Information Security Specialist

  • 5-10 Year
  • Toronto
  •   Posted On: July 7, 2018
  •   Skills:  Client engagement, Communication, Identity and Access Management, SOX Compliance

Job Overview

Roles & Responsibilities

Job Description

Meaningful work is fueled by meaningful performance and career development conversations with your manager. Here’s some of what you may be asked to perform:

BTRM team members supporting ITS are responsible for managing technology risk and providing advisory services on information security controls and cyber risks for a complex suite of infrastructure technologies managed by the ITS team.

The responsibilities of the role of Business Technology Risk Manager for ITS will include but not be limited to:

Manage and maintain risks profiles, risk and controls assessments, controls design and assurance testing programs focussed on infrastructure technologies and applications managed by the ITS team

Work collaboratively within TRMIS, ITS and with other key stakeholders including technology lead on activities targeting the management of business risks associated with technology

Continually demonstrate initiative and leadership as the TRMIS representative for ITS promoting TDBG technology policies and the Enterprise Technology Risk & Control Framework on all risk and controls related issues, on all programs

Provide a point of coordination for various security related activities within the TRMIS group; serve as key liaison and contact for stakeholder groups including ITS, audit and BTRM groups supporting the various lines of business in TDBG

Deliver risk assessments, controls design, control assurance and testing, program support and expert knowledge advisory services accordance with BTRM ITS specific service delivery processes

Contribute collaboratively in ongoing improvement of the enterprise BTRM practice including process improvement in TRMIS and ITS groups and to enhancements to security standards, control solutions and implementation and related monitoring and verification practices

Participate as required on all strategic objectives established IT executive leadership

Identify and prioritize key controls deficiencies at formative stages of technology development programs and as part of controls assurance and verification testing in the IT environment

Ensure ITS management understand the business implications of technology risks and the commensurate security and IT risk strategies associated with these risks; escalating urgent issues in a time appropriate manner

Interpret and advise with expert knowledge on risks, business impacts and matters of security (including vulnerabilities and threat management), compliance/regulatory standards, audit programs and audit findings

Support ITS deliver teams with technology-specific security advisory for security events and as part of post security incident remediation activity; advise senior leadership and BTRMs supporting lines of business of potential impacts related to current security events

Manage delivery of BTRM-ITS services and participate in ITS sponsored cross- development and new technology programs; provide support throughout the full SDLC ensuring key security and risk strategies are comprehensive, consistent with TRMIS policies/standards, well communicated and appropriately monitored

Contribute to the development, implementation and execution of a comprehensive infrastructure security and compliance controls verification program

Advocate security awareness and participate in the development of security and risk management communication and training programs targeting ITS delivery groups

Work with 3rd party vendors and outsourcing partners ensuring they adhere to TDBG security policies and standards

Job Requirements

What can you bring to TD? Share your credentials, but your relevant experience and knowledge can be just as likely to get our attention. It helps if you have:

– Collaborative leader with experience managing programs, projects and/or leading audits

– Business/technology experience with experience collaborating with others in highly matrix, cross-functional environment,

– Experience collaborating with or managing vendors, auditors and/or regulators

– Expert knowledge in information security, risk management, information technologies, IT operations, control testing and/or compliance (including but not limited to SOX, PCI and US financial institution regulations)

– Experienced in threat and vulnerability assessments

– University degree in technology or engineering; business degree an asset

– 5-10 years experience in the area of IT risk and technology and/or information security in a large organization

– CISSP, CISM and/or other professional security accreditation an asset

– Working knowledge of security controls, security monitoring technologies, malware detection technologies, network security, operating systems, access and identity management, application security, penetration testing, vulnerability management, security incident response and/or computer forensics an asset

– Knowledgeable in technical audits and audit gap remediation an asset

– Knowledgeable in assurance programs and/or controls verification testing an asset

– Experience in a high transaction, large/complex/matrix business environment ideally within Financial Services an asset

– Ability to articulate technology into business solutions

– Excellent client engagement/management skills

– Possesses exceptional strategic thinking, planning and relationship skills

– Ability to influence management and build credibility across the organization

– Strong leadership and communication skills

– Bilingual (English and French) is an asset

Load