Senior Information Security Analyst - Third Party Cyber Risk

TD Bank
Laurel, DE
Feb 15, 2018
Feb 16, 2018
Full Time
Job DescriptionAbout This Role We are looking for someone to join us as we develop and implement policies, programs and tools related to TD Technology Controls and Information Security. The Information Security IT Specialist is responsible for Third Party Cyber Risk Assessment processes, procedures, and additional program deliverables. We'll look to you to help provide specialized expertise and guidance on assessing risks, identifying potential gaps and providing security solutions to mitigate risks and protect TD. You may also participate on projects of moderate to high complexity and provide complex reporting, analysis, and assessments at the functional, business line or enterprise level. Meaningful work is fueled by meaningful performance and career development conversations with your manager. Here are the essential job functions of this position: Guide and advise partners on a broad range of specific Technology Controls and Information Security programs, policies, standards and incidents. Engage in assessments related to risk, controls, implemented control procedures, vulnerability etc.. Lead or contribute to risk and control design assessments for an assigned business application, business portfolio, and overall enterprise, as well as risk mitigation and remediation plans and remediation strategy. Actively contribute to the definition, development, and oversight of a global security management strategy and framework. Ensure technology, processes, and governance are in place to monitor, detect, prevent, and react to both current and emerging technology and security threats to TD. Develop on-going technology risk reporting, monitoring key trends and defining metrics to measure control effectiveness for your own area. Apply a teamwork philosophy with technology and partners, service or platform owners to integrate all technology security components and address control gaps. Consult on regulatory compliance requirements, reporting and questions. Provide support and consulting for Audits, help compose management responses and appropriate remediation activities. Participate in computer security incident responses relevant to business (or enterprise wide), represent your respective position to the business while conveying their needs to the incident response team. Adhere to policies, procedures, technology control standards and regulatory guidelines. Contribute to internal activity and process review, flag windows for improvement. Adhere to, advise, oversee, monitor and enforce enterprise frameworks and methodologies related to technology controls / information security activities. Influence behavior to reduce risk, foster a strong technology risk management culture. Define, develop, implement and manage standards, policies, procedures, and solutions that mitigate risk and maximize security, service availability, efficiency and effectiveness. Manage relationships with other technology/business/corporate/control functions. Assess, identify and escalate issues appropriately. Other duties as assigned * Driving Requirements: as needed * Travel Requirements: 30% to 35% in US and CanadaJob RequirementsWhat can you bring to TD? Share your credentials, but your relevant experience and knowledge can be just as likely to get our attention. Here are the minimum requirements for this position: University Degree. Information Security Certification / Accreditation an asset. 5-7 years of relevant experience. Firm commitment to staying informed and abreast of emerging issues, industry trends etc. Advanced knowledge of one or more technology controls or security domains, disciplines and practices. Sound to advanced knowledge of business, technology controls, security and risk issues. Demonstrated ability to participate in projects of moderate to high complexity. Ability and commitment to serve as a subject matter expert on business-specific, cross-functional and enterprise initiatives. Readiness to participate in projects of moderate to high complexity and provide complex reporting, analysis, and assessments at the functional, business line or enterprise level. QualificationsPreferred Qualifications - Here are the preferred qualifications for this role: CISSP, CRISC, CISA, CISM, CEH or equivalent certification is preferred Expertise in various technology control domains, such as: Access Management, Vulnerability Monitoring, Network Security, Encryption, Change Control, Secure SDLC, Incident Response, Cloud Security, Disaster Recovery, Security Policies etc, strongly preferred Strong understanding of ISO27000 Series, SSAE 16/CSAE 3416/ISAE 3402 SOC reports, PCI DSS, CSA CAIQ, BITS SIG, NIST and vulnerability/penetration testing reports preferred