Information Security Specialist (Security Audit & Compliance)
Job Overview
Job title: Information Security Specialist (Security Audit & Compliance)
Job description: Company Overview
Tell us your story. Don’t go unnoticed. Explain why you’re a winning candidate. Think ”TD” if you crave meaningful work and embrace change like we do. We are a trusted North American leader that cares about people and inspires them to grow and move forward.
Stay current and competitive. Carve out a career for yourself. Grow with us. Here’s our story: jobs.td.com
Department Overview
Job Description
TD Information & Cyber Security covers the development and management of security strategies,
policies and programs to assess, prioritize, and mitigate business risk with technology controls.
Priorities include: mitigating and managing cyber security threats, ensuring systems availability,
aligning with global regulatory risk and compliance requirements, managing systems and network
complexity, and partnering with businesses for better technology delivery by providing advice on
technology controls.
Enterprise Protect & Office of CISO’s BISCG team is responsible for providing policies and
governance for managing risk across the organization through a set of technology-based standards
and controls. The Infrastructure Security Test services team within BISCG (Business Information
Security Controls & Governance) team is responsible for ensuring that applicable corporate policies
and standards are adhered to within the implemented layers of technology and support processes. As
part of BISCG Test Service team, this position will report into BISCG – Technology Control Testing
team within EP&OCISO.
The job function is to perform sample evidence collection, review & analysis on design & operating
effectiveness of Technology controls based on outlined SOX, Non-SOX, SWIFT, Basel and other
applicable compliance Control requirements. Based on sample evidence analysis, gaps/observations
reports are published for subsequent remediation actions to mitigate the identified risks.
Leveraging a common risk/ control framework the Infrastructure Security / BISCG team is accountable
for ensuring that standards are applied within the various supported technologies, and regular testing
is performed to ensure the appropriate level of technology controls are in place and remain operating
effective. The teams is also responsible for ensuring control gaps, both self-identified as well as Audit
findings, are tracked during remediation among the various support teams
Job Description
About This Role
We are looking for someone to develop and implement Technology Controls and Information Security related policies, programs and tools. You will provide specialized expertise and guidance on assessing risks, identifying potential gaps and providing security solutions to mitigate risks and protect TD. You may also participate on projects of moderate to high complexity and provide complex reporting, analysis, and assessments at the functional, business line or enterprise level.
Meaningful work is fueled by meaningful performance and career development conversations with your manager. Here’s some of what you may be asked to perform:
- Guide partners on a broad range of specific Technology Controls and Information Security programs, policies, standards and incidents.
- Conduct risk assessment, required controls definition, control procedure appropriateness, vulnerability assessments and any other relevant areas.
- Lead or contribute to the completion of risk and control design assessments for an assigned business application, business portfolio, and overall enterprise, as well as risk mitigation and remediation plans and remediation strategy.
- Contribute to the definition, development, and oversight of a global security management strategy and framework.
- Ensure technology, processes, and governance are in place to monitor, detect, prevent, and react to both current and emerging technology and security threats against TDBG’s business.
- Develop on-going technology risk reporting, monitoring key trends and defining metrics to regularly measure control effectiveness for own area.
- Adhere to internal policies and procedures, technology control standards, and applicable regulatory guidelines.
- Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement.
- Adhere to, advise, oversee, monitor and enforce enterprise frameworks and methodologies that relate to technology controls / information security activities.
- Influence behavior to reduce risk and foster a strong technology risk management culture throughout the enterprise programs and audit findings.
- Support ITS delivery teams with technology-specific security advisory for security events and as part of post security incident remediation activity; advise senior leadership and BISCGs supporting lines of business of potential impacts related to current security events.
- Testers must have strong analytical and problem-solving abilities. Candidate must understand and conceptualize Control Testing & Validation, control test automation (CAATs) from both a technical/programming perspective and a business point of view.
- Contribute to Control Verification & Testing approach & methodology and defining work packages, effort estimates for proposed tests.
- Ability to create detailed test plans from control requirements, utilizing both automated and manual test steps.
- Solid understanding of automated test scripting languages is required for the coding aspects of the role.
- Usage & development of CAATs scripts-based Control Tests (Unix scripting with Mainframe background preferred);
- Usage of ACL software on as required basis;
Requirements
What can you bring to TD? Share your credentials, but your relevant experience and knowledge can be just as likely to get our attention. It helps if you have:
- University Degree preferred.
- CISSP or CCSP is a must requirement. Other Information Security Certification or another
- Accreditation are asset, such as CISM, CISA, CRISC etc.
- Strong communication skills to deliver risk messages to various audiences and opining on materiality of risk.
- Firm commitment to staying informed/ abreast of emerging Cyber/Information security issues, industry trends.
- Sound knowledge of one or more technology controls or security domains, disciplines and practices.
- Preferred knowledge of financial industry’s technology controls and security risk issues.
- Ability to participate and provide advice / guidance on projects of low to moderate complexity within your own area of expertise.
- Strength in prioritizing and managing your own workload to deliver quality results and meet timelines with limited guidance of management.
- 5-10 years’ experience in the area of IT risk and technology and/or information security in a large organization (experience in a high transaction, large/complex/matrix business environment ideally within Financial Services an asset)
- Expert knowledge in Information Security, Risk Management, information technologies, IT operations, control testing and/or compliance (including but not limited to SOX, PCI and US financial institution regulations)
- Experienced in Control verification or Control Testing and Threat and Vulnerability Assessments and Knowledgeable in assurance programs and/or controls verification testing an asset
- Business/technology experience with experience collaborating with others in highly matrix, cross-functional environment,
- Ability to articulate technology into business solutions; excellent client engagement/management skills and the ability influence management and build credibility across the organization
- Contribute to the development, implementation and execution of a comprehensive infrastructure security and compliance controls verification and controls test program
- Knowledgeable in technical audits and audit gap remediation is an asset, coupled with strategic thinking, planning and relationship skills with SMEs to deliver control test reports.
- Assessment/Control testing experience with cloud, dev ops, cyber security, pen testing related technologies preferred.
- Experience with CAATs scripts-based Test development and or experience with ACL software user experience preferred; VB.NET, C# or JavaScript, Perl and other scripting tools – Python and
- Unix shell scripting preferred.
- Strong working knowledge of the following platforms – Cloud, Vulnerability & Patching processes, Unix, Windows, Oracle, DB2, SQL, Sybase, Active Directory, Mainframe, ACF2, DB2, IMS.
Additional Information
Join in on what others in TD Technology Solutions are doing:
- Inspire a positive work environment and help champion quality, innovation, teamwork and service to the business.
- Learn voraciously, stretch your thinking,
Hours
37.5
Inclusiveness
At TD, we are committed to fostering an inclusive, accessible environment, where all employees and customers feel valued, respected and supported. We are dedicated to building a workforce that reflects the diversity of our customers and communities in which we live and serve. If you require an accommodation for the recruitment/interview process (including alternate formats of materials, or accessible meeting rooms or other accommodation), please let us know and we will work with you to meet your needs.
Company: TD
Expected salary:
Location: Toronto, ON
Job date: Sat, 08 May 2021 22:22:43 GMT