IT Security Analyst

Role Overview

As a Senior IT Security Analyst within the Information Security Advisory Services team, you will be a central point of reference and core competency for Information Security at Scotiabank. You will provide expert advisory services to various business lines, subsidiaries, and affiliates, ensuring the achievement of the Bank's Information Security Policy. Your role will be critical in classifying and protecting data resources, guiding the implementation of secure and cost-effective security controls, and ensuring compliance with industry regulations. This is an opportunity to make a significant impact on the bank's security posture and protect our customers' information.

Key Responsibilities

• Act as a subject matter expert, providing guidance on the secure and cost-effective implementation of the Bank's security policies and standards to protect data resources.
• Represent Information Security in projects, initiatives, and acquisitions, working with business lines to develop sound security strategies and assess security risks to make informed decisions.
• Conduct comprehensive threat and risk assessments for complex data, application, and networking environments to identify vulnerabilities and recommend mitigation strategies.
• Provide guidance on the design and implementation of robust risk management controls in accordance with the Bank's standards and evolving financial industry regulations (e.g., OSFI).
• Drive continuous improvement initiatives for security and control processes to advance security compliance and enhance internal operational efficiency.

Required Skills & Qualifications

• 10+ years of experience as an IT Security Analyst or Security Advisor.
• 5+ years of recent, hands-on experience with cloud security controls, deployments, and cloud architecture security (GCP and Azure preferred).
• 5+ years of hands-on experience with security controls/mechanisms and threat/risk assessment techniques.
• 5+ years of combined experience with security technologies such as Identity & Access Management, PKI, Intrusion Prevention, or vulnerability assessments.
• Advanced verbal and written communication skills, with a strong ability for report writing.
• College or university degree in Computer Sciences, Information Systems/Security, or a related technical field.

Nice-to-Have Skills

• Previous experience within Scotiabank.
• Experience with financial services' Security Governance Frameworks and regulatory guidelines (e.g., OSFI).
• Professional security certifications such as CISSP, CCSP, GSEC, CISA, or CISM.
• Experience with Agile, Lean, or other accelerated project delivery frameworks.