This job board retrieves part of its jobs from: Healthcare Jobs | Professional Careers | Toronto Jobs

Find jobs in the City of Toronto

To post a job, login or create an account |  Post a Job

  Toronto Jobs  

Bringing the best, highest paying job offers near you

previous arrow
next arrow
Slider

Information Security Specialist (Cloud Infrastructure Risk Management)

TD

This is a Contract position in Toronto, ON posted October 30, 2020.

Company Overview

Tell us your story. Don’t go unnoticed. Explain why you’re a winning candidate. Think ”TD” if you crave meaningful work and embrace change like we do. We are a trusted North American leader that cares about people and inspires them to grow and move forward.

Stay current and competitive. Carve out a career for yourself. Grow with us. Here’s our story: jobs.td.com

Department Overview

Enterprise Protect and Office of the CISO is responsible for providing policies and governance for managing risk across the organization through a set of technology based standards and controls.

The Business Information Security team within Enterprise Protect is responsible for ensuring that corporate policies and standards as they apply to information security and information technology are adhered to within the layers of technology and support processes. Leveraging a common risk/ control framework the team is accountable for ensuring that standards are applied within the various supported technologies, and regular testing is performed to ensure the appropriate level of controls are in place and remain effective. The team is also responsible for ensuring control gaps, are documented, prioritized and remediated among the various support teams.

Job Description

Business Information Security Officers (BISO) supporting ITS (Infrastructure Technology Solutions) are responsible for managing technology risk and providing advisory services on information security controls and cyber risks for a complex suite of infrastructure technologies managed by the ITS team.

The responsibilities of the role of the Business Information Security Officer for ITS will include but not be limited to:

  • Manage and maintain risks profiles, risk and controls assessments, controls design and assurance testing programs focussed on infrastructure technologies and applications managed by the ITS team
  • Work collaboratively within Enterprise Protect, ITS and with other key stakeholders including technology lead on activities targeting the management of business risks associated with technology
  • Continually demonstrate initiative and leadership as the Enterprise Protect representative for ITS promoting TDBG technology policies and the Enterprise Technology Risk & Control Framework on all risk and controls related issues, on all programs
  • Participate as required on all strategic objectives established by IT executive leadership
  • Contribute collaboratively in ongoing improvement of the enterprise BISO practice including process improvement in Enterprise Protect and ITS groups and to enhancements to security standards, control solutions and implementation as well as related monitoring and verification practices
  • Provide a point of coordination for various security related activities within the Enterprise Protect group; serve as key liaison and contact for stakeholder groups including ITS, audit and BISO groups supporting the various lines of business in TDBG
  • Contribute to the delivery of risk assessments, control gap assessments, control assurance and testing, program support and expert knowledge advisory services accordance with BISO ITS specific service delivery processes
  • Identify and prioritize key controls deficiencies at formative stages of technology development programs and as part of controls assurance and verification testing in the IT environment
  • Ensure ITS management understand the business implications of technology risks and the commensurate security and IT risk strategies associated with these risks; escalating urgent issues in a time appropriate manner, presenting various reports and coordinating activities between stakeholders
  • Interpret and advise with expert knowledge on risks, business impacts and matters of security (including vulnerabilities and threat management), compliance/regulatory standards, audit programs and audit findings
  • Support ITS delivery teams with technology-specific security advisory for security events and as part of post security incident remediation activity; advise senior leadership and BISOs supporting lines of business of potential impacts related to current security events
  • Manage delivery of BISO-ITS services and participate in ITS sponsored cross-development and new technology programs; provide support throughout the full SDLC ensuring key security and risk strategies are comprehensive, consistent with Enterprise Protect policies/standards, well communicated and appropriately monitored
  • Contribute to the development, implementation and execution of a comprehensive infrastructure security and compliance controls verification program
  • Advocate security awareness and participate in the development of security and risk management communication and training programs targeting ITS delivery groups
  • Work with 3rd party vendors and outsourcing partners ensuring they adhere to TDBG security policies and standards

Requirements

  • 5-10 years experience in IT risk and technology and/or information security in a large organization
  • 2+ years working with Azure or related experience using cloud services
  • Proficiency with MS Azure Compute and platform services
  • Experience with Cloud Security Alliance (CSA) framework
  • Knowledgeable in Windows, Linux/Unix, Networking, Firewalls and IPS systems
  • Experience using work management tools such as JIRA
  • Strong knowledge of the TCP/IP, Firewall, IPsec VPN, Load balancer, Web Security
  • In-depth understanding of networking protocols — TCP/IP, HTTP/HTTPS, DNS, FTP, RTSP, SIP
  • Must be very hands-on, passionate about quality and willing to collaborate with multiple teams
  • CISSP, CCSP and/or other professional security accreditation an asset
  • University degree in technology or engineering; business degree an asset
  • Collaborative leader with experience managing programs, projects and/or leading audits
  • Business/technology experience collaborating with others in highly matrix, cross-functional environment
  • Experience collaborating with or managing vendors, auditors and/or regulators
  • Expert knowledge in information security, risk management, information technologies, IT operations, control testing and/or compliance (including but not limited to SOX, PCI and US financial institution regulations)
  • Experienced in threat and vulnerability assessments
  • Working knowledge of security controls, security monitoring technologies, malware detection technologies, network security, operating systems, access and identity management, application security, penetration testing, vulnerability management, security incident response and/or computer forensics an asset
  • Knowledgeable in technical audits and audit gap remediation an asset
  • Knowledgeable in assurance programs and/or controls verification testing an asset
  • Experience in a high transaction, large/complex/matrix business environment ideally within Financial Services an asset
  • Ability to articulate technology into business solutions
  • Excellent client engagement/management skills
  • Possesses exceptional strategic thinking, planning and relationship skills
  • Ability to coordinate, plan and execute large number of activities with various stakeholders
  • Ability to influence management and build credibility across the organization
  • Strong leadership and communication skills
  • Versatile and quick learner

Hours

37.5

Inclusiveness

At TD, we are committed to fostering an inclusive, accessible environment, where all employees and customers feel valued, respected and supported. We are dedicated to building a workforce that reflects the diversity of our customers and communities in which we live and serve. If you require an accommodation for the recruitment/interview process (including alternate formats of materials, or accessible meeting rooms or other accommodation), please let us know and we will work with you to meet your needs.