Senior Manager Information Security Senior Manager Information Security …

TD Bank Group
in Toronto, ON, Canada
Permanent, Full time
Be the first to apply
Competitive
TD Bank Group
in Toronto, ON, Canada
Permanent, Full time
Be the first to apply
Competitive
Senior Manager Information Security
Company Overview

Tell us your story. Don't go unnoticed. Explain why you're a winning candidate. Think "TD" if you crave meaningful work and embrace change like we do. We are a trusted North American leader that cares about people and inspires them to grow and move forward.

Stay current and competitive. Carve out a career for yourself. Grow with us. Here's our story: jobs.td.com

Department Overview

Manage / lead a team of Technology Controls / Information Security experts in the development and/ or management of relevant strategies, programs, tools, frameworks and policies and provide specialized oversight / control / governance activities for a key business line/segment or transformational (change the bank) strategic initiative / program, liaising across the organization and primarily interfacing with executive and/or functional stakeholders to minimize overall technology risks to the Bank for own area.

Justification
• Leads the enforcement of MFA and Behavioral Analytics on in-scope systems
• Works with the different Lines of Business in defining authentication use-cases (i.e. MFA requirements, behavior to detect, etc.)
• Using data and tools, perform analysis to identify AD authenticating applications and patterns
• Build and maintain authentication policies
• Management and administration of the Preempt tool
• Coordination with LOB in enforcing Multi-Factor authentication on high risk applications as required by the AM standard
• Conduct data analytics to help drive IAM remediation
• Creation of reports, dashboards, metrics and presentation to Management
• Works with closely with Active Directory and PingFed support team in enforcing MFA authentication
• Maximize tooling capabilities that align with GIAM business strategy and increase NIST maturity score.

Job Description

CUSTOMER: Ensure team provide technical expertise and consultation to partners and/or stakeholders on a broad range of Technology Controls / Information Security programs / policies / standards and incidents for own specialized discipline / practice area
• Oversee and assign expert resources on project consulting on assessment of risk, definition of required controls, appropriateness of implemented control procedures, vulnerability assessments and any other relevant areas
• Conduct comprehensive risk and control design assessments for an application portfolio, articulate and document impact of control gaps to the business and the overall Bank, risk mitigation and remediation plans, remediation strategy document or provide info security solutions to address risks as applicable
• Ensure technology, processes, and governance are in place to monitor, detect, prevent, and react to current and emerging security threats against TDBGs business
• Contribute to the definition, development, and oversight of a global network and endpoint security threat management strategy and framework
• Provide guidance to the team in the development of on-going Technology Risk reporting, monitoring key trends and defining metrics to regularly measure control effectiveness for own area
• Provide guidance to team and proactively work with Technology leaders / stakeholders and service/platform owners to ensure all technology controls, security components are integrated into the banks overall Enterprise Architecture and any control gaps are addressed.
• Consult on Regulatory compliance requirements, reporting and questions
• Provide support and consulting in preparation for Audits and in composing management responses and appropriate remediation activities
• Develop and oversee deployment of software security program across TD Bank for in-house developed and commercial off-the-shelf software focusing on standard process and tools
• Manage executive communications and reporting of Application Security and Customer Protection programs, risks, incidents and threats for the enterprise
• Develop and implement a technology controls /security awareness and software security training curriculum for technology partners
• Participate in computer security incident responses relevant to business (or enterprise wide) and represent respective function and Enterprise position to the business, and business needs to incident response team

Requirements

SHAREHOLDER: Ensure team adherence to internal policies / procedures, technology control standards, and applicable regulatory guidelines
• Proactively review internal processes and activities and identify opportunities for improvement
• Adhere to and advise on / oversee / monitor / enforce enterprise frameworks and methodologies that relate to technology controls / information security activities
• Influence behavior to reduce risk and foster a strong technology risk management culture throughout the enterprise
• Lead relationships with other areas of Technology / businesses / corporate and/or control functions and ensure alignment with enterprise and/or regulatory requirements
• Support team in staying knowledgeable on emerging issues, trends, and evolving regulatory requirements and assess potential impacts to the Bank
• Assess / identify key issues and escalate to appropriate levels and relevant stakeholders and business management where required
• Maintain a culture of risk management and control, supported by effective processes and sound infrastructure an in alignment with risk appetite
• Identify, mitigate and report on risk issues per enterprise policy / guidelines and ensure appropriate escalation processes are followed
• Ensure business operations are in compliance with applicable internal and external requirements (e.g. financial controls, segregation of duties, transaction approvals, and physical control of assets).
• Forecast, manage and track operating / programs costs / financials in line with investment governance to deliver agreed outcomes and service-level within budgets
• Provide aggregated reporting / analysis for areas of oversight / accountability
• Work closely with key business leaders to optimize TDBGs resources and leverage TDs operating model to maximize efficiency, effectiveness and scale
• Lead or contribute to cross-functional / enterprise initiatives as an organizational or subject matter expert helping to identify risk / provide guidance for complex situations
• May lead relevant governance meetings or committees and related deliverables / outcomes representing the business on governance and control issues
• May manage oversight process, risk-based identification and monitoring of related risks and regulatory compliance across supported functions, while ensuring key controls and processes are effectively managed
• May oversee or lead the facilitation and/or implementation of action / remediation plans to address performance / risk / governance issues

EMPLOYEE / TEAM: Responsible for management of the overall team(s) providing both leadership and guidance
• Set targets and objectives for the team, and deliver results
• Grow team expertise to align with enterprise demand and the Bank's direction; assess team skills and capabilities and continually look for ways to provide and enhance the value delivered
• Foster an environment / culture that encourages productivity, innovation, process improvement, teamwork and a high level of professionalism
• Co-ordinate necessary resources to ensure completion by deadlines
• Provide coaching, development, succession, recruitment, resource management and overall team leadership for team members and provide regular input into team members assessment of performance and development plans
• Prioritize and manage own workload in order to deliver quality results and meet timelines
• Support a positive work environment that promotes service to the business, quality, innovation and teamwork and ensure timely communication of issues/ points of interest
• Identify and recommend opportunities to enhance productivity, effectiveness and operational efficiency
• Establish effective relationships across multiple business and technology partners, program and project managers
• Participate in knowledge transfer within the team and business units

Additional Information

BREADTH & DEPTH: Deep expertise and knowledge of Bank, technology standards and leading large and varied teams of professionals
• Expert knowledge of broad scope of technology controls / information security, technology, tools, processes and procedures, as well as broader organization issues
• Oversees / manages a team or group(s) of moderate to large or in size, scope, risk and complexity
• Future-focused, providing thought leadership
• Excellent communication, negotiation and organizational skills specifically including the ability to present options in business terms to both IT and business staff including executives
• Generally reports to an executive role

EXPERIENCE & EDUCATION: University degree
• Information security certification / accreditation an asset
• 10+ years of relevant experience

  • Deep understanding of Multi-Factor Authentication
  • Solid understanding of enterprise authentication strategies and protocols
  • Familiarity with Identity and Access Management concepts and capabilities, specifically Authentication and Authorization
  • In-depth knowledge on different cyber-attacks and techniques, threat vectors and incident management
  • Strong knowledge in Active Directory and Federation services (i.e. PingFed)
  • Proficient in preparation of reports, dashboards and presentation
  • Good analytical skills and problem solving
  • Background on development or firewall rule management
  • CISSP certification preferred
  • Preempt tooling experience would be a major plus


Hours

37.5

Inclusiveness

At TD, we are committed to fostering an inclusive, accessible environment, where all employees and customers feel valued, respected and supported. We are dedicated to building a workforce that reflects the diversity of our customers and communities in which we live and serve. If you require an accommodation for the recruitment/interview process (including alternate formats of materials, or accessible meeting rooms or other accommodation), please let us know and we will work with you to meet your needs.

Close
Loading...