HiringCafe
Posted 8h ago

Product Manager - AppSec (Toronto, ON, CA, M5H 1H1)

@ Scotiabank
View All Jobs
Toronto, Ontario, Canada
OnsiteFull Time
Responsibilities:Define epics, Prioritize backlog, Coordinate with teams
Requirements Summary:Bachelor’s degree; 7+ years IT security experience (focus on application security, preferably SAST); 3+ years product management in software development; 3+ years in product strategy and backlog management; 3+ years in Agile teams with experience writing epics/user stories; strong communication/presentation skills.
Technical Tools Mentioned:SAST, DAST, CI/CD tools
Save
Mark Applied
Hide Job
Report & Hide
Job Description

 

 

 

Requisition ID: 234769

Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.

 

The Product Manager - AppSec is responsible for supporting the delivery of security capabilities across the software development lifecycle. This role works closely with cross-functional teams to promote secure-by-design practices and drive adoption of security tools and processes.

 

The Product Manager will work closely with the Senior Product Manager to translate the strategic roadmap into actionable, committable epics and user stories, maintain product backlogs, and ensure timely delivery of features that strengthen the Bank’s security posture.

 

Is this role right for you? In this role, you will:

 

Product Execution & Planning

 

  • Support the development and execution of product roadmaps for AppSec capabilities.
  • Translate product strategy into actionable tasks and user stories.
  • Triage & validation of feature requests.
  • Assist in backlog management and feature prioritization based on business value and risk.

 

Team Collaboration

 

  • Partner with engineering, architecture, and DevOps teams to deliver security capabilities.
  • Participate in Agile ceremonies including sprint planning, stand-ups, and retrospectives.
  • Help facilitate working sessions to resolve delivery blockers.

 

Stakeholder Engagement

 

  • Collaborate with compliance, risk, and governance teams to ensure alignment with enterprise security goals.
  • Develop and deliver training materials to educate internal teams on product security features.
  • Contribute to stakeholder communications and reporting.

 

Product Ownership & Vendor Coordination

 

  • Maintain product backlogs and assist in defining epics and user stories.
  • Support vendor coordination and onboarding activities.
  • Contribute to business case development and cost/benefit analysis.

 

Data-Driven Insights & Communication

 

  • Use data insights to support roadmap decisions and measure product impact.
  • Assist in preparing presentations and reports for leadership and stakeholders.
  • Define KPIs to measure capability effectiveness (e.g., scan coverage, false positive rate, time to remediation).

 

Roadmap & Delivery Management

 

  • Track delivery progress and assist in release planning.
  • Support intake and prioritization processes aligned with roadmap and compliance timelines.

 

Technical Enablement & Risk Mitigation

 

  • Assist in the deployment and integration of AppSec tools (e.g., SAST, DAST).
  • Help drive tool adoption through documentation, training, and developer engagement.
  • Monitor threat intelligence trends to support prioritization and policy updates.

 

Application Security Assessment & Audit Support

 

  • Collaborate with security teams to facilitate and support application security assessments.
  • Provide product-specific insights to help identify vulnerabilities and recommend mitigation strategies.
  • Evaluate current AppSec processes and stakeholder expectations to identify gaps and opportunities for improvement.
  • Work with broader AppSec team to define and manage rulesets and policies tailored to organizational risk tolerance.
  • Assist in internal and external audits by providing necessary documentation and evidence of security controls.

 

Do you have the skills that will enable you to succeed in this role? We'd love to work with you if you have:

 

Must Have:

 

  • Minimum of a bachelor’s degree (or equivalent)
  • 7+ years’ experience in IT Security with focus on application security preferably SAST
  • 3+ years product management experience in software development related setting
  • 3+ years’ experience with product strategy and maintaining a product backlog
  • 3+ years working in Agile teams; experienced in sprint ceremonies and writing epics/user stories
  • Demonstrable communication and presentation skills for technical and executive audiences

 

Nice to Have:

 

  • Experience with PaC (Policy as Code), Policy Configuration & Management tools
  • Experience with Application Security and/or managing IaaS, PaaS & SaaS solutions
  • Exposure to popular CI/CD tools like Jenkins, Azure DevOps, GitLab CI/CD, CircleCI
  • CISSP/CCSP/CSPO/SAFe POPM Certification)

 

What's in it for you?

 

  • Diversity, Equity, Inclusion & Allyship - We strive to create an inclusive culture where every employee is empowered to reach their fullest potential, respected for who they are, and are embraced through bias-free practices and inclusive values across Scotiabank. We embrace diversity and provide opportunities for all employee to learn, grow & participate through our various Employee Resource Groups (ERGs) that span across diverse gender identities, ethnicity, race, age, ability & veterans.
  • Accessibility and Workplace Accommodations - We value the unique skills and experiences each individual brings to the Bank and are committed to creating and maintaining an inclusive and accessible environment for everyone. Scotiabank continues to locate, remove and prevent barriers so that we can build a diverse and inclusive environment while meeting accessibility requirements.  
  • Upskilling through online courses, cross-functional development opportunities, and tuition assistance. 
  • Competitive Rewards program including bonus, flexible vacation, personal, sick days and benefits will start on day one.
  • Community Engagement - no matter where you choose to work from; we offer opportunities for community engagement & belonging with our various programs such as hackathons, contests, Humans of Digital and much more!

 

Location(s):  Canada : Ontario : Toronto 

Scotiabank is a leading bank in the Americas. Guided by our purpose: "for every future", we help our customers, their families and their communities achieve success through a broad range of advice, products and services, including personal and commercial banking, wealth management and private banking, corporate and investment banking, and capital markets.  

At Scotiabank, we value the unique skills and experiences each individual brings to the Bank, and are committed to creating and maintaining an inclusive and accessible environment for everyone. If you require accommodation (including, but not limited to, an accessible interview site, alternate format documents, ASL Interpreter, or Assistive Technology) during the recruitment and selection process, please let our Recruitment team know. If you require technical assistance, please click here. Candidates must apply directly online to be considered for this role. We thank all applicants for their interest in a career at Scotiabank; however, only those candidates who are selected for an interview will be contacted.