Sr Analyst, Security Risk Mgmt

Industry: Finance & Insurance

  •  

5 - 7 years

Posted 69 days ago

This job is no longer available.

Role:

The Senior Security Risk Analyst in TD Ameritrade's Vulnerability Threat Management & Risk Management department will support the development of Security Risk Management Risk metrics and performance of risk assessments. The position will also lead in the creation of risk dashboards and risk registers to centralize security risks and support communications to TDA stakeholders.

Responsibilities:

  • Partner with Security Risk Management peers to analyze and collect risk data and metrics from existing vulnerability, vendor management, project, threat management, and application related processes
  • Develop and maintain effective workflows for the automated collection, storage and reporting of risk data
  • Recommend security controls and/or corrective actions for mitigating technical and business risk
  • Conduct risk assessments of business processes, technology designs, security controls, technology architectures and product designs
  • Analyze technology and business designs to identify and assess security risk
  • Develop risk registers, security questionnaires and surveys to aid in the effective execution of risk assessments
  • Development of risk analysis metrics and reports
  • Participate in technology and security strategy planning processes to ensure identified risks are identified and included in departmental planning
  • Develop trending reports to identify areas of focus and risk concentration
  • Record and report security risk data within a Governance Risk and Compliance platform
  • Report and escalate outstanding risk findings, as appropriate

Requirements:

  • Bachelor's degree in a related field and/or a minimum of 5 years of equivalent experience
  • 5+ years of experience in performance of security risk assessments
  • Experience securing multiple platforms and operating systems
  • Expertise in standard information security concepts
  • Understanding of security frameworks: ISO 2700X, NIST, CIS
  • CISSP, CRISC certifications
  • Military education or experience may be considered in lieu of civilian requirements listed