Senior Information Security Analyst -

at  TD Bank

CUSTOMER

• Facilitate assignment across AIVM teammates of inbound requests from other TD divisions seeking AIVM input to address 1B, ORM, Audit or Regulatory asks they have received related AIVM responsibilities
• Provide support and consulting in preparation for First Line control testing activities and composing management responses and appropriate remediation activities for First Line control exceptions and Self-Declared findings
• Provide support and consulting in preparation for Audits and in composing management responses and appropriate remediation activities
• Provide support and consulting in preparation for Operational Risk Management assessments and in composing management responses and appropriate remediation activities
• May consult on Regulatory compliance requirements, reporting and questions
• Provide consultation and advice to partners on a broad range Technology Controls / Information Security programs / policies / standards and incidents for AIVM
• Conduct project consulting on assessment of risk, definition of required controls, appropriateness of implemented control procedures, vulnerability assessments and any other relevant areas
• Lead or contribute to completion of risk and control design assessments for AIVM activities , articulate and document impact of control gaps to the business and the overall Bank, risk mitigation and remediation plans, remediation strategy document as applicable
• Contribute to the definition, development, and oversight of a global security management strategy and framework
• Ensure technology, processes, and governance are in place to monitor, detect, prevent, and react to both current and emerging technology / security threats against TDBG’s business
• Support development and maintenance of on-going Technology Risk reporting, monitoring key trends and defining metrics to regularly measure control effectiveness for own area
• Work proactively with technology partners / stakeholders and service/platform owners to ensure all technology security components are integrated into the bank’s overall Enterprise Architecture, and any control gaps are addressed.
• Participate if required in computer security incident responses relevant to business (or enterprise wide) and represent respective function and Enterprise position to the business, and business needs to incident response team

EXPERIENCE & EDUCATION

• University degree
• Information security certification / accreditation an asset (e.g. CRISC, CISM, CISA, CISSP)
• Familiarity with dimensions of Application Security, Infrastructure Vulnerability Management and Application Programming Interfaces (APIs)
• Experience with risk partner engagement (including ORM, Audit, and Regulators)
• Experience with testing of technology controls
• Experience with development and management of Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs)
• Knowledge of cybersecurity industry control standards
• Experience developing and managing issue remediation plans
• Familiarity with various GRC platforms and alternative tracking methods (e.g. SharePoint, Confluence, JIRA)
• 5-7years of relevant experience

Please refer the Job description for details