US Information & CyberSecurity Control Risk Manager - Regulatory & Audit

Intro
The US Information & Cybersecurity Control Risk Manager - Regulatory & Audit is a critical role within Scotiabank's Global Technology Control Testing group. This position focuses on ensuring the bank's cybersecurity controls align with industry standards and regulatory requirements. The ideal candidate will have a strong background in regulatory compliance, cybersecurity frameworks, and risk management.

Job Details
The primary responsibility of this role is to monitor, analyze, and report on cybersecurity requirements against relevant regulations and standards, such as NYDFS, FFIEC, and NIST CSF. The candidate will work in a hybrid setup, primarily remote with 1-2 days onsite per week at 250 Vesey Street, NYC. This is a contract position with a duration of 5 months, with the possibility of extension and conversion to a full-time employee. The work schedule is Monday to Friday, from 9 am to 5 pm.

Mandatory Skills
1. Minimum of 3 years of experience in regulatory compliance/examination and audit.
2. 5-7 years of experience in a related cybersecurity technical background, including exposure to cloud technologies.
3. Experience in security governance, policies, cybersecurity frameworks, and security standards, demonstrated in at least one recent project.
4. Understanding and experience with security controls, mechanisms, and risk assessment techniques in complex environments, proven in the last 2+ projects.
5. Information security-related certification (e.g., Security+, CISA, CISM, CISSP).
6. Recent relevant experience in the financial industry.

Desired Skills
- Proficiency in MS Office, with extended knowledge of MS Excel and PowerPoint preferred.
- Excellent communication and written skills.
- Ability to present risk reporting to US IS&C management.
- Team player willing to assist other team members as needed.
- Ability to manage tasks and expectations independently.
- Fast, adaptable learner who can work well under pressure.
- Willingness to learn new technologies and security-related information.

Start Date
The position is expected to start as soon as possible, with a deadline for submissions on Wednesday, October 9th, at 11 am.

Location
This position is based in New York, New York, United States, with a hybrid work model requiring onsite presence 1-2 times per week.