Director, Cloud Security & Emerging Technology

In this pivotal role, you'll spearhead our second line of defense, overseeing and monitoring cloud security (primarily GCP & Azure) and emerging technology, architecture, and design with a keen focus on data risk management programs, including data protection at a global scale. As the Director of Cloud Security and Emerging Technology for the second line of defense, you'll be at the forefront of innovation, to ensure our technology landscape is secure and compliant with industry frameworks, regulation and standards. This thrilling opportunity will have you partnering with key technology stakeholders to build an enterprise solution, making a tangible impact on our organization's future.


Is this role right for you? In this role, you will:

Partner with senior key stakeholders to oversee and monitor the enterprise-aligned cloud strategic framework, assessing design and providing architectural challenges for secure development and application building.
Support continuously evolving holistic cloud security strategy across various deployment models (SaaS, PaaS, and IaaS).
Knowledgeable in current and emerging cybersecurity risks and trends.
Oversight of the Cloud Security Transformation Program ensuring business strategies, plans and initiatives are executed and delivered in compliance with governing regulations, internal policies, procedures with an understanding of industry frameworks/regulations/standards like CSA STAR, ISO, NIST, OWASP, OSFI etc.
Understand security concerns associated with application container technologies and make practical recommendations for addressing those concerns when planning for, implementing, and maintaining containers.
Challenge the creation of secure reference architectures, frameworks, policies and patterns for the security aspects of the SDLC including application, mobile, infrastructure, DevOps, cloud, and CI/CD pipelines.
Leads and drives a customer focused culture throughout their team to deepen client relationships and leverage broader Bank relationships, systems and knowledge.
Understand how the Bank’s risk appetite and risk culture should be considered in day-to-day activities and decisions.
Creates an environment in which their team pursues effective and efficient operations of their respective areas in accordance with Scotiabank’s Values, its Code of Conduct and the Global Sales Principles, while ensuring the adequacy, adherence to and effectiveness of day-to-day business controls to meet obligations with respect to operational, compliance, AML/ATF/sanctions and conduct risk.
Builds a high-performance environment and implements a people strategy that attracts, retains, develops and motivates their team by fostering an inclusive work environment and using a coaching mindset and behaviours; communicating vison/values/business strategy; and, managing succession and development planning for the team.


Do you have the skills that will enable you to succeed in this role? We'd love to work with you if you have:

University degree, preferably in Computer Engineering, Computer Science or related field, and a minimum of 10 years’ experience in increasingly senior Information Security roles in a complex, global organization.
3+ years of experience developing, implementing and maintaining security solutions in public cloud like GCP, Azure or AWS. Extensive understanding of cloud infrastructure and services.
Experience leveraging CI/CD deployment methodologies and infrastructure as code (IaC)
Financial services and, specifically, banking experience is mandatory.
Experienced in driving cross functional senior executive steering committees with a global presence.
Experienced in develop and manage multi-million business cases for strategic initiatives.
Expertise in product/application security architecture, application security, cloud SaaS/PaaS/IaaS solutions.
Understanding of application and product architectures, programming languages, web application stacks, and SDLC pipelines.
Excellent written and verbal communication skills, with the ability to communicate security objectives and concepts to technology and business teams to technical and non-technical stakeholders.
Ability to lead technical teams in a highly complex and matrixed organization. Ability to lead through influence, excellence and example is essential to success.
Strong leadership and collaboration skills. Excellent oral and written communication, ability to present confidently to senior executives, attention to detail and strong planning and management ability.
Deep and broad knowledge of enterprise, cloud, and security technologies is expected. Specific strong knowledge and experience with common hosting, storage, and networking technologies is required. Experience with Workload Protection and Posture Management products an asset.
Experience with and knowledge of formal project management methodologies is desired.
English fluency required and Spanish preferred.