Td Bank Job Posting Title Information Security Specialist - devSecOps Canada, Ontario, Toronto 736202847
Share
Responsibilities:
Provide consultation and advice to partners on a broad range Technology Controls / Information Security programs / policies / standards and incidents for own specialized area
Conduct project consulting on assessment of risk, definition of required controls, appropriateness of implemented control procedures, vulnerability assessments and any other relevant areas
Lead or contribute to completion of risk and control gap assessments for an technology asset portfolio, articulate and document impact of control exceptions to the business and the overall Bank, risk mitigation and remediation plans, remediation strategy document as applicable
Contribute to the definition, development, and oversight of a global security management strategy and framework
Act as Privacy Designate for assigned business unit upon completion of relevant training.
Engage in TD Scaled Agile methodology as Risk Market Place (RMP) lead for assigned portfolio, guiding and challenging change delivery artifacts such as Change Risk Assessments.
Partner with applicable stakeholders to define control requirements for the System Design Life Cycle technical standard and applicable governance model.
Work as risk and control Subject Matter Expert to guide and assess implementation of control automation within devSecOps construct.
Ensure technology, processes, and governance are in place to monitor, detect, prevent, and react to both current and emerging technology / security threats against TDBG’s business
Develop on-going Technology Risk reporting, monitoring key trends and defining metrics to regularly measure control effectiveness for own area
Work proactively with technology partners / stakeholders and service/platform owners to ensure all technology security components are integrated into the bank’s overall Enterprise Architecture, and any control gaps are addressed.
Consult on Regulatory compliance requirements, reporting and questions
Provide support and consulting in preparation for Audits and in composing management responses and appropriate remediation activities
Participate in computer security incident responses relevant to business (or enterprise wide) and represent respective function and Enterprise position to the business, and business needs to incident response team
Keep current on emerging trends / developments and grow knowledge of the business, analytical tools and techniques
Prioritize and manage own workload to deliver quality results and meet assigned timelines
Support a positive work environment that promotes service to the business, quality, innovation and teamwork and ensure timely communication of issues/ points of interest
Identify and recommend opportunities to enhance productivity, effectiveness and operational efficiency
Establish effective relationships across multiple business and technology partners, program and project managers
Participate in knowledge transfer within the team and business units
Requirements:
7+ years of relevant experience
Expert knowledge of IT security and risk disciplines and practices
Working experience implementing, assessing and/or supporting devSecOps in an Enterprise/highly regulated environment would be an asset
Experience owning and governing Technology Standards would be an asset
Experience developing and implementing KIs would be an asset
Experience with controls automation throughout various stages of SDLC would be an asset
Understanding the dependencies related to application security best practices such as secure coding, security testing techniques.
Familiarity with IT service management processes and concepts, including change management, incident management, problem management and configuration management
Knowledge of configuration management technologies (i.e., SaltStack and Ansible), Infrastructure Automation Technologies (i.e., Terraform), Containerization and Cloud Orchestration Technologies (i.e., Kubernetes, Dockers), Windows/Linux and related services (i.e., Active Directory, DNS, MSSQL).
Experience implementing and/or supporting a large-scale corporate enterprise solution.
Experience with DevOps Concepts and DevOps tooling such as Terraform, GitHub, Jenkins, SaltStack, XL Release, Bit Bucket.
Skilled in full software or systems development life cycle, including requirements analysis, design, integration, testing and implementation.
Comfortable working with enterprise architecture while collaborating with cross-functional teams to implement solutions.
Strong interpersonal and communication skills; ability to work in a team environment
Self-starter/self-motivated;ability to work independently with minimal direction
Technical and business writing experience.
Demonstrate solid understanding and experience with systems automation platforms and technologies.
May participate on complex, comprehensive or large projects and initiatives
Acts as a lead expert resource in technology controls / information security for project teams, the business / organization and/or outside vendors
Generally reports to Senior Manager or above
University degree
Information security certification / accreditation an asset
7+ years of relevant experience
Please be advised that this job opportunity is subject to provincial regulation for employment purposes. It is imperative to acknowledge that each province or territory within the jurisdiction of Canada may have its own set of regulations, requirements.
If you’re interested in a specific career path or are looking to build certain skills, we want to help you succeed. You’ll have regular career, development, and performance conversations with your manager, as well as access to an online learning platform and a variety of mentoring programs to help you unlock future opportunities. Whether you have a passion for helping customers and want to expand your experience, or you want to coach and inspire your colleagues, there are many different career paths within our organization at TD – and we’re committed to helping you identify opportunities that support your goals.
We will provide training and onboarding sessions to ensure that you’ve got everything you need to succeed in your new role.
These jobs might be a good fit
