part of a team that values integrity, respect, and accountability. Discover how your career can flourish in an environment committed to your professional development and personal growth.
Learn more about Scotiabank
Size
90,619 employees
Market Cap
$57.5 billion
Industry
5 Year Trend
+7%
NASDAQ

Similar Jobs

More Jobs at Scotiabank

More Information Technology Jobs

Find similar Senior Audit Manager, IT and Cyber Security Audit (Cloud) jobs: