Risk Manager, Data & Application Security Risk

Company Overview

Tell us your story. Don't go unnoticed. Explain why you're a winning candidate. Think "TD" if you crave meaningful work and embrace change like we do. We are a trusted North American leader that cares about people and inspires them to grow and move forward.

Stay current and competitive. Carve out a career for yourself. Grow with us. Here's our story: jobs.td.com

Department Overview

The independent Operational Risk Management (ORM) team works in partnership with the business units and corporate groups of TD Bank Group to further the understanding and management of operational risk across the enterprise.

ORM for Enterprise Technology provides independent oversight and challenge to operational risk management activities executed by the Technology organization and business groups across the enterprise. They partner with the first line of defense (CIO & CISO organizations) in identifying, reporting, and mitigating Cybersecurity risk issues and provide subject matter expertise in the Cybersecurity risk management practices. The group executes 2A requirements in support of 3 lines of defense framework.

Job Description

The ORM Risk Manager, Application Security Risk will partner with the first line of defense to oversee and challenge the execution of risk management activities and leading practices/technologies used to keep up with the constantly evolving threat landscape regarding application security, virtualization and container technologies.

Reporting to the AVP, ORM - Enterprise Data & Technology Risk Management (EDTRM) and working closely under the supervision of Sr. Manager Application Security Risk, this role will have the following accountabilities:

•Application Security direction, advice and guidance to the EDTRM team.
•Contribute to the annual EDTRM planning process with a focus on developing challenge activities for the Application Security, Virtualization and container technologies related controls including: the identification and forecast of top/emerging application and serverless technologies risks, alignment of EDTRM activities with 1st and 3rd line of defense annual plans, and the development of the EDTRM Oversight & Challenge plan and Application Security Challenge plan.
•Participate and contribute in the execution of ORM Application and API Security challenge activities.
•Support other members of the team during the ORM challenge activities, providing subject matter expertise (SME) advice on Application Security topics and in managing complex risk and control assessments.
•Effectively communicate risk management practices and methodologies and results of risk assessments to other specialists and managers in a supportive and collaborative manner and influence risk-based decisions and remediation activities.
•Participate in the 2nd line oversight and independent challenge of Application security program, API security and Cloud computing Security activities for the Enterprise including: Application Security activities, Application Security Assessment (SAST, SCA, DAST, Pent Test and Manual Code review), Remediation Activities, Secure Software Development Lifecycle, DevOPs and DevSecOps, Application Protection, Application Processing Interface Security (APIs), Cloud Computing security which include Infrastructure as code, Compliance as Code, Serverless, Virtualization and Containers security , Third Party Risk Management activities related to application and platform management and protection, and Regulatory compliance.
•Conduct planned independent challenge and assessments of Technology for risk identification, assessment, reporting and monitoring based on a risk-based methodology in areas such as:
•Application Security processes.
•Projects to mature application protection capabilities.
•Technology risk assessments.
•Cloud computing and cloud service provider risk assessments.
•Third party risk assessments.
•Cybersecurity/ Data breach incidents.
•Manage 2nd line Application Security challenge activities required to support the ORM Framework
•Be a positive team player to consistently maintain high levels of integrity, motivation and morale.
•Will be required to keep abreast of Technology and Cybersecurity emerging risks, the evolving Cyber threat landscape especially in regard to TTPs on data and applications, best practices to address/mitigate risks, and applicable Regulatory and Compliance requirements.
•Position will deal with executives and Sr. management in Technology & Cybersecurity areas and risk professionals across the enterprise.
•This is a seasoned Cybersecurity risk and technology leader with 5+ years of experience in Application Security, cybersecurity technology, and risk management

Requirements

•Ability to work in ambiguity; must be flexible to deal with changes in a fast paced and new environment, working closely with peers where Data Protection and Information Security risk subject matter expertise is required.
•Organizationally astute, with superior influencing, collaboration and communication skills. Ability to digest and summarize complex technical scenarios and to communicate those effectively to various audiences.
•Experience assessing risk and challenging the status quo
•In order to provide effective oversight and independent challenge the role requires the incumbent to have a good understanding of the following areas:
•Risk management frameworks and methodologies;
•Data Governance & Cybersecurity frameworks, Privacy, operations, processes, controls and tools;
•Application Security Program and capabilities;
•Technology operations and processes;
•Third party risk management;
•Regulatory requirements.
•Experience in the Data Protection, Application Security, Privacy, Cybersecurity, Technology Solutions, Risk Management, or Internal Audit field.
•Deep understanding of Regulatory and Controls requirements: Privacy legislation, GDPR, PCI, FFIEC, SOX, HIPAA, ISO 2700x, and NIST. Standards.
•Strong analytical skills, including segment risk analysis, data analysis, and comparative analysis. Ability to identify root causes on risk exposures and to correlate multiple risk exposures to assess aggregated risks and enterprise compensating controls.
•Proven ability to work independently and promote a positive, high performing work environment. Expertise in working effectively in teams - requires a track record of knowledge across the organization.
•Strong business and financial acumen.
Education & Accreditation

•This role requires successful completion of all three levels of TD Operational Risk Management certification. Certification is not a requirement to apply for this role. The successful candidate will have 12 months from the start date in the role to complete required certifications. The required courses are available internally through TD Operational Risk Management.
•Undergraduate degree in Computer Science/ Computer Engineering/ Risk Management is an asset.
•Accreditation such as CISSP, CISM, CRISC, CISA and/or similar is preferred.

Hours
37.5

Inclusiveness

At TD, we are committed to fostering an inclusive, accessible environment, where all employees and customers feel valued, respected and supported. We are dedicated to building a workforce that reflects the diversity of our customers and communities in which we live and serve. If you require an accommodation for the recruitment/interview process (including alternate formats of materials, or accessible meeting rooms or other accommodation), please let us know and we will work with you to meet your needs.

Category

Creative and Graphic Design