Scotiabank is seeking a highly motivated and experienced Information Security professional to join our team as an Advisory Services Specialist. This role will contribute to the overall success of Information Security & Control (IS&C;) by executing specific individual goals, plans, and initiatives in support of the team's business strategies and objectives. Ensuring all activities conducted are in compliance with governing regulations, internal policies, and procedures. Purpose The purpose of this role is to champion a customer-focused culture, deepen client relationships, and leverage broader Bank relationships, systems, and knowledge. Key Accountabilities - Establish and maintain a detailed understanding of Scotiabank's Third Party Risk Management (TPRM), Threat Risk Assessment (TRA), and New Initiatives Risk Assessments (NIRA) practices and priorities, specifically as it relates to Information Security. - Advocate for IS&C;, building strong relationships and raising awareness for the importance of effective information security practices in our supply chain. - Perform comprehensive risk assessments for bank initiatives and projects, identifying potential security threats and vulnerabilities. - Ensure all risk assessments and security measures comply with established standards and policies of the group. Propose effective risk mitigation strategies to address identified security risks. - Work closely with project teams, IT departments, and other stakeholders to integrate security measures into project plans. - Continuously monitor risk levels and provide regular reports to senior management on the status of risk assessments and mitigation efforts. - Support the Incident Management and Investigation processes. - Actively pursue effective and efficient operations of his/her respective areas in accordance with Scotiabank's Values, its Code of Conduct, and the Global Sales Principles, while ensuring the adequacy, adherence to, and effectiveness of day-to-day business controls to meet obligations with respect to operational, compliance, AML/ATF/sanctions, and conduct risk. - Champion a high-performance environment and contribute to an inclusive work environment. Dimensions - Relationships with all employees of Scotiabank Uruguay, ScotiaTech, and the Bank. - Information Security Standards and frameworks (ISO27001, NIST CSF, PCI-DSS). - Technology (Infrastructure, Cloud, Networking, Datacenter). - Application Security. Education / Experience / Other Information - A minimum of 4 years of experience in Information Security and Cybersecurity. - Solid understanding and experience with security controls/mechanisms/Protocols and threat/risk assessment techniques pertaining to complex data, application, and network environments. - Strong verbal and written communication skills in English with excellent individual project management and tracking skills. Spanish verbal skill is strongly desired. - Knowledge of regulatory guidelines related to the financial services industry. - Strong knowledge of industry standards/frameworks related to Information Security (ISO27001/27002, NIST, PCI-DSS, GDPR, among others). - Certifications related to security are considered an asset (e.g., CISSP, CISM, CRISC, CCSP, ISO27001). - Analytical experience, attention to detail, excellent critical thinking, logic, and ability to solve problems. - Excellent relationship management and negotiation skills to assist in the communication and finalization of the Bank's security requirements, contractual obligations, and standards to internal teams and third-party relationships. Working Conditions Work in a standard office-based environment; non-standard hours are a common occurrence.