Requisition ID: 226219
Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.

Position: Vice President, IT Remediation & Horizontal Programs Business Line: Office of the Chief Information Officer The Vice President, IT Remediation & Horizontal Programs is a senior leader within the Office of the CIO, accountable for driving the execution of enterprise-wide technology risk remediation initiatives. This role is focused on closing high-impact risk issues, control weaknesses, and regulatory findings across critical domains — ensuring sustainable, audit-defensible solutions that reduce technology risk exposure across the bank. This role will lead horizontal remediation programs that span multiple control areas, including Identity & Access Management (IAM), Data Protection, Vulnerability Management, Asset & Software Currency, Endpoint Controls, and Technology Resiliency. This role requires deep experience in root cause analysis, program delivery, and embedding long-term risk reduction across a complex and regulated technology landscape. This is a high-visibility role requiring partnership across Cybersecurity, Infrastructure, Risk, Compliance, and Application teams, with frequent engagement with internal audit and external regulators. Accountabilities Enterprise Remediation Ownership:

• Lead and deliver complex technology risk remediation programs addressing regulatory findings, audit issues across global and U.S. regions.
• Provides oversight, planning, execution, and delivery of the IT Risk and Cyber Security remediation program. Later leveraging best practices/ learnings globally to lead a Global IT Risk and Cyber Security transformation. Overseeing the implementation of risk remediation plans and report to the Executive Management, the Risk Management Committee, and external regulators.
• Responsible to develop, implement and monitor a comprehensive Enterprise IT Risk Management Program within the First Line of Defence that governs, enables and oversees existing IT Risk functions in accordance with regulatory expectations and evolving business practice.

Horizontal Program Leadership:

• Drive remediation and control uplift across key enterprise domains, including:

• • Identity & Access Management (IAM): Close access design and entitlement control gaps.
  • Data Protection: Improve protection of sensitive data across platforms and jurisdictions.
  • Vulnerability Management: Accelerate remediation of known vulnerabilities and address root causes, including process, ownership, and tooling gaps.
  • Software Currency & Asset Management: Eliminate legacy, unsupported technologies and enforce lifecycle governance.
  • Endpoint Controls: Uplift control configurations and management capabilities across end-user and server environments.
  • Technology Resiliency: Coordinate remediation activities stemming from resiliency assessments and Resiliency Steering Committee (SteerCo) direction.

Sustainable Control Remediation:

• Ensure issues are resolved at the root cause level and solutions are embedded in operational processes to prevent recurrence. Drive risk-based prioritization and execution discipline.

Regulatory and Audit Response:

• Act as a key remediation lead in response to regulatory exams (e.g., OSFI, FRB) and internal audits. Provide credible plans, progress updates, and closure evidence.
• Manager interactions with US Regulators on Technology Regulatory Compliance matters and ensure all related matters are dealt with in an expedient, consistent, and efficient manner.

Governance & Risk Accountability:

• Establish effective remediation governance, including risk acceptance processes, remediation tracking, risk metric validation, and closure approvals aligned with enterprise risk and audit standards.

Cross-Functional Collaboration:

• Partner across technology domains, including Infrastructure, Cybersecurity, Application Development, and Compliance, to drive execution, resolve blockers, and ensure consistency in remediation approach.

Risk Culture Leadership:

• Promote a culture of control ownership, transparency, and accountability across the technology organization, emphasizing remediation as a strategic and operational priority.

Program Governance & Executive Reporting:

• Establish standardized governance models and execution frameworks for technology remediation programs within the Office of the CIO.
• Develop and maintain executive dashboards, risk metrics, and board-level materials to report on program status, challenges, and control effectiveness.
• Coordinate with regional CIOs and control partners to ensure consistent global execution.

Education & Experience

• 10+ years of experience in IT risk remediation, technology control uplift, or regulatory remediation programs.
• Proven record leading enterprise-scale remediation efforts in a regulated environment (preferably banking or financial services)
• Proven strong leadership, communication and strategic influencing capability, supported by well-developed analytical and strategic thinking competencies.
• Expert Technology Risk and Controls management experience; systems design, change management, release management, security services.
• Expert knowledge of multiple global businesses including related systems and procedures.
• Expert ability to balance competing or conflicting goals of various departments and stakeholders which requires a mature, diplomatic approach and highly developed negotiation and influencing skills.
• Excellent communication, facilitation, and presentation skills for developing communication strategies for Executives.
• An ability to anticipate future events, trends, problems and opportunities, and perceive patterns as they emerge.
• Bachelor's degree in Information Technology, Cybersecurity, Engineering, or a related discipline; Master's or MSA is an asset.

Working Conditions Work in a standard office-based environment; non-standard hours are a common occurrence. Limited travel domestically and globally required at times.

Location(s): Canada : Ontario : Toronto
Scotiabank is a leading bank in the Americas. Guided by our purpose: "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.
At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our Recruitment team know. If you require technical assistance, please click here. Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.