Alexandria, Charlotte, Falmouth, Greenville, Jacksonville, Mount Laurel, Washington, District of Columbia, Florida, Maine, New Jersey, North Carolina, South Carolina, Virginia
6 days ago
Information Security Specialist - Cyber Threat Matrix
About This Role
The successful applicant will be responsible for the development, conduct and output reports of Cyber Threat Matrix to determine how technical controls reduce the residual risk against the Bank's top cyber threats. You may also participate on projects of moderate to high complexity and provide complex reporting, analysis, and assessments at the functional, business line or enterprise level.
Meaningful work is fueled by meaningful performance and career development conversations with your manager. Here are the essential job functions of this position:
- Guide partners on a broad range of specific Technology Controls and Information Security programs, policies, standards and incidents.
- Conduct risk assessment, required controls definition, control procedure appropriateness, vulnerability assessments and any other relevant areas.
- Lead or contribute to the completion of risk and control design assessments for an assigned business application, business portfolio, and overall enterprise, as well as risk mitigation and remediation plans and remediation strategy.
- Contribute to the definition, development, and oversight of a global security management strategy and framework.
- Ensure technology, processes, and governance are in place to monitor, detect, prevent, and react to both current and emerging technology and security threats against TDBG’s business.
- Develop on-going technology risk reporting, monitoring key trends and defining metrics to regularly measure control effectiveness for own area.
- Adhere to internal policies and procedures, technology control standards, and applicable regulatory guidelines.
- Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement.
- Adhere to, advise, oversee, monitor and enforce enterprise frameworks and methodologies that relate to technology controls / information security activities.
- Influence behavior to reduce risk and foster a strong technology risk management culture throughout the enterprise.
- Work with the Cyber Intelligence Centre to deliver the quarterly Enterprise Threat Matrix
- Competence of MITRE ATT&CK framework and the Cyber Kill Chain preferred
- Awareness and understanding of the external threat landscape preferred
- The capability of working independently and operating effectively in the absence of regular feedback or guidance is preferred
- Concise and confident communication skills preferred (verbal and written).
- Intermediate to advanced skills in MS Office suite of applications preferred
What can you bring to TD? Share your credentials, but your relevant experience and knowledge can be just as likely to get our attention. Here are the minimum requirements for this position:
- University Degree.
- Information Security Certification / Accreditation an asset.
- 7+ years of relevant experience.
- Expert knowledge of IT security and risk disciplines and practices.
- Advanced knowledge of of organization, technology controls, security and risk issues.
- Demonstrated ability to participate in complex, comprehensive or large projects and initiatives.
- Ability to serve as a lead expert resource in technology controls and information security for project teams, the business, organization and outside vendors.
- Must be eligible for employment under regulatory standards applicable to the position.