Director, Cloud Platform and Application Security Solutions

Requisition ID: 236196

Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.

Purpose

Leads and oversees Cloud Security Solutions department of Cloud Security Solution and Security Advisory Transformation in Canada ensuring business strategies, plans and initiatives are executed / delivered in compliance with governing regulations, internal policies and procedures.

The Director of Cloud Security Solutions will lead a team of Security Solution Advisors/Architects responsible for the design and management of security solutions that protect cloud-based infrastructure, applications, and services. The role requires a strong background in cloud platforms such as GCP and Azure, with an emphasis on securing cloud-native applications and solutions.The leader will be responsible for ensuring that security practices are integrated into the development lifecycle (DevSecOps) of cloud solutions and that security measures are up-to-date against the latest threats.

The Director of Cloud Security Solutions will work as part of the security engineering and architecture team, collaborating with cloud architects, cloud platform engineering team, DevOps teams, and IT operations.This role will work closely with compliance, risk management, and software development teams to ensure that security best practices are integrated into cloud platform design and operations.

Role Summary

The Director of Cloud Platforms Security Solution leads a team of Security Solution Advisors/Architects responsible for designing and maintaining security solutions across cloud environments, including public, private, and hybrid clouds. This role ensures that the organization’s cloud infrastructure, platforms, and services are secure and compliant with regulatory standards and industry best practices. The leader will also contribute to the development of security policies and work closely with multiple teams to embed security into cloud services lifecycle

Is this role right for you? In this Role, you will:

• Leadership:
  • Lead a team of Senior Cloud Security Solution Architects and Security Advisors and drive a customer focused culture throughout their team to deepen client relationships, accelerate the delivery of secure cloud solutions and platforms leveraging broader Bank relationships, systems and cloud security knowledge.
• Cloud Security Architecture and Implementation:
  • Design and implement security controls that protect cloud-based applications and infrastructure.
  • Develop and enforce security patterns, policies, standards, and procedures to protect the integrity, availability, and confidentiality of the organization’s cloud infrastructure.
• DevSecOps Integration:
  • Integrate security tools and practices into the DevOps pipeline to ensure continuous delivery without compromising security.
  • Conduct security reviews of cloud-native applications and platforms identifying vulnerabilities and providing remediation strategies.
• Cloud Security Monitoring:
  • Implement and manage security monitoring tools to detect threats, anomalies, and potential security incidents in cloud environments.

• Collaborate with the incident response team to ensure that cloud-specific threats are properly addressed and mitigated.

• Vulnerability and Patch Management:
  • Conduct regular security assessments, review vulnerability scans, and penetration testing of cloud applications and platforms.
  • Coordinate with DevOps and IT teams to apply necessary patches and security updates across cloud infrastructure.
• Compliance and Risk Management:
  • Ensure cloud security solutions align with industry regulations and organizational compliance requirements.
  • Manage the audit process for cloud security, responding to compliance assessments and third-party audits.
• Training and Mentoring:
  • Provide guidance and training to their team on cloud security best practices.
  • Mentor junior security solution architects and security advisors and assist in their professional development.
• Continuous Improvement:
  • Stay updated with emerging trends in cloud security and propose improvements to the current security posture.
  • Evaluate new cloud security controls, technologies, tools, and processes to enhance the organization’s security in cloud environments.
• Understand how the Bank’s risk appetite and risk culture should be considered in day-to-day activities and decisions
  • Create an environment in which their team pursues effective and efficient operations of their respective areas in accordance with Scotiabank’s Values, its Code of Conduct and the Global Sales Principles, while ensuring the adequacy, adherence to and effectiveness of day-to-day business controls to meet obligations with respect to operational, compliance, AML/ATF/sanctions and conduct risk.
• Build a high-performance environment and implement a people strategy that attracts, retains, develops and motivates their team by fostering an inclusive work environment and using a coaching mindset and behaviors; communicating vison/values/business strategy; and, managing succession and development planning for the team.

Do you have the skills that will enable you to succeed in this role? We'd love to work with you if you have:

• Bachelor’s or Master’s degree in Computer Science or a related field.
• 10+ years of experience in cloud security, security architecture, or information security, with a minimum of 5 years in a leadership role.
• Demonstrated experience in leading and transforming cloud security programs and advisory services within large-scale cloud and application modernization projects.
• Proven experience in developing and leading risk management programs for cloud and modern application environments.
• Deep expertise in cloud platforms (GCP, Azure, AWS, GKE, Terraform) and modern application security practices (containers, microservices, serverless).
• Hands-on experience in threat modeling, DevSecOps, and implementing secure cloud solutions.
• Cloud Security Architecture, Risk Management, Cloud services.
• Specific regulatory or compliance knowledge OSFI, PIPEDA, FedRAMP, GDPR, PCI DSS CIS, NIST.
• Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), or other cloud-specific certifications.

What's in it for you?

• Diversity, Equity, Inclusion & Allyship - We strive to create an inclusive culture where every employee is empowered to reach their fullest potential, respected for who they are, and are embraced through bias-free practices and inclusive values across Scotiabank. We embrace diversity and provide opportunities for all employee to learn, grow & participate through our various Employee Resource Groups (ERGs) that span across diverse gender identities, ethnicity, race, age, ability & veterans.
• Accessibility and Workplace Accommodations - We value the unique skills and experiences each individual brings to the Bank and are committed to creating and maintaining an inclusive and accessible environment for everyone. Scotiabank continues to locate, remove and prevent barriers so that we can build a diverse and inclusive environment while meeting accessibility requirements.
• Upskilling through online courses, cross-functional development opportunities, and tuition assistance.
• Competitive Rewards program including bonus, flexible vacation, personal, sick days and benefits will start on day one.
• Community Engagement - no matter where you choose to work from; we offer opportunities for community engagement & belonging with our various programs such as hackathons, contests, Humans of Digital and much more!

Location(s): Canada : Ontario : Toronto

Scotiabank is a leading bank in the Americas. Guided by our purpose: "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.

At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our Recruitment team know. Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.