Job Description

Company Overview

Tell us your story. Don\'t go unnoticed. Explain why you\'re a winning candidate. Think "TD" if you crave meaningful work and embrace change like we do. We are a trusted North American leader that cares about people and inspires them to grow and move forward.

Stay current and competitive. Carve out a career for yourself. Grow with us. Here\'s our story:

Department Overview

Building a World-Class Technology Team at TD

We can\'t afford to be boring. Neither can you. The scale and scope of what TD does may surprise you. The rapid pace of change makes it a business imperative for us to be smart and open-minded in the way we think about technology. TD\'s technology and business teams become more intertwined as new opportunities present themselves. This new era in banking does not equal boring. Not at TD, anyway.

TD Information Security covers the development and management of security strategies, policies and programs to assess, prioritize and mitigate business risk with technology controls. Priorities include: mitigating and managing cybersecurity threats, ensuring systems availability, aligning with global regulatory risk and compliance requirements, managing systems and network complexity and partnering with businesses for better technology delivery by providing advice on technology controls.

And there\'s room to grow in all of it.

Headquartered in Toronto, Canada, with more than 85,000 employees in offices around the world, The Toronto-Dominion Bank and its subsidiaries are collectively known as TD Bank Group (TD). TD is the sixth-largest bank in North America by branches offering a full range of financial products and services to approximately 24 million customers worldwide through three key business lines:

• Canadian Retail including TD Canada Trust, Business Banking, TD Auto Finance (Canada), TD Wealth (Canada), TD Direct Investing and TD Insurance

• U.S. Retail including TD Bank, America\'s Most Convenient Bank, TD Auto Finance (U.S.), TD Wealth (U.S.) and TD\'s investment in TD Ameritrade

• Wholesale Banking including TD Securities

TD also ranks among the world\'s leading online financial services firms, with approximately 10 million active online and mobile customers and had CDN$1.1 trillion in assets on July 31, 2015. Our mission is to give our clients the best banking experience possible, every day. To do that, we depend on our team of talented, ambitious people who share our passion for excellence.

Join the innovators of TD Technology.

We know that tech is constantly evolving, and we\'re committed to growing with it, right across the board. Our Technology Solutions team works closely with each department at TD to create the platforms, applications, and ideas that shape the future of our business - and yours. We\'re reimagining the way people think about their banking, every single day. This is your opportunity to impact the future of banking technology.

Job Requirements

What will you need to succeed?

• At least 10 years experience in information technology required.
• 5+ years of relevant information security and information risk management experience.
• 3+ years of relevant experience in Azure cloud security, including IaaS, PaaS and SaaS.
• Knowledge of cybersecurity concepts, including threats, vulnerabilities, security operations, encryption, boundary defense, auditing, authentication and risk management.
• Skilled experience in Azure Cloud Security Architecture and Microservices Security (e.g. Tenant Security, AKS Security, Containers Security, Pod Security, Application Gateway & WAF, Security Groups and VNET Segmentations, Security Analytics, etc.).
• Knowledgeable in the dependencies related to end-point security and interaction with other components such as privilege management system, SIEM, SOAR, vulnerability management solution and operating model, PKI/Encryption technology, Firewall/IPS, WAF etc.
• Understanding the dependencies related to application security best practices such as secure coding, security testing techniques.
• Familiarity of Infrastructure as a Service, Infrastructure as Code and related concepts on Azure Cloud.
• Working knowledge of common and industry standard cloud-native/cloud-friendly authentication mechanisms (OAuth, OpenID, etc.).
• Experience and exposure to threat modelling and design reviews to assess security implications and requirements for the introduction of new technologies.
• Skilled in representing technical viewpoints to diverse audiences and in making timely and prudent technical risk decisions.
• In-depth understanding in applying native cloud security and monitoring services in the cloud, including network firewalls, access control lists, encryption, auditing and monitoring, alerting, secrets management and compliance scanning.
• Familiarity with IT service management processes and concepts, including change management, incident management, problem management and configuration management
• Knowledge of configuration management technologies (i.e., SaltStack and Ansible), Infrastructure Automation Technologies (i.e., Terraform), Containerization and Cloud Orchestration Technologies (i.e., Kubernetes, Dockers), Windows/Linux and related services (i.e., Active Directory, DNS, MSSQL).
• Experience implementing and/or supporting a large-scale corporate enterprise solution.
• Experience with Azure DevOps and DevOps tooling such as Jenkins, SaltStack, XL Release, Bit Bucket.
• Working knowledge in these following areas: Microsoft PowerShell, Bash scripting, Azure Command-line interface, AquaSec, Azure templates and Azure software infrastructure.
• Skilled in full software or systems development life cycle, including requirements analysis, design, integration, testing and implementation.
• Knowledge of federal IT and cloud security policies, including FISMA, FedRAMP, NIST 800-53, and DoD Cloud SRG and applying them to the design and implementation of cloud solutions to achieve an authorization to operate (ATO).
• Comfortable working with enterprise architecture while collaborating with cross-functional teams to implement solutions.
• Strong interpersonal and communication skills; ability to work in a team environment
• Self-starter/self-motivated; ability to work independently with minimal direction
• Technical writing experience.
• Demonstrate solid understanding and experience with systems automation platforms and technologies.
• Proven experience in setting up and managing Azure tenancies, Azure policy management and resource management would be a plus.

Hours

37.5

Job Details

About This Role

We are looking for someone to develop and implement Technology Controls and Information Security related policies, programs and tools. You will provide specialized expertise and guidance on assessing risks, identifying potential gaps and providing security solutions to mitigate risks and protect TD. You may also participate on projects of moderate to high complexity and provide complex reporting, analysis, and assessments at the functional, business line or enterprise level.

Meaningful work is fueled by meaningful performance and career development conversations with your manager. Here\'s some of what you may be asked to perform:

• Guide partners on a broad range of specific Technology Controls and Information Security programs, policies, standards and incidents.
• Conduct risk assessment, required controls definition, control procedure appropriateness, vulnerability assessments and any other relevant areas.
• Lead or contribute to the completion of risk and control design assessments for an assigned business application, business portfolio, and overall enterprise, as well as risk mitigation and remediation plans and remediation strategy.
• Contribute to the definition, development, and oversight of a global security management strategy and framework.
• Ensure technology, processes, and governance are in place to monitor, detect, prevent, and react to both current and emerging technology and security threats against TDBG\'s business.
• Develop on-going technology risk reporting, monitoring key trends and defining metrics to regularly measure control effectiveness for own area.
• Adhere to internal policies and procedures, technology control standards, and applicable regulatory guidelines.
• Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement.
• Adhere to, advise, oversee, monitor and enforce enterprise frameworks and methodologies that relate to technology controls / information security activities.
• Influence behavior to reduce risk and foster a strong technology risk management culture throughout the enterprise .

Inclusiveness

At TD, we are committed to fostering an inclusive, accessible environment, where all employees and customers feel valued, respected and supported. We are dedicated to building a workforce that reflects the diversity of our customers and communities in which we live and serve. If you require an accommodation for the recruitment/interview process (including alternate formats of materials, or accessible meeting rooms or other accommodation), please let us know and we will work with you to meet your needs.

Additional Information

Additional Information

Education:

• Bachelor\'s degree in computer science, engineering or a related field or equivalent work experience.

Certifications:

• Completed large/complex Cloud transformation projects
• Valid certification such as CompTIA Security+, CISSP, CCSP or CCSK
• Completed projects related to AWS and/or Azure for a private-sector employer
• Azure Security Certification

Join in on what others in TD Technology Solutions are doing:

• Inspire a positive work environment and help champion quality, innovation, teamwork and service to the business.
• Learn voraciously, stretch your thinking,

#tdcybersecurity

Business Line

Corporate

Job Category - Primary

Technology Solutions

Job Category(s)

Technology Solutions

Job Family

Information Security

Time Type

Full Time

Employment Type

Regular

TD Bank