Director, Technology Risk

Support the Director IT Risk Governance, Standards and Controls and lead the governance and operation of the technology and cyber issues lifecycle for the Bank, leveraging Service Now Integrated Risk Management as the primary platform of record. Ensure that issues arising from audits, regulatory reviews, risk assessments, security tooling, and control monitoring are consistently captured, risk rated, remediated, and validated in line with the Bank’s risk appetite and banking regulatory expectations.

• Define and govern taxonomies for issues, control failures, and root causes consistent with the operational risk and regulatory reporting requirements.
• Support technology and cyber risk committees/forums to review issue status, challenge remediation, and elevate material items to senior risk and business leadership.
• Own and maintain the Bank’s technology and cyber issues management process.
• Lead the design and continuous improvement of Service Now IRM issue and exception management workflows, including automated issue creation from control failures, indicators, audits, and security tools.
• Define data standards for issues, actions, policy exceptions, residual risk, and ownership to ensure a single, trusted source of truth across Scotia Tech.
• Partner with Platform/Service Now teams to optimize the Risk Workspace, dashboards, notifications, and integrations with vulnerability management, incident, change, and CMDB modules.
• Oversee the end‑to‑end lifecycle of technology and cyber issues, including internal and external audit findings, regulatory issues, policy and control exceptions, penetration test findings, and operational incidents.
• Provide effective challenge on issue descriptions, impact/likelihood, regulatory relevance, action plans, and target dates, particularly for high risk or regulatory significant items.
• Ensure robust closure and independent validation, supported by appropriate evidence captured in Service Now IRM and available for audit and regulatory review.
• Develop Service Now and/or Business Intelligence tools‑based dashboards and KRIs to track issue volumes, severities, overdue items, theme clusters (e.g., cloud, identity, payments), and control break trends across Scotia Tech.
• Produce regular reporting packs for Technology & Cyber leadership, and Risk Committees, highlighting systemic weaknesses, repeat findings, and regulatory hot spots.
• Drive thematic and root‑cause analysis across issues to inform strategic remediation programs (e.g., resilience, identity, data protection) and reduce recurring technology and cyber events.
• Define integration requirements between Service Now IRM and other banking systems (e.g., security tools, operational risk, HR, finance) to automate issue creation, ownership, and status updates.
• Oversee configuration related to policy exceptions, control attestations, indicators, and automated control monitoring to ensure consistent issue and exception handling.
• Promote continuous improvement, including workflow simplification, reduced manual effort, and better data quality to support faster and more reliable regulatory and management reporting.
• Coordinate responses to regulators and Internal Audit relating to technology and cyber findings, remediation status, and evidence requests, leveraging Service Now as the authoritative data source.
• Influence prioritization of remediation against other change portfolios, ensuring customer impact, financial risk, and regulatory expectations are factored into decisions.
• Promote a transparent, no‑blame culture that encourages early identification and timely escalation of issues and near‑misses across technology and banking operations.
• Provide training and coaching to technology, cyber, and business teams on how to use Service Now IRM effectively for issues, actions, and policy exceptions.

• 10+ years in Technology Risk, Cyber Security, Operational Risk, or Internal Audit in banking or financial services, including direct interaction with regulators.
• 5+ years leading issues and/or…