Senior Information Security Advisor

Scotiabank
Toronto
CAD 80,000 - 120,000
Job description

Requisition ID: #

Tangerine is Canada’s leading direct bank. We offer flexible and accessible banking options, innovative products, and award-winning Client service. The reason why Tangerine employees come to work each day is to help Canadians live better lives. We focus on making a difference in our communities, and that includes our own internal community. It’s important to us that our employees feel empowered and enthusiastic about belonging to our Orange culture.

The Team

Scotiabank’s Security Advisory Services team is responsible for providing advisory services to Tangerine Bank and its business lines, subsidiaries and affiliates enabling the achievement of the Bank's Information Security as it continues to move to the Public Cloud.

The Role

Reporting to the Senior Manager of Security Advisory (Tangerine) the Senior Information Security Advisor provides guidance to business lines to ensure design, development and implementation of complex cloud projects and initiatives are in accordance with the Bank's Information Security Standards and in compliance with industry regulations. In this senior role, you will be supporting various business lines while assisting them in making informed decisions to protect information assets deployed in Public Clouds environments.

Is this role right for you? In this role, you will:

  1. Have a strong experience leading complex projects providing security advice to ensure information security risks are mitigated.
  2. Thrive in solutioning for multiple security domains (Application Security, Data Protection, Cloud Security Engineering, Identity and Access Management, Cloud Security Architecture, Network Security, Risk Management, etc.) and knowledgeable of Zero Trust Architecture principles.
  3. Have experience in solutioning security architecture for Public Clouds, creating and reviewing security patterns, and advising on security risks.
  4. Be proficient in reviewing architecture and solution design documentation and can identify and assess potential risks.
  5. Excel in reviewing Technical Design and Security Design documents and creating assessment documents (Threat Risk Assessment) and evaluating risks.
  6. Be passionate about new technologies and enjoy the challenges of implementing security controls to protect them.
  7. Work on different types of projects (from large complex to simple) is a part of your DNA.
  8. Love to collaborate with various business lines, IT support functions and IS&C Control functions.

Key Job Accountabilities:

  1. Providing the following functions to Tangerine/Scotiabank’s Cloud Initiatives: Conducting Threat Risk Assessments and performing security advisory work on specific applications and infrastructure associated with Scotiabank’s Cloud and other initiatives ensuring that controls are adequate, meet Bank standards, and enable business objectives.
  2. Conducting Risk Management activities.
  3. Providing Quality Assurance on Threat Risk Assessments and Threat Modelling as required for Cloud initiatives.
  4. Providing strategic guidance and technical expertise on cloud security solutions and recommend best practices.
  5. Conducting comprehensive security assessments on large high-profile cloud initiatives implemented in GCP and Azure.
  6. Collaborating with cross-functional teams to design and implement robust security architectures for various systems, applications, and networks.
  7. Evaluating existing security solutions and proposing enhancements or new designs to address emerging threats and business requirements.
  8. Ensuring alignment with industry best practices, compliance standards, and organizational security policies.
  9. Identifying security weaknesses, vulnerabilities, and gaps in existing systems and recommending remediation strategies.
  10. Providing support on how the Bank's portfolio of standards to the technology footprint of Scotiabank’s Cloud offering.
  11. Providing oversight over the specific line of business security posture, ensuring that all tools available to detect and remediate security risks have been applied.
  12. Conducting industry reviews and benchmarking exercises to ensure our controls are aligned with our peers, emerging threats, and available mitigation strategies.
  13. Working directly with technical leads from assigned Lines of Businesses supporting their initiatives from an Information Security perspective.
  14. Providing relationship management function primarily to the Enterprise Cloud team from an Information Security perspective.

Do you have the skills that will enable you to succeed in this role? We'd love to work with you if you have:

  1. Post-secondary education in Computer Science or in a related field.
  2. At least 5 years of hands-on technical working experience in performing security assessments on cloud platforms, CI/CD deployment pipelines, network infrastructure and complex applications. Experience with Risk Assessments of applications migrated into the Cloud Environments.
  3. At least 6 years' experience in security solution architecture, software development, and/or hands-on experience with implementations of cloud environments, security controls and cloud-based solutions.
  4. A strong communicator and capable of creating clear documentation.
  5. Solid knowledge of cloud technologies and cloud security (GCP or Azure or AWS, Kubernetes and IAM, CI/CD pipelines, Terraforms, infrastructure as a code).
  6. Experience with GCP and Kubernetes is a strong asset.
  7. Experience with tools used in securing cloud deployments such as CNAPP, CSPM, CWPP, etc.
  8. Cloud security engineering or cloud solution architecture certifications from Google, Microsoft or AWS.
  9. Used industry leading productivity tools to produce quantitative/qualitative reports, data flow diagrams & visual presentations.
  10. Certifications (CISSP, CISM, CCSP, CRISC) are nice to have.
  11. Familiarity with industry standards and frameworks e.g., NIST 800-53, ISO 27001, ISO27002, ISO 27017, ISO27018, PCI DSS, CIS.
  12. Advanced communication (verbal/written/presentation) skills in English. Knowledge of Spanish is an asset.

What's in it for you?

  1. Diversity, Equity, Inclusion & Allyship - We strive to create an inclusive culture where every employee is empowered to reach their fullest potential, respected for who they are, and are embraced through bias-free practices and inclusive values across Scotiabank.
  2. Accessibility and Workplace Accommodations - We value the unique skills and experiences each individual brings to the Bank and are committed to creating and maintaining an inclusive and accessible environment for everyone.
  3. Upskilling through online courses, cross-functional development opportunities, and tuition assistance.
  4. Competitive Rewards program including bonus, flexible vacation, personal, sick days and benefits will start on day one.
  5. Community Engagement - no matter where you choose to work from; we offer opportunities for community engagement & belonging with our various programs such as hackathons, contests, cooking with friends, Humans of Digital and much more!

Working location condition: Hybrid

Location(s): Canada : Ontario : Toronto

At Tangerine we value the unique skills and experiences each individual brings to the team, and are committed to creating and maintaining an inclusive and accessible environment. If you require accommodation during the recruitment and selection process, please let our Recruitment team know.

Get a free, confidential resume review.
Select file or drag and drop it
TrustpilotStars
Rated “Excellent” based on 14,992 reviews
Avatar
Free online coaching
Improve your chances of getting that interview invitation!
Be the first to explore new Senior Information Security Advisor jobs in Toronto
Follow us
JobLeads Youtube ProfileJobLeads Linkedin ProfileJobLeads Instagram ProfileJobLeads Facebook ProfileJobLeads Twitter AccountJobLeads Xing Profile
Company
Services
Free resources
Support

© JobLeads 2007 - 2025 | All rights reserved