Requisition ID: 240291

Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.

Reporting to the Director and Technology Lead Data Loss Prevention, this role provides subject matter expertise and support across the Data Loss Prevention (DLP) portfolio, specifically in designing, assessing, analyzing, and monitoring Data Loss Prevention controls, monitoring rules and partnering with the team to implement within the organization. The incumbent will be part of a strategic and comprehensive Data Protection Management Function working closely with Information Security, Corporate Security and the Data Offices in ensuring implementation in accordance with regulatory expectations, risk appetite, organizational risk practices and evolving business practices. In addition, will represent the Cybersecurity Operations and Technology Organization on all matters (proactive and reactive) for Data Loss Prevention (DLP) such as, but not limited to risk representation, regulatory interactions etc.

Is this role right for you? In this role, you will:

• Provide subject matter expertise and advice on models, controls, and rules to Technology, Corporate Security and Information Security in line with internal standards and regulatory expectations.
• Ensure testing (Control Testing), tuning, designs and optimize controls and rules for productivity and efficiency reducing false positives and increasing true positives. Routinely analyze various alert metrics (e.g., productive vs non-productive alerts, alerts per transaction) and optimizing solution configurations and parameters.
• Develop and oversee appropriate documentation, inventories and ongoing monitoring of rules, control and models and their performance in accordance with model governance standards as appropriate and in-line with regulatory expectations.
• Ensure reporting for controls, and rule KRIs and KPIs are timely and accurate, and evaluate methodologies and controls as appropriate.
• Identify and work to integrate new data sources and tools which enhance the overall data protection effectiveness of the organization. Provide appropriate feedback on data quality concerns.
• Provides input to develop controls and continuously enhance existing controls to monitor data while in-use (endpoint actions), in-motion (network traffic), and at-rest (data storage) to prevent loss of organizational data across data sources and through data discovery initiates.
• Collaborate closely with data offices in IT&S and CIDA. Partner with Corporate Security, Information Security and Enterprise Architecture to ensure overall success of objectives. Partners with other risk groups to assess, implement and communicate new/updated risk controls, frameworks, policies, risk indicators, metrics, and limits.
• Advises and supports owners in day-to-day data prevention projects.
• Design, develop, and evaluate reporting. Test and analyze thresholds, ranges, and solution configurations to improve the effectiveness of monitoring solutions.
• Develop dashboards and metrics to track and measure operational effectiveness of key data prevention operations such as operational throughput and timeliness, control failures especially regarding exceptions management and incident response.
• Supports the Data Prevention Exception Management system (Service Now/JIRA) for integrity of workflow including triaging DLP exception requests, addressing client inquiries, and executing operational processes as required.
• Ensures consistency in the implementation of DLP monitoring globally across all jurisdictions in the Bank including principal subsidiaries. Identify pervasive DLP issues that are common across the landscape.
• Proactively identify DLP thematic issues and emerging threats. Assists risk owners in adhering to policies, frameworks, standards and guidelines through active engagement, guidance, and counseling.
• Advises on the design of data protection and data loss prevention controls and works with various security and IT teams to develop ongoing remediation plans to mitigate risk to the organization
• Ensure that DLP assessments and outputs are recorded in enterprise tools and in full compliance of all policies and common standards, including the DLP Policy and Framework.
• Supports implementation of a strong DLP culture in partnership with stakeholders across IT&S.
• Directs day-to-day activities in a manner consistent with the Bank’s risk culture and the relevant risk appetite statement and limits. Communicates the Bank’s risk culture and risk appetite statement throughout their teams.
• Drive a culture to safeguard the Bank. Champion the education and training of stakeholders and end users about the Bank’s data protection policies. Collaborate with stakeholders and partner with teams on the planning, implementation, and rollout of associated programs and solutions

Do you have the skills that will enable you to succeed in this role? We'd love to work with you if you have:

• The successful candidate will have a strong background in the areas of DLP technical controls, DLP risks, security best practices standards (ISO, NIST, COBIT), and audit and regulatory frameworks.
• Candidates should have a breadth of IT and DLP management experience (governance, operations, audit, control functions, compliance, risk management) over 7+ years.
• Knowledge of and experience with current and emerging data loss prevention tools and methodologies.
• Certification in technical information security disciplines such as CISM, CISSP and other industry standard Cyber Security technical evaluation is highly desirable.
• Candidates require strong leadership, communication, and strategic influencing capability, supported by well-developed analytical and strategic thinking competencies.
• Requires expert DLP management experience related to; systems design, security, availability, disaster recovery, third party risk management, change management, release management. Exposure to cloud controls would be an asset.
• Good knowledge of financial products and processes.
• Good ability to balance competing or conflicting goals of various departments and stakeholders which requires a mature, diplomatic approach and highly developed negotiation and influencing skills.
• Experience with regulatory compliance, incident management and assessing IT risk and governance process within an organization.

What's in it for you?

• Diversity, Equity, Inclusion & Allyship - We strive to create an inclusive culture where every employee is empowered to reach their fullest potential, respected for who they are, and are embraced through bias-free practices and inclusive values across Scotiabank. We embrace diversity and provide opportunities for all employee to learn, grow & participate through our various Employee Resource Groups (ERGs) that span across diverse gender identities, ethnicity, race, age, ability & veterans.
• Accessibility and Workplace Accommodations - We value the unique skills and experiences each individual brings to the Bank and are committed to creating and maintaining an inclusive and accessible environment for everyone. Scotiabank continues to locate, remove and prevent barriers so that we can build a diverse and inclusive environment while meeting accessibility requirements.
• Upskilling through online courses, cross-functional development opportunities, and tuition assistance.
• Competitive Rewards program including bonus, flexible vacation, personal, sick days and benefits will start on day one.
• Community Engagement - no matter where you choose to work from; we offer opportunities for community engagement & belonging with our various programs such as hackathons, contests, Humans of Digital and much more!

Location(s): Canada : Ontario : Toronto

Scotiabank is a leading bank in the Americas. Guided by our purpose: "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.

At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our Recruitment team know. If you require technical assistance, please click here. Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.