Senior Manager, Mobile Application Security

Requisition ID : 183405

Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.

The Team

Scotiabank's Information Security & Control (IS&C)'s - Application Security is responsible to improve security practices and, through that, to find and preferably prevent security issues within applications.

The Application Security team has global accountability and is highly supportive of the Bank's business, enabling execution of the Bank's strategies, operations and services, while ensuring that appropriate application security practices are adhered to.

This function provides core competency in proactively detecting application code flaws and / or bugs while working with the appropriate teams in instituting appropriate controls to mitigate risks, specifically as it pertains to web application vulnerabilities and threats.

This candidate will be expected to work closely with the application development groups to integrate application security processes and procedures into the software development lifecycle.

The role :

The incumbent is responsible for supporting the Director, VP, SVP and CISO in achieving IS&C Strategic goals through various processes, including :

• Develop and / or enhance strategies and processes to manage security vulnerabilities and threats.
• Develop and / or enhance communications to ensure prompt remediation from development and infrastructure support teams, in line with of risk management practices.
• Develop and / or enhance reporting to development teams and all levels of management in order to provide proper tracking and measurement of remediation activities
• Drive mobile security research and development

Is this role right for you?

• Recommend, design, assess, implement, deploy and maintain mobile security controls required to protect Scotiabank and its customers.
• Responsible for developing and / or enhancing the strategies and processes to identify, analyze and communicate mobile application vulnerabilities as per the CISO Directive and published communication process flows.
• Responsible for adherence to an established process flow that ensures development support teams, infrastructure support teams and business risk owners implement control measures that effectively mitigate or eliminate the identified risk.
• Responsible for timely and accurate reporting of all findings to the development teams, appropriate levels of management and the business risk owner

Do you have the skills that will enable you to succeed in this role?

• 2-3+ years' experience testing Multi-tier Web Applications, Web Services and Web API's and / or Mobile Applications
• 5+ years' experience testing API's and Mobile Applications
• Strong understanding of Windows and Linux operating systems
• Experience side loading mobile applications on both Android and IOS platforms
• Experience with jailbreaking and rooting both Android and IOS devices
• Experience with virtualization and cloud technologies
• Must have the ability to generate reports and tailor communication strategies for various levels of technical staff, executive management, and business clients.
• Good communication and support skills for triaging and resolving technical issues.
• Experience with scripting languages is essential (Python, Bash, Powershell, etc.)
• Proven leadership delivering Enterprise secure software development, testing and validation capabilities and practices.
• Expert familiarity with OWASP Top 10, SANS Top 20 and prevention / remediation techniques.
• Ability to fully support security maturity in all phases of the SDLC
• Experience implementing Continuous Integration and Continuous Delivery pipelines (DevOps / SecOps).
• Experience within an Agile development environment utilizing tools like JIRA and GIT.
• Experience with multiple programming languages (such as, Java, C++, Ruby, Python, Perl, etc.)
• An understanding of network and web related protocols (such as, TCP / IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
• Demonstrable teamwork skills and resourcefulness
• Possess self-drive to keep moving things forward even in the face of ambiguity and imperfect knowledge (avoid "analysis paralysis")
• Strong sense of ownership, urgency, and drive
• Sharp analytical abilities and proven design skills

Cyberatscotia #LI-hybrid

Location(s) : Canada : Ontario : Toronto

Scotiabank is a leading bank in the Americas. Guided by our purpose : "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.

At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone.

If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our Recruitment team know.

If you require technical assistance, please click here. Candidates must apply directly online to be considered for this role.

We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.