We are working to deliver a legendary mobile experience. If your experience is less than optimal, please visit us on a desktop or laptop.

Information Security Specialist (Cyber Security Audit & Compliance)

284673BR
Technology Solutions
Toronto, ON
October 12, 2020

Company Overview

Tell us your story. Don’t go unnoticed. Explain why you’re a winning candidate. Think “TD” if you crave meaningful work and embrace change like we do. We are a trusted North American leader that cares about people and inspires them to grow and move forward.

Stay current and competitive. Carve out a career for yourself. Grow with us. Here’s our story: jobs.td.com

Department Overview

TD Information & Cyber Security covers the development and management of security strategies, policies and programs to assess, prioritize, and mitigate business risk with technology controls. Priorities include: mitigating and managing cyber security threats, ensuring systems availability, aligning with global regulatory risk and compliance requirements, managing systems and network complexity, and partnering with businesses for better technology delivery by providing advice on technology controls.
Enterprise Protect & Office of CISO’s BISCG team is responsible for providing policies and governance for managing risk across the organization through a set of technology-based standards and controls. The Infrastructure Security Test services team within BISCG (Business Information Security Controls & Governance) team is responsible for ensuring that applicable corporate policies and standards are adhered to within the implemented layers of technology and support processes. As part of BISCG Test Service team, this position will report into BISCG – Technology Control Testing team within EP&OCISO.

The job function is to perform sample evidence collection, review & analysis on design & operating effectiveness of Technology controls based on outlined SOX, Non-SOX, SWIFT, Basel and other applicable compliance Control requirements. Based on sample evidence analysis, gaps/observations reports are published for subsequent remediation actions to mitigate the identified risks.

Leveraging a common risk/ control framework the Infrastructure Security / BISCG team is accountable for ensuring that standards are applied within the various supported technologies, and regular testing is performed to ensure the appropriate level of technology controls are in place and remain operating effective. The teams is also responsible for ensuring control gaps, both self-identified as well as Audit findings, are tracked during remediation among the various support teams

Job Description

We need someone to provide research, evaluation, assessment, control testing, operational, reporting and analytical support for Technology Controls and Information Security programs and initiatives. Your ability to provide sound advice and guidance will prove instrumental as you grow in this role. Meaningful work is fueled by meaningful performance and career development conversations with your people manager. Here’s some of what you may be asked to perform:

  • Manage and maintain Technology & Infrastructure Security risks profiles, risk and controls assessments, controls design and assurance testing programs focused on infrastructure technologies and applications managed by ITS & various TS-LOB technology support teams.
  • Work collaboratively within Enterprise Protect & Office of the CISO (EP&OCISO), ITS, TS-LOB and with other key stakeholders, on activities targeting the management of operational risks associated with technology
  • Continually demonstrate initiative and leadership as the EP&OCISO representative for ITS promoting TDBG technology policies and the Enterprise Technology Risk & Control Framework on all risk and controls related issues, on all programs such as TS-SOX, MCST and MCST Test Programs.
  • Provide a point of coordination for various security related activities within the EP&OCISO group; serve as key liaison and contact for stakeholder groups including ITS, audit, TS-LOB and other BISCG groups supporting the various lines of business in TDBG.
  • Deliver control assurance and control testing, program support and expert knowledge advisory services accordance with BISCG TS-SOX or similar specific control testing services’ delivery processes (Playbook).
  • Contribute collaboratively in ongoing improvement of the enterprise BISCG practice including process improvement in EP&OCISO, ITS & TS-LOB groups and to enhancements to security standards, control solutions and implementation and related monitoring and verification practices.
  • Identify and prioritize key controls deficiencies at formative stages of technology development programs and as part of controls assurance and verification testing in the ITS/ TS-LOB Technology environments.
  • Ensure engaged ITS/TS-LOB management understand the business implications of technology risks and the commensurate security and IT risk strategies associated with these risks; escalating urgent issues in a time appropriate manner.
  • Interpret and advise with expert knowledge on risks, business impacts and matters of security (including vulnerabilities and threat management), compliance/regulatory standards, audit programs and audit findings.
  • Support ITS delivery teams with technology-specific security advisory for security events and as part of post security incident remediation activity; advise senior leadership and BISCGs supporting lines of business of potential impacts related to current security events.
  • Testers must have strong analytical and problem-solving abilities. Candidate must understand and conceptualize Control Testing & Validation, control test automation (CAATs) from both a technical/programming perspective and a business point of view.
  • Contribute to Control Verification & Testing approach & methodology and defining work packages, effort estimates for proposed tests.
  • Ability to create detailed test plans from control requirements, utilizing both automated and manual test steps.
  • Solid understanding of automated test scripting languages is required for the coding aspects of the role.
  • Usage & development of CAATs scripts-based Control Tests (Unix scripting with Mainframe background preferred);
  • Usage of ACL software on as required basis;

Requirements

What can you bring to TD?
Share your credentials, but your relevant experience and knowledge can be just as likely to get our attention. It helps if you have:

  • University Degree preferred.
  • CISSP or CCSP is a must requirement. Other Information Security Certification or another Accreditation are asset, such as CISM, CISA, CRISC etc.
  • Strong communication skills to deliver risk messages to various audiences and opining on materiality of risk.
  • Firm commitment to staying informed/ abreast of emerging Cyber/Information security issues, industry trends.
  • Sound knowledge of one or more technology controls or security domains, disciplines and practices.
  • Preferred knowledge of financial industry’s technology controls and security risk issues.
  • Ability to participate and provide advice / guidance on projects of low to moderate complexity within your own area of expertise.
  • Strength in prioritizing and managing your own workload to deliver quality results and meet timelines with limited guidance of management.
  • 5-10 years’ experience in the area of IT risk and technology and/or information security in a large organization (experience in a high transaction, large/complex/matrix business environment ideally within Financial Services an asset)
  • Expert knowledge in Information Security, Risk Management, information technologies, IT operations, control testing and/or compliance (including but not limited to SOX, PCI and US financial institution regulations)
  • Experienced in Control verification or Control Testing and Threat and Vulnerability Assessments and Knowledgeable in assurance programs and/or controls verification testing an asset
  • Business/technology experience with experience collaborating with others in highly matrix, cross-functional environment,
  • Ability to articulate technology into business solutions; excellent client engagement/management skills and the ability influence management and build credibility across the organization
  • Contribute to the development, implementation and execution of a comprehensive infrastructure security and compliance controls verification and controls test program
  • Knowledgeable in technical audits and audit gap remediation is an asset, coupled with strategic thinking, planning and relationship skills with SMEs to deliver control test reports.
  • Assessment/Control testing experience with cloud, dev ops, cyber security, pen testing related technologies preferred.
  • Experience with CAATs scripts-based Test development and or experience with ACL software user experience preferred; VB.NET, C# or JavaScript, Perl and other scripting tools – Python and Unix shell scripting preferred.
  • Strong working knowledge of the following platforms – Cloud, Vulnerability & Patching processes, Unix, Windows, Oracle, DB2, SQL, Sybase, Active Directory, Mainframe, ACF2, DB2, IMS.

Additional Information

Join in on what others in TD Technology Solutions are doing:

  • Inspire a positive work environment and help champion quality, innovation, teamwork and service to the business.
  • Learn voraciously, stretch your thinking, share your knowledge and educate others.
  • Communicate and collaborate with both technical and non-technical professionals.
  • Cultivate winning relationships by building trust with business and technology partners.
  • Share our commitment to productivity, effectiveness and operational efficiency.
  • Embrace change and witness amazing things happen – from the inside.

Hours

37.5

Inclusiveness

At TD, we are committed to fostering an inclusive, accessible environment, where all employees and customers feel valued, respected and supported. We are dedicated to building a workforce that reflects the diversity of our customers and communities in which we live and serve. If you require an accommodation for the recruitment/interview process (including alternate formats of materials, or accessible meeting rooms or other accommodation), please let us know and we will work with you to meet your needs.