IT Security Analyst - 5 (contract)

Story Behind The Need

Reporting to the Director of Cybercrime Coordination Centre, the Senior Analyst role within the Cybercrime Coordination Centre is responsible for supporting operational services to combat and mitigate cyber-enabled crime throughout Scotiabank globally. The Senior Analyst role within the Cybercrime Coordination Centre is responsible for executing Cybercrime services and initiatives on schedule, within scope, and in alignment with the organization’s risk management objectives. The Senior Analyst role within the Cybercrime Coordination Centre must have working knowledge of information security, financial\cyber crime investigations, and legal/regulatory proceedings to effectively collaborate with key stakeholders globally for enabling controls that reduce the threat, impact, and victimization of cyber-enabled crime. The aim of this project is to facilitate the integration of new technology for the team. The first step is to support project deployment, followed by involvement in steady state operations.

Candidate Value Proposition

The successful candidate will have the opportunity to work within Scotiabank. We are technology partners who help the business transform how our employees around the world work. The candidate will get to build their expertise in Cyber Security and Fraud, while collaborating with a new and emerging team.

Typical Day In Role

• Provide consultation and technical professional guidance on the development and solutioning of enterprise Cybercrime initiatives and strategies.
• Execute Cybercrime initiative leads across relevant stakeholders to ensure responsibilities are understood and deliverables are achieved.
• Develop and maintain documentation relating to operational services delivery, interaction workflow models with key stakeholders, and enterprise initiatives.
• Maintain an up-to-date understanding of financial crime issues (ex. fraud, money laundering), including policies, procedures, legislation and regulations, industry best practice, criminal typologies and developing trends.
• Write report summaries to clearly articulate the activity being reported, the conclusions drawn and the supporting reasoning.
• Ongoing communication and reporting of service metrics and initiative status to various audiences as required.
• Guarantee that services, practices, and processes are executed and delivered in compliance with governing regulations, internal policies, and procedures.
• Understand how the Bank’s risk appetite and culture should be considered in day-to-day activities and decisions.
• Translate complex technical problems into terms and processes that support the functional goals, strategic initiatives, and business alignment of a dynamic growth company.
• Provide support where required to prepare documentation and developing creative/alternative approaches to problem resolution.
• Participate as needed (lead, facilitate, member of) within industry initiatives and third-party partnerships.
• Co-ordinate internal resources to assist in developing and maintaining relationships with third parties.
• Maintain an environment in which the team pursues effective and efficient service delivery and operational functions; while ensuring the adequacy, adherence to, and effectiveness of day-to-day business controls to meet obligations with respect to operational risk, regulatory compliance risk, AML/ATF risk and conduct risk (i.e., Operational Risk Management Framework, Regulatory Compliance Risk Management Framework, AML/ATF Global Handbook, Guidelines for Business Conduct).
• Detailed working knowledge of Cybercrime regulations across all global jurisdictions where Scotiabank conduct business (i.e., US Federal Rules of Evidence) to ensure the Bank’s investigative technology and operational processes are compliant.
• Drive a customer focused culture throughout their team to deepen client relationships and leverage broader Bank relationships, systems, and knowledge.
• Continue to improve processes including feedback to areas under review regarding control issues.
  
  
  

Candidate Requirements/Must-Have Skills

• 10+ years of working experience in Information/Cyber Security.
• Hands-on experience and working knowledge of project management methodologies, tools, and industry best practices to meet deadlines.
• Hands-on experience and working knowledge of Information Security best-practices, methodologies, and techniques.
• Hands-on experience and working knowledge of data management, information governance, and project management disciplines.
  
  
  

Nice-To-Have Skills

• Professional certifications and membership of associations in the field of information/cyber security such as: Global Information Assurance Certification (GIAC), Systems Security Certified Practitioner (SSCP).
• Investigative experience in either Cyber Security or Fraud.
• Analytical and Data Modeling experience.
• Working knowledge of international laws and regulations involving the access to, transmission of, and storage of different classifications of electronically stored information.
  
  
  

Soft Skills

• Strong approach to critical thinking, analytics, problem solving, negotiation & detail oriented.
• Proficiency in technical writing & communication for a business audience in English.
• Ability to clearly articulate explaining technical findings in business language terms, effectively communicate complex conclusions to demonstrate business risk, and draft concise reports for various intended audiences.
• Strong influencing and negotiation skills to negotiate stakeholder support and prioritization with full consideration and awareness of potential impact on business needs and outcomes.
• Strong influencing and negotiation skills to negotiate stakeholder support and prioritization with full consideration and awareness of potential impact on business needs and outcomes.
• Ability to work both independently and within the team.
• Ability to gain the trust of key business stakeholders to achieve a desired objective.
  
  
  

Best Vs. Average Candidate

• Key technical expertise in subject areas including but are not limited to: Information and Cyber Security, Networking and Routing, Data Management, Data Privacy Laws and Regulations.
• Must be able to work extremely well under pressure while maintaining a high level of professionalism is critical.
• Analytical experience.
• Fraud experience.
  
  
  

Education

• Bachelor’s degree in a technical field such as computer science, computer engineering, security or related IT field is an asset.
  
  
  

Candidate Review & Selection

• 1st round MS Teams video interview – Hiring Manager (45 minutes)
• 2nd round MS Teams video interview – Hiring Manager & Global Head (45 minutes)
• Discuss previous working experience and role requirements.
  
  
  

Job 70379