Manager, US Technology Risk Officer

The Manager, U.S. Technology Risk is a first line practitioner role responsible for the hands on execution of technology risk management activities across assigned applications, platforms, and services. Reporting to the Director, U.S. Technology Risk Officer, this role supports consistent risk identification, control assessment, and remediation execution in line with enterprise methodology, regulatory expectations, and risk appetite.

The role plays a key part in delivering high quality risk assessments, issue management, and evidence readiness, partnering closely with technology teams, Business Internal Control, and other control functions.

What You'll Do

• Execute technology risk assessments and control self assessments across assigned systems, platforms, and processes, ensuring risks and controls are accurately identified, evaluated, and documented in enterprise systems.
• Support day to day issue management and remediation activities, including tracking actions, monitoring progress toward get to green, and maintaining clear documentation and evidence.
• Assist in identifying control gaps, emerging risks, and remediation needs across technology domains such as cybersecurity, data protection, change management, resilience, and third party risk.
• Coordinate and prepare audit, regulatory, and SOX related evidence, supporting requests for information and remediation validation under guidance from senior leaders.
• Contribute to risk and remediation reporting, including preparation of metrics, status updates, and summaries for internal stakeholders.
• Monitor adherence to established technology governance processes (e.g., SDLC, change, incident management) and flag potential issues or weaknesses.
• Partner with technology risk owners, Business Internal Control teams, and other control partners to support consistent first line execution and risk ownership.
• Maintain awareness of the organization's risk appetite, policies, and standards, applying these consistently in day to day activities.

• Bachelor's degree in Technology, Information Systems, Risk Management, Business, or a related field (or equivalent experience).
• 4-7+ years of experience in technology risk, IT audit, cybersecurity, internal controls, operational risk, or compliance, preferably within a financial services or regulated environment.
• Working knowledge of technology risk concepts and controls, with exposure to areas such as application development, infrastructure/cloud services, information security, change management, or resilience.
• Experience supporting risk assessments, issue management, or remediation activities, including documentation and evidence collection.
• Familiarity with risk and control frameworks (e.g., NIST, ISO, COBIT, ITIL, FFIEC) is desirable.
• Strong analytical and organizational skills, with attention to detail and ability to manage multiple tasks and deadlines.
• Clear written and verbal communication skills, with the ability to work effectively with technology teams and control partners.
• Experience with data analysis, reporting, and dashboards (e.g., Power BI, Tableau, Excel, or similar tools) to track risk, control performance, remediation progress, and support management reporting.
• Relevant certifications (e.g., CISA, CRISC, CISSP, CISM) are an asset

Scotiabank is a leading bank in the Americas. Guided by our purpose: \"for every future\", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.