Requisition ID: Thanks for your interest in ScotiaTech, Scotiabanks new and innovative Technology hub in Bogota. Join a purpose driven winning team that promotes creativity and innovation in a fast:paced environment, where we're always committed to results, in an inclusive, diverse, and high:performing culture. Purpose Contributes to the overall success of Information Security and Control (IS and C):Advisory Services ensuring specific individual goals, plans, initiatives are executed / delivered in support of the team's business strategies and objectives. Ensures all activities conducted are in compliance with governing regulations, internal policies and procedures. Accountabilities : Champions a customer focused culture to deepen client relationships and leverage broader Bank relationships, systems and knowledge. : Establish and maintain a detailed understanding of Scotiabank's Third Party Risk Management (TPRM), Threat Risk Assessment (TRA), New Iniciatives Risk Assessments (NIRA) practices and priorities. Specifically, as it relates to Information Security. : Be an advocate for IS and C, building strong relationships and raising awareness for the importance of effective information security practices in our supply chain. : Perform comprehensive risk assessments for bank initiatives and projects, identifying potential security threats and vulnerabilities. : Ensure all risk assessments and security measures comply with the established standards and policies of the group. Propose effective risk mitigation strategies to address identified security risks. : Work closely with project teams, IT departments, and other stakeholders to integrate security measures into project plans. : Understand how the Bank's risk appetite and risk culture should be considered in day:to:day activities and decisions. : Continuously monitor risk levels and provide regular reports to senior management on the status of risk assessments and mitigation efforts. : Support the Incident Management and Investigation processes. : Understand how the Bank's risk appetite and risk culture should be incorporate into in day:to:day activities and decisions. : Actively pursues effective and efficient operations of his/her respective areas in accordance with Scotiabank's Values, its Code of Conduct and the Global Sales Principles, while ensuring the adequacy, adherence to and effectiveness of day:to:day business controls to meet obligations with respect to operational, compliance, AML/ATF/sanctions and conduct risk. : Champions a high:performance environment and contributes to an inclusive work environment. Dimensions : Relationship with all the employees of Scotiabank Uruguay, Scotiatech and the Bank. : Information Security Standards and frameworks (ISO27001, NIST CSF, PCI:DSS) : Enterprise Risk Management : Technology (Infrastructure, Cloud, Networking, Datacenter) : Application Security. Education / Experience / Other Information stylemargin:bottom:11.0px: : At least 4 years of experience in Information Security and Cybersecurity. : Must have a solid understanding and experience with security controls/mechanisms/Protocols and threat/risk assessment techniques pertaining to complex data, application and network environments. : Must have strong verbal and written communication skills in English with excellent individual project management and tracking skills. Spanish verbal skill is strongly desired. : Must have knowledge of regulatory guidelines related to the financial services industry. : Must have strong knowledge of industry standards/frameworks related to Information Security (ISO27001/27002, NIST, PCI:DSS, GDPR, among others). : Certifications related to security are considered an asset (e.g., CISSP, CISM, CRISC, CCSP, ISO27001). : Analytical experience, attention to detail, excellent critical thinking, logic, and ability to solve pro