Sr Information Security Analyst - Third Party Risk Assessment - Cyber in United States | DiversityInc Careers
This job has expired and you can't apply for it anymore. Start a new search.

Sr Information Security Analyst - Third Party Risk Assessment - Cyber

Job Description

About This Role

We are looking for someone to join us as we develop and implement policies, programs and tools related to TD Technology Controls and Information Security. The Sr. Information Security Analyst will be responsible for conducting the Supplier Engagement process, appropriate due diligence based on Supplier Risk, contract execution, and ongoing supplier monitoring and oversight. This position will assist the Program Manager with driving enterprise partnership involving, TD Legal, the Strategic Sourcing Group (SSG), Privacy, Operational Risk, Business Continuity, Global Security & Investigations, as well as additional governance groups & key stakeholders across TD Lines of Businesses.
You may also participate on projects of moderate to high complexity and provide complex reporting, analysis, and assessments at the functional, business line or enterprise level.

Meaningful work is fueled by meaningful performance and career development conversations with your manager. Here are the essential job functions of this position:

  • Lead and assist in the development of a consistent, agile, and repeatable Enterprise Supplier Risk Management program

  • Conduct end to end on site Supplier Risk Assessments including reporting and remediation responsibilities
  • Apply TD Risk and Control Framework relating to Technology Risk as well as the Operational Risk Methodology of TD supplier
  • Strong aptitude and risk management judgement for escalation of supplier risk management issues.
  • Ensure technology, processes, and governance are in place to monitor, detect, prevent, and react to both current and emerging technology and security threats to TD.
  • Develop on-going technology risk reporting, monitoring key trends and defining metrics to measure control effectiveness for your own area.
  • Apply a teamwork philosophy with technology and partners, service or platform owners to integrate all technology security components and address control gaps.
  • Consult on regulatory compliance requirements, reporting and questions.
  • Provide support and consulting for Audits, help compose management responses and appropriate remediation activities.
  • Participate in computer security incident responses relevant to business (or enterprise wide), represent your respective position to the business while conveying their needs to the incident response team.
  • Adhere to policies, procedures, technology control standards and regulatory guidelines.
  • Contribute to internal activity and process review, flag windows for improvement.
  • Adhere to, advise, oversee, monitor and enforce enterprise frameworks and methodologies related to technology controls / information security activities.
  • Influence behavior to reduce risk, foster a strong technology risk management culture.
  • Define, develop, implement and manage standards, policies, procedures, and solutions that mitigate risk and maximize security, service availability, efficiency and effectiveness.
  • Manage relationships with other technology/business/corporate/control functions.
  • Assess, identify and escalate issues appropriately.
Other duties as assigned

• Driving Requirements: as needed
• Travel Requirements: 30% to 35% domestic / international travel
Job Requirements

What can you bring to TD? Share your credentials, but your relevant experience and knowledge can be just as likely to get our attention. Here are the minimum requirements for this position:

  • University Degree.
  • Information Security Certification / Accreditation an asset.
  • 5-7 years of relevant experience.
  • Firm commitment to staying informed and abreast of emerging issues, industry trends etc.
  • Advanced knowledge of one or more technology controls or security domains, disciplines and practices.
  • Sound to advanced knowledge of business, technology controls, security and risk issues.
  • Demonstrated ability to participate in projects of moderate to high complexity.
  • Ability and commitment to serve as a subject matter expert on business-specific, cross-functional and enterprise initiatives.
  • Readiness to participate in projects of moderate to high complexity and provide complex reporting, analysis, and assessments at the functional, business line or enterprise level.
Preferred Qualifications - Here are the preferred qualifications for this role:

• CISSP and/or CISM accreditation
• Supplier Risk Management experience dealing with high transaction, large/complex/matrix business environment ideally within Financial Services
• Deep knowledge of IT security and Risk disciplines and practices
• Strong working knowledge of industry frameworks such as the ISO 27002, NIST Cyber Security Framework