Senior Information Security Specialist - DevOps and CI in Mount Laurel, New Jersey | DiversityInc Careers
This job has expired and you can't apply for it anymore. Start a new search.

Senior Information Security Specialist - DevOps and CI

Job Description

About This Role

We are looking for someone to lead and provide sound counsel on development and implementation of significant enterprise-wide Technology Controls and Information Security strategies, policies, programs and tools. As part of this, you'll oversee control and governance activities and identify and assess potential security risks, vulnerabilities that impact highly complex, high-risk businesses or transformational strategic initiatives. You'll have significant exposure to executives and functional stakeholders enterprise-wide if you prove to be the winning candidate.

Meaningful work is fueled by meaningful performance and career development conversations with your manager. Here are the essential job functions of this position:

  • Develop and implement a SecOps strategy
  • Evaluate PaaS / DevOps platforms and provide support to technology & engineering partners from a security perspective
  • Integrate application security requirements into the DevOps pipeline
  • Develop a vulnerability management strategy that is agile friendly while managing application risk
  • Provide direct support to Security Engineering for associated DevOps product decisions
  • Interface with TRMIS SLT as needed to drive awareness of required controls outside of appsec
  • Provide guidance and/or lead on the development of on-going technology risk reporting, monitoring key trends and defining metrics to regularly measure control effectiveness for own area.
  • Develop on-going Technology Risk reporting, monitoring key trends and defining metrics to regularly measure control effectiveness for own area.
  • Act as primary practice / technical expert and proactively work with technology partners and stakeholders and service/platform owners to ensure all technology security components are integrated into the bank’s overall Enterprise Architecture, and any control gaps are addressed.
  • Proactively review internal processes and activities and identify opportunities for improvement.
  • Adhere to, advise on, oversee, monitor, enforce enterprise frameworks and methodologies related to technology controls and information security activities.
  • Influence behavior to reduce risk and foster a strong technology risk management culture throughout the enterprise.
  • Remain informed of emerging issues, industry trends and/or relevant changes.
Other duties as assigned

• Driving Requirements:
• Travel Requirements: Occasional Travel (USA and Canada)
Job Requirements

What can you bring to TD? Share your credentials, but your relevant experience and knowledge can be just as likely to get our attention. Here are the minimum requirements for this position:

  • University Degree.
  • Information Security Certification / Accreditation an asset.
  • 10+ years of relevant experience and are equipped to provide technical leadership to a larger team portfolio.
  • Comfortable operating as a technical expert with deep knowledge of IT security and risk disciplines and can foresee issues and identify emerging industry trends.
  • Advanced and highly-specialized knowledge of the business, technology controls / security/ risk issues.
  • Experience working on high-profile, complex and/or high-risk technology projects with significant impact to the organization.
  • Ability to demonstrate technical leadership to a larger team portfolio.
Preferred Qualifications - Here are the preferred qualifications for this role:

  • Software development as part of an Agile environment
    • Strong knowledge of Agile / DevOps / CI methodologies
    • Implementation of best practices for prevention of security defects through CI
    • Experience in managing security defects as part of an agile workflow
    • Integrated analysis of applications for security defects/vulnerabilities
    • Team oriented development tools experience (e.g. Git)
  • Agile Knowledge
    • Process: Agile/SCRUM and use of tools such as JIRA and Confluence
    • Knowledge of formal documented methods (e.g. UML, SABSA, etc.) as well as agile based on stories/epics
  • Cloud
    • Knowledge of Azure and AWS and their security features/architectures
    • Container security (e.g. Docker/Kubernetes)
  • Risk Management
    • Deep understanding of networking and systems security in large scale enterprises
    • Deep understanding of cloud risk management
    • Source code protection and required access controls for shared repositories
  • Excellent communication skills both written and verbal