Information Security Specialist - Business Technology Risk Manager


Toronto, ON

Industry: Financial Services


8 - 10 years

Posted 359 days ago

Job Description

The Business TechnologyRisk Manager (BTRM) – TechnologyRisk Management and Information Security is responsible for ensuring technology controls are sufficiently protecting business risk, through the application of the TechnologyRisk and Control framework, and overseeing security standards, policies and procedures for Direct Channels (DC) business lines and Channels Technology Solutions (CTS).

Reporting to the Senior Manager, Direct Channels BTRM, within Technology Risk Management and Information Security for TDBG, the accountabilities of the role include but are not limited to the following:

  • Provide consultation and advice to Business and Technology partners on a broad range of TechnologyRisk and Controls, Information Security Programs, Policies, Standards and Procedures
  • Provide guidance and/or consulting on key technology initiatives including assessment of risks, required controls and vulnerabilities
  • Lead or contribute to completion of risk and control design assessments for an application portfolio, and articulate and document the impact of control gaps to the business and the overall Bank
  • Act as a point of coordination for various security related activities within the central TechnologyRisk Management and Information Security team
  • Escalate security and IT Risk related issues and participate in CSIRT events impacting Direct Channels
  • Provide assistance to business lines to address technology based Audit findings and issues
  • Participate in the development of system security awareness and communication training programs across the enterprise
  • Ensure outsourcing partners are aware of TDBG security policies and standards, by establishing oversight controls and risk mitigation to protect the Bank
  • Participate in the development of on-going TechnologyRiskreporting, monitoring key trends and/or breaches.
  • Stay current with emerging technology advancements / trends, and federal and industry based regulations


What can you bring to TD?Share your credentials, but your relevant experience and knowledge can be just as likely to get our attention. It helps if you have:

  • 8-10 years’ experience in the area of IT Risk and Control, in a large organization of which 5 years is within information security specifically relating to Web and/or Mobile applications
  • Advanced understanding of IT security, risk disciplines and practices and information security frameworks and methodologies
  • Proven experience in leading independent technologyrisk based analysis and information security control assessments
  • Ability to engage collaboratively with others, partnering with Business and Technology Front line Managers, Vendors, Auditors and Regulators
  • Experience in a high transaction, large/complex/matrix business environment with a focus on Web and Mobile Applications
  • Excellent client engagement and management skills
  • Ability to influence management and build credibility across the organization
  • Ability to prioritize and react quickly within a changing environment
  • Excellent written and oral communications skills
  • Ability to articulate complex technical issues in simple business terms and present information to all levels of management and staff
  • Experience delivering in an Agile environment
  • Strong understanding of securitytechnologies (e.g. Antivirus, IDS, IPS, firewall, VPN, Spam filtering, Web content filtering, Directories, Encryption, WAF, PKI)
  • Strong understanding of Cloud Computing Risk and Controls
  • Strong understanding of regulatory controls related to security (SOX & PCI)
  • Strong understanding of vulnerability scanning and penetration testing tools
  • Solid understanding of the financial industry and key strategic direction of the Bank
  • Strong understanding of cybersecurity controls and frameworks (COBIT, COSO, ISACA, ISO2700x, NIST, SANS, etc.)
  • At least one recognized security certifications: CISSP, CISM, CISRCP
  • University degree or equivalent industry experience

Experience with the following technologies and/or industry standards:

  • Web Applications (XML, JAVA)
  • Mobile Applications (iOS)
  • Cloud Computing
  • Data Protection and Encryption (PKI, SSL, AES, 3DES)
  • PCI Standards
  • Vulnerability scanning and penetration testing tools