Requisition ID: 228751

Tangerine is Canada's leading direct bank. We offer flexible and accessible banking options, innovative products, and award-winning Client service. The reason why Tangerine employees come to work each day is to help Canadians live better lives. We focus on making a difference in our communities, and that includes our own internal community. It's important to us that our employees feel empowered and enthusiastic about belonging to our Orange culture.

The Team

The Tangerine Technology and Cyber Risk team is responsible for setting the compliance oversight strategy and roadmap for IAM and defining, delivering, operating, and governing security controls pertaining to identity and access management for Tangerine. This includes compliance oversight of Identity Lifecycle Management, centralized provisioning of workforce identities, certification of workforce identities, roles and accounts, management of privileged access, authentication including Multi-Factor Authentication and Single Sign-On. This individual will report directly to the Director, Technology & Cyber Risk.

The Role

The Manager of IT Risk - Access Governance, provides oversight to various IAM related functions / processes. Also contributes to the overall success of Identity and Access Management domain by providing oversight to access governance cycle and ensuring key controls are operating effectively and activities conducted are compliant with the governing regulations, internal policies, and procedures.

Is this role right for you? In this role you will:

IT Risk Governance

• Maintain the compliance oversight of Scotiabank's security and risk management framework, policies, and standards for managing risks to its information assets and systems.
• Identify, assess, prioritize, and report on material IT risks and aligned business areas. This will require working with various Risk owners and other control function groups.
• Liaise with Scotiabank counterparts to identify evolving requirements.
• Monitor evolving industry best practices, regulatory and legislative requirements.
• Provide 1st Line of Defence functions with ongoing guidance to support the implementation of, and compliance with established IT and security requirements.
• Perform various types of data analysis work and prepare monthly / quarterly reporting.

IT Risk Advisory

• Provide directions to Tangerine's functional teams to build their capability to identify, assess, mitigate, and monitor risks associated with their use of information and IT systems.
• Provide leadership, strategic thinking insights and clear direction on day to day as well as new initiatives related to Identify and Access Governance.
• Ensure operating effectiveness of Identity and access management and governance controls and communicate changes in controls to second and third line of defense.
• Manage all Tangerine's access certifications and implement processes to ensure certification data is accurate, complete, clear and concise.
• Develop communication strategies including escalations for certification campaigns and ensure end-user communication is timely, clear, and level-appropriate.
• Create a positive work environment and empower the team to grow and excel.
• Relationship building and working with various teams to assist in completion of access certifications across the enterprise.
• Continuously improve and automate where possible to reduce manual efforts in all team processes.
• Develop and maintain standardized processes, templates and guidance documentation related to the activities of the role as needed, striving for efficiency and streamlining.
• Collaborates with multiple technology teams including infrastructure and business teams for assessing controls and remediation actions on the operating environment and ongoing projects.
• Analyze and respond to risk assessment requests assigned to Technology Risk Team.
• Build positive culture for the management of IT and security risks. Deliver ongoing counsel to risk owners to create IT risk awareness.

IT Risk & Compliance Monitoring

• Establish monthly reporting of KPI dashboard.
• Maintain Tangerine's IT KPIs and KRIs within risk appetite for the IT domains assigned.
• Facilitate and contribute to the preparation of management reporting relating to the responsibilities within the role.
• Lead engagement with Tangerine's 2nd and 3rd Line of Defense function to influence the focus, scope, and criteria for the testing of the Bank's IT risk capabilities.
• On-going monitor and track issues raised by Internal Audit, assist risk owners to ensure remediation is completed within pre-defined timelines and risk is addressed appropriately.

Do you have the skills that will enable you to succeed in this role? We'd love to work with you if you have:

• You possess strong understanding of the Identity and Access Management principles, concepts and best practices.
• You have good understanding of Identity Governance and Administration solutions including SailPoint Identity solutions.
• You have experience defining requirements, processes and effective and efficient operational procedures.
• You have excellent organization skills and the ability to manage multiple intake channels efficiently.
• Experience in Technology, Information/Cyber Security, Audit, Compliance, regulatory supervision, consulting, or advisory roles.
• Proficiency in creating engaging presentations, utilizing visual storytelling, and formatting slides effectively, along with experience in delivering presentations to various audiences.
• Understands how the Bank's risk appetite and risk culture should be considered in day-to-day activities and decisions.
• Sound business and technical acumen, with demonstrated agility in learning and ability to quickly become comfortable with unfamiliar businesses areas of technologies.
• Ability to connect programs/projects to broader organizational goals and grasp the key performance drivers of business partners.
• Supports an environment in which the team pursues effective and efficient operations of his/her respective areas in accordance with Scotiabank's Values, its Code of Conduct and the Global Sales Principles, while ensuring adequacy, adherence to and effectiveness of day-to-day business controls to meet obligations with respect to operational, compliance and conduct risk.
• Builds and maintains strong relationships with key contacts within Technology, Operations, and the Business Units to support effective management and delivery of goals for the role.
• Excellent communication (presentation skills, verbal and written). The ability to communicate confidently and clearly on conference calls, in meetings, via email, etc. at all levels of the organization.
• Proven ability to work both independently and within a team environment.
• Must also be proactive and creative, with strong, proven ability to plan and manage competing priorities, as well as ability to recognize and appropriately handle sensitive and confidential information.
• Excellent stakeholder management and influencing / negotiation skills, capable of balancing multiple perspectives, effective at all levels.
• Bachelor's degree in business or science.
• Relevant certification in Security / Risk Management

What's in it for you?

• Diversity, Equity, Inclusion & Allyship - We strive to create an inclusive culture where every employee is empowered to reach their fullest potential, respected for who they are, and are embraced through bias-free practices and inclusive values across Scotiabank. We embrace diversity and provide opportunities for all employee to learn, grow & participate through our various Employee Resource Groups (ERGs) that span across diverse gender identities, ethnicity, race, age, ability & veterans.
• Accessibility and Workplace Accommodations - We value the unique skills and experiences each individual brings to the Bank and are committed to creating and maintaining an inclusive and accessible environment for everyone. Scotiabank continues to locate, remove and prevent barriers so that we can build a diverse and inclusive environment while meeting accessibility requirements.
• Upskilling through online courses, cross-functional development opportunities, and tuition assistance.
• Competitive Rewards program including bonus, flexible vacation, personal, sick days and benefits will start on day one.
• Community Engagement - no matter where you choose to work from; we offer opportunities for community engagement & belonging with our various programs such as hackathons, contests, Humans of Digital and much more!

Location(s): Canada : Ontario : Toronto

At Tangerine we value the unique skills and experiences each individual brings to the team, and are committed to creating and maintaining an inclusive and accessible environment. If you require accommodation during the recruitment and selection process, please let our Recruitment team know.