You're using an older version of Internet Explorer that is no longer supported. Please update your browser.

Incident Response Lead - CSIRT, Incident Handling

Toronto, ON
Full Time
6 days ago
Company Overview

Tell us your story. Don't go unnoticed. Explain why you're a winning candidate. Think "TD" if you crave meaningful work and embrace change like we do. We are a trusted North American leader that cares about people and inspires them to grow and move forward.

Stay current and competitive. Carve out a career for yourself. Grow with us. Here's our story:

Department Overview

Building a World-Class Technology Team at TD

We can't afford to be boring. Neither can you. The scale and scope of what TD does may surprise you. The rapid pace of change makes it a business imperative for us to be smart and open-minded in the way we think about technology. TD's technology and business teams become more intertwined as new opportunities present themselves. This new era in banking does not equal boring. Not at TD, anyway.

TD Information Security covers the development and management of security strategies, policies and programs to assess, prioritize, and mitigate business risk with technology controls. Priorities include: mitigating and managing cyber security threats, ensuring systems availability, aligning with global regulatory risk and compliance requirements, managing systems and network complexity, and partnering with businesses for better technology delivery by providing advice on technology controls.

There's room to grow in all of it.

Job Description

Job Description:
  • Responsible for overseeing incidents to provide assistance and direction on incident response efforts and managing priorities of the team
  • Accountable for the response of the team for incoming incidents and events and the required actions throughout the incident response process
  • Handling the on-call pager during the weekdays except for during follow-the-sun shifts
  • Leading the morning Scrum & developing Scrum meeting minutes
  • Representing the incident response team on all meetings with key stakeholders
  • Providing oversight and supporting Analysts through incident response efforts
  • Compiling the shift handover brief with support from Analysts
  • Responsible for the quality assurance of ticket quality, incident briefings, quality and adherence to SLAs
  • Partner across teams for coordination of technical incident response, business and executive bridges and war rooms.
  • Support TD's Follow-the-Sun model for investigations across multiple regions globally
  • Collaborate with relevant teams to implement security controls, validations, best practices, and enable mechanisms for incident response and data breach detection.
  • Facilitate audit activities as initiated from internal and external entities, following established policies and procedures.
  • Required flexibility to work nights, weekends, and/or holiday shifts in the event of an incident response emergency
  • Contribute to Playbooks, Operating Models and on-going maintenance of standards and processes
  • Contribute to the development of the company-wide information security requirements, threat modeling, secure design, cryptography standards, third-party component, selection of approved tools, secure implementation and system monitoring.
  • We need someone to provide research, evaluation, assessment, operational, reporting and analytical support for cyber security incident handling programs and initiatives, along with working across the organization with key companion teams as part of TD's Fusion Center strategy. Your ability to provide sound advice and guidance will prove instrumental as you grow in this role.
  • Consult with partners on Technology Controls and Information Security programs, incidents, and controls.
  • Support and partner with information security investigations and forensics teams during active incidents.
  • Articulate and document impact of control gaps to the business and the overall Bank, risk mitigation and remediation plans, documentation of triage steps or engagement with key stakeholders on resolving overall Bank issues.
  • Develop and enhance internal policies and procedures for related incident and event handling capabilities.
  • Adhere to and advise on, oversee, monitor, enforce enterprise frameworks and methodologies that relate to information security incident management activities.
  • Provide executive level updates, written and verbally, on current and past cyber incidents. Explain complex technical concepts in business terms.
  • Participate in Enterprise Cyber Security Incident Scenario analysis and exercises.


What can you bring to TD? Share your credentials, but your relevant experience and knowledge can be just as likely to get our attention. It helps if you have:
  • At least 5 years of cyber security operations experience (e.g. SOC/CIRT) preferred
  • Bachelor's Degree in Computer Science or related field, or equivalent experience and knowledge required
  • In-depth understanding of security issues across many different platforms and capability to articulate and communicate these issues to both technical and non-technical audiences.
  • Advanced knowledge of security tools such as SIEM, IDS/IPS, and firewalls.
  • Advanced knowledge of network devices such as switches and routers.
  • Advanced knowledge of Microsoft Windows systems including active directory.
  • Knowledge of web application development languages and methodologies.
  • Team-oriented and skilled in working within a collaborative environment.
  • Experience with cyber monitoring, hunting, and incident response investigations is preferred.
  • Ability to effectively multi-task, prioritize and execute tasks in a high-pressure environment.
  • Displays a high of level of passion, energy, excitement and intensity.
  • Ability to be broadly focused and manage multiple efforts concurrently.
  • Ability to work independently.
  • Strong written and verbal communication skills.
  • Good organizational skills, including prioritization and time management.
  • CISSP or equivalent preferred.
  • GCIH, or equivalent preferred
  • GCFA, or equivalent preferred.
  • Prior experience in the Financial Services sector preferred.
  • Thought leadership with deep expertise and knowledge of the business and technology standards.
  • Excellent communication and organizational skills, including the ability to present options in business terms to both IT and business staff including executives.
  • Specific experience related to handling information security incidents and events required.
  • Understanding the connection points between information security, physical security, legal, and fraud operations to ensure holistic response to Enterprise-wide issues.

Additional Information

Join in on what others in TD Technology Solutions are doing:
  • Inspire a positive work environment and help champion quality, innovation, teamwork and service to the business.
  • Learn voraciously, stretch your thinking,



At TD, we are committed to fostering an inclusive, accessible environment, where all employees and customers feel valued, respected and supported. We are dedicated to building a workforce that reflects the diversity of our customers and communities in which we live and serve. If you require an accommodation for the recruitment/interview process (including alternate formats of materials, or accessible meeting rooms or other accommodation), please let us know and we will work with you to meet your needs.
Information Technology