Join the Global Community of Scotiabankers to help customers become financially better off.
A Best Workplace
Scotiabank is a premier financial institution and Canada’s most international bank recognized as a Best Workplace®, in Canada, Mexico, El Salvador, Costa Rica, Puerto Rico, Dominican Republic, Panama, Peru, Chile and Latin America by the Great Place to Work® Institute.
A multinational winning team
Scotiabank is Canada’s international bank and a leading financial services provider in North America, Latin America, the Caribbean and Central America, and parts of Asia. We are dedicated to helping our 21 million customers become better off through a broad range of advice, products and services, including personal and commercial banking, wealth management, corporate and investment banking.
Corporate Social Responsibility
Scotiabank helps to build bright futures worldwide through ethical banking practices, environmental awareness and a commitment to communities.
By working together, we build strong relationships and create value for our customers. Scotiabank’s Information Technology and Solutions provides global technology solutions support to each of our core businesses – Domestic Banking, International Banking, Global Banking & Markets and Global Wealth & Insurance. Our technology-based solutions enable Scotiabank to achieve sustained profitable growth and a competitive advantage.
Global Wholesale Technology (GWT) Security Operation Services provides information security services for Global Banking & Markets at Scotiabank.
Reporting to the Manager Information Security, the Senior Information Security Analyst is responsible for services that enable the achievement of the Bank’s information security objectives of integrity, confidentiality / privacy, availability and continuity, as well as the execution of the GWT Technical Security Services (GWT TSS) program by:
1. Conducting high level security threat risk assessments of Information Technology (IT) controls.
2. Acting as a key resource for GWT TSS staff to assess business lines’ compliance with information security standards.
3. Providing guidance to GWT TSS’ clients in implementing sound risk management controls in accordance with the Bank’s security standards.
4. Pursuing security and control process improvements for projects and steady state processes.
5. Executing and delivering GWT TSS’ operational services.
6. Supporting GWT TSS’s relationship with external and internal auditors.
This position will require the Senior Information Security Analyst to provide rotational operational support during non-business hours (including evenings and weekends as required).
1. Provide guidance on the Bank’s information security standards, policies and processes, and information security best practices.
2. Perform GWT TSS operational services such as Active Directory (AD) system administration, firewall port assessment reviews, privileged user password management.
3. Drive the operation of reliable security controls over logical protection, vulnerability management, and perimeter security. Identify opportunities to adopt enterprise security processes and technology that can be cost-effectively deployed to the GWT environment.
4. Assist with the development and reporting of GWT TSS metrics and escalate high risk issues accordingly.
5. Execute security related projects that pertain to compliance with the Bank’s IT security controls and guidelines. Co-ordinate project activities with participating teams.
6. Facilitate auditor examinations and walkthroughs of internal control design and operating effectiveness. Assist with initiatives to address GWT TSS audit issues by their committed timeframes.
7. Keep current with relevant technological change and information security best practices
* Must have 5+ years of hands-on technical working experience in an information security field.
* Must have at least 2 years of hands-on technical working experience in Network Security.
* Must possess and exercise above average operational capabilities, security risk avoidance capabilities and a strong awareness of associated business risks.
* 1-2 years of hands-on technical working experience with AD system administration (Group Policy Objects) is highly desired.
* Must be results focused in a fast-paced, ever-changing environment.
* Solid written and verbal communication skills is required.
* Sound knowledge of information security controls and risk assessment concepts.
* Experience in executing projects.
* Experience in the implementation of Information Security technology.
* Experience with facilitating audit examinations.
* Working knowledge of Xceedium (formerly Cloakware) Password Authority and/or Tripwire® Configuration Compliance Manager [CCM]) is an asset.
* Working knowledge with Windows PowerShell.
EDUCATION AND ACCREDITATIONS:
* Undergraduate education in Computer Science, Information Systems / Security or related field is required.
* Certifications in CISSP and/or CISA is an asset.
Scotiabank is an equal opportunity employer and welcomes applications from all interested parties. We thank you for your interest, however, only those candidates selected for an interview will be contacted. No agencies please.