Senior Manager, US Technology Risk Officer

The Senior Manager, U.S. Technology Risk is a first line risk leader responsible for executing and sustaining technology risk management activities across assigned portfolios and domains. Reporting to the Director, U.S. Technology Risk Officer, this role partners closely with technology leaders, risk owners, and control functions to identify risks, assess control effectiveness, and drive remediation outcomes in alignment with risk appetite and regulatory expectations.

The role plays a critical part in operationalizing the Technology Risk Office's strategy, translating risk direction, governance standards, and escalation decisions into consistent execution, high quality evidence, and measurable risk reduction.

What You'll Do

• Execute technology risk assessments, control self assessments, and thematic reviews across assigned applications, platforms, and services, ensuring risks are accurately identified, evaluated, and documented in enterprise risk systems.
• Own day to day issue management and remediation execution, including development and tracking of clear get to green plans, addressing root causes, and escalating risks or slippage with proposed actions.
• Monitor the effectiveness of key technology governance processes (e.g., SDLC, change, architecture, and project delivery) to identify control gaps and support remediation and improvement initiatives.
• Support audit and regulatory activities by coordinating evidence, preparing responses, and validating remediation outcomes; oversee SOX related control execution within scope, including evidence readiness for quarterly attestations.
• Produce risk, control, and remediation reporting (KPIs/KRIs), highlighting trends, emerging risks, and control health to support risk based decision making.
• Partner with technology risk owners, Business Internal Control teams, and other control functions to strengthen first line risk ownership, execution consistency, and risk culture.
• Lead, coach, and develop Technology Risk Officers or analysts (where applicable) to ensure high quality execution, sound judgment, and sustained risk management outcomes.
• Champion a customer-focused culture and deepen relationships with senior leadership, peers, and functional groups.
• Ensure compliance with information security regulations, user education, and cybersecurity.
• Lead the design and operation of compliance monitoring and improvement activities to ensure compliance with internal security policies and applicable laws and regulations.
• Actively pursue effective and efficient operations, ensuring adherence to operational risk, regulatory compliance risk, AML/ATF risk, and conduct risk frameworks.
• Understand and apply the organization's risk appetite and risk culture in day-to-day activities and decisions.
• Build a high-performance environment and implement a people strategy that attracts, retains, develops, and motivates the team.

• University degree in Computer Engineering, Computer Science, Technology, or a related field
• Professional certifications in cybersecurity, technology, or risk management (e.g., CISSP, CCSP, CEH, CISM).
• Demonstrated knowledge or hands on experience in one or more of the following areas:

• Regulatory (e.g., FFIEC guidance, NYS DFS, FRB, FINRA)
• Technology (e.g., cybersecurity, software delivery, infrastructure/platform services, asset or currency management)
• Issue & Remediation Management (e.g., execution tracking, risk evaluation, escalation, and reporting)
• Audit or Regulatory Exam Support (e.g., control testing, evidence management, remediation coordination)

• 7-10+ years of experience in technology risk, cybersecurity, internal controls, audit, compliance, or operational risk within a financial services or regulated environment.
• Broad exposure across multiple technology domains, such as application development, infrastructure or cloud services, information security, resilience, third party risk, and change or incident management.
• Experience executing remediation programs and supporting "get to green" outcomes, including coordination across technology and control partners; experience across any line of defense is preferred.
• Strong communication and stakeholder management skills, with the ability to clearly articulate risk issues, remediation status, and control gaps to technology leaders and control partners.
• Solid execution, governance, and project management skills, with the ability to manage multiple workstreams, dependencies, and deadlines in a complex environment.
• Experience with risk reporting, metrics, or dashboards (e.g., Power BI, Tableau, or similar tools) is desirable.
• Working knowledge of risk and control frameworks (e.g., NIST, ISO, COBIT, ITIL, FFIEC) is desirable.
• Relevant certifications (e.g., CISA, CISM, CRISC, CISSP) are an asset but not required.

Scotiabank is a leading bank in the Americas. Guided by our purpose: \"for every future\", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.