Information Security Analyst II - Technology Asset Assessment

at  TD Bank

WHO WE ARE:

TD is one of the world’s leading global financial institutions and is the fifth largest bank in North America by branches/stores. Every day, we deliver legendary customer experiences to over 27 million households and businesses in Canada, the United States and around the world. More than 95,000 TD colleagues bring their skills, talent, and creativity to the Bank, those we serve, and the economies we support. We are guided by our vision to Be the Better Bank and our purpose to enrich the lives of our customers, communities and colleagues.
TD is deeply committed to being a leader in customer experience, that is why we believe that all colleagues, no matter where they work, are customer facing. As we build our business and deliver on our strategy, we are innovating to enhance the customer experience and build capabilities to shape the future of banking. Whether you’ve got years of banking experience or are just starting your career in financial services, we can help you realize your potential. Through regular leadership and development conversations to mentorship and training programs, we’re here to support you towards your goals. As an organization, we keep growing – and so will you.

What can you bring to GR&C? Share your credentials, but your relevant experience and knowledge can be just as likely to get our attention.

• University degree.
• 2+ years of relevant experience in the area of IT risk and technology and/or information security and/or data analysis in a large organization.
• Proficient with Microsoft Power Apps.
• Information Security Certification/Accreditation (an asset).
• Skills to identify, assess, and monitor technology risks including information security, cyber security, resilience, operations/change management quality, data quality/security, and IT compliance.
• Advanced knowledge of one or more technology controls or security domains, disciplines and practices.
• Strong critical thinking - ability to decompose complex issues into manageable pieces.
• Ability to articulate ideas, share experiences and skills.
• Sound to advanced knowledge of business, technology controls, security and risk issues.
• Firm commitment to staying informed/abreast of emerging cyber and information security issues, industry trends.
• Strength in prioritizing and managing your own workload to deliver quality results and meet timelines with limited guidance of management.
• Knowledge of industry standards and best practices in the areas of technology, information and cyber security, risk management and governance.
• High flexibility and are comfortable working in a fluid, changing environment.
• Strong communication, written and presentation skills.
• Ability to multi-task and manage multiple team and client demands concurrently.
• Dedicated team player; comfortable with a dynamic work environment.
• Diligent and resourceful in research and information gathering.
• Must be proficient with technology tools including MS Office, databases and reporting tools

You will be a core member of a high performing team of technology and risk professionals who utilize their subject matter expertise in technology and information and cyber security risk management to provide effective guidance on a broad range of cyber security policies, standards and controls in compliance with the Enterprise Risk and Control Framework. As part of the Platforms and Technology (P&T) Global Risk and Compliance (GR&C) Asset Assessment Centre of Excellence (COE) team, you will play a key role in ensuring required risk and control assessments are completed efficiently and with quality/care.

Meaningful work is fueled by meaningful performance and career development conversations with your manager. Here’s some of what you may be asked to perform:

• Update the risk and control assessments tracker on a regular basis, and prepare weekly, monthly, and quarterly risk and operational reporting.
• Conduct required risk and control assessments and evaluate control procedure appropriateness.
• Guide partners on a broad range of technology controls and information and cyber security programs, policies, and standards.
• Lead or contribute to the completion of risk and control design assessments for any assigned assets within the enterprise.
• Contribute to the definition, development, and oversight of a global security management strategy and framework.
• Ensure technology, processes, and governance are in place to monitor, detect, prevent, and react to both current and emerging technology and security threats against TDBG’s business.
• Contribute to the development of on-going technology risk reporting, monitoring key trends and providing assurance that metrics to regularly measure control effectiveness for own area are met.
• Adhere to internal policies and procedures, technology control standards, and applicable regulatory guidelines.
• Contribute collaboratively to the review of internal processes and activities and assist in identifying potential opportunities for improvement.
• Adhere to, advise, oversee, monitor and enforce enterprise frameworks and methodologies that relate to technology controls and information security activities.
• Influence behavior to reduce risk and foster a strong technology risk management culture throughout the enterprise.

What can you bring to GR&C? Share your credentials, but your relevant experience and knowledge can be just as likely to get our attention.

• University degree.
• 2+ years of relevant experience in the area of IT risk and technology and/or information security and/or data analysis in a large organization.
• Proficient with Microsoft Power Apps.
• Information Security Certification/Accreditation (an asset).
• Skills to identify, assess, and monitor technology risks including information security, cyber security, resilience, operations/change management quality, data quality/security, and IT compliance.
• Advanced knowledge of one or more technology controls or security domains, disciplines and practices.
• Strong critical thinking - ability to decompose complex issues into manageable pieces.
• Ability to articulate ideas, share experiences and skills.
• Sound to advanced knowledge of business, technology controls, security and risk issues.
• Firm commitment to staying informed/abreast of emerging cyber and information security issues, industry trends.
• Strength in prioritizing and managing your own workload to deliver quality results and meet timelines with limited guidance of management.
• Knowledge of industry standards and best practices in the areas of technology, information and cyber security, risk management and governance.
• High flexibility and are comfortable working in a fluid, changing environment.
• Strong communication, written and presentation skills.
• Ability to multi-task and manage multiple team and client demands concurrently.
• Dedicated team player; comfortable with a dynamic work environment.
• Diligent and resourceful in research and information gathering.
• Must be proficient with technology tools including MS Office, databases and reporting tools.