Tell us your story. Don’t go unnoticed. Explain why you’re a winning candidate. Think “TD” if you crave meaningful work and embrace change like we do. We are a trusted North American leader that cares about people and inspires them to grow and move forward.
Stay current and competitive. Carve out a career for yourself. Grow with us. Here’s our story: jobs.td.com
Operational Risk Management (ORM) is an independent function responsible for the design and maintenance of the Bank’s overall Operational Risk Management Framework. The ORM Framework sets out the enterprise-wide governance processes, policies, and practices/programs that help to identify and assess, measure, control, monitor, escalate, and report operational risk.
ORM for Enterprise Technology Solutions provides second line of defense operational risk management oversight and challenge to the technology organization and to the management of technology risks across the enterprise. The team partners with the first line of defense (CIO & CISO organizations) in identifying, reporting and mitigating technology risk issues and provide subject matter expertise in the operational risk framework and technology risks/processes/controls. The group fulfills the requirement for a second line in support of the three lines of defense framework for Technology.
With technology risk continuing to evolve throughout the organization and to address heightened expectations, ORM ETech has expanded our oversight and needs additional talent to execute our strategy.
Reporting to the Associate Vice-President of Operational Risk Management – Enterprise Technology, this role will act as the 2nd line oversight and challenge to the technology organization and to the management of technology risks across the enterprise with the following accountabilities:
- Contribute to the execution of the strategic plan to assess and monitor technology risk management.
- Support ORM ETech challenge activities of technology risk identification, assessment, reporting and monitoring on a risk-based approach in areas such as:
- Technology risk assessment results of Business Applications, supporting infrastructure, and cybersecurity solutions;
- Technology risk assessment results of significant technology projects;
- Third party risk assessment results;
- Cloud security risk assessment results
- Technology Risk Management and Cybersecurity Policy,Framework and standards, and monitor adherence;
- Special initiatives on emerging risk or regulatory/industry requirements, and;
- Enterprise Cybersecurity and technology operational processes.
- Support 2nd line challenge of activities required to support the ORM Framework, including but not limited to:
- Technology risks and controls identification for core technology process – Process Risk and Control Self-Assessments (pRCSA) across all technology groups;
- Management’s quality testing on key controls identified from the pRCSA, and remediation plan on any identified gap;
- Technology risk related scenario analysis;
- Internal and external technology risk event analysis;
- Key Risk Indicators and metrics on technology and monitoring on KRI results and mitigation action(s);
- Technology incident management and operational risk event monitoring, escalation and tracking of remediation efforts, and;
- Other areas as appropriate to support the ORM ETech in managing various programs
- Assist in monitoring and reporting residual Enterprise Technology operational risk profile against the Bank’s risk appetite;
- Prepare risk dashboards and risk-related presentations for senior management review;
- Actively developing the understanding on risk management practices, methodologies and interrupt results of risk assessments
- Be a positive team player to consistently maintain high levels of integrity, motivation and morale;
- Will be required to keep abreast of regulatory and industry best practice requirements on key risk and controls and testing practice on technologies, and;
- Position will deal with management in technology solutions and risk professionals.
Experience in Cybersecurity, information technology, and technology risk management is an asset for this role.
In order to provide supports on oversight and second line challenge, the role requires the incumbent to have a working knowledge of some of the following areas:
- Information Security, Cybersecurity and Technology risk management framework and control standards;
- Technology operations and processes;
- Third party risk management;
- Cloud Computing Security;
- Regulatory requirements and industry best practice; and Control assessment and testing methodology.
- Previous experience in Technology Risk/Control, Internal Audit,Technology Solutions, Cybersecurity and Risk Management field is an asset;
- Proven ability to foster a cohesive team and promote a positive, high performing work environment;
- Expertise in working effectively in teams;
- Ability to work in ambiguity, must be flexible to deal with changes in a fast paced and new environment, working closely with peers where subject matter expertise is required;
- Strong analytical skills, including risk analysis, data analysis, and comparative analysis and elevate the results for executive’s consumption;
- Ability to connect technology risk and business impacts, and;
- Organizationally astute, with influencing, collaboration and communication skills.
- Undergraduate degree in Business with a technology major/ Computer Science/Engineering/Risk Management is an asset.
- Working towards to accreditation such as CRISC, CISA, CISM, CGEIT, or CISSP is preferred.
At TD, we are committed to fostering an inclusive, accessible environment, where all employees and customers feel valued, respected and supported. We are dedicated to building a workforce that reflects the diversity of our customers and communities in which we live and serve. If you require an accommodation for the recruitment/interview process (including alternate formats of materials, or accessible meeting rooms or other accommodation), please let us know and we will work with you to meet your needs.