Operational Risk Mgr II, VP - CyberSecurity Risk
Posted on Jan 24, 2019 by TD Bank Group
About TD Bank, America's Most Convenient Bank®
TD Bank, America's Most Convenient Bank, is one of the 10 largest banks in the U.S., providing more than 8 million customers with a full range of retail, small business and commercial banking products and services at approximately 1,300 convenient locations throughout the Northeast, Mid-Atlantic, Metro D.C., the Carolinas and Florida. In addition, TD Bank and its subsidiaries offer customized private banking and wealth management services through TD Wealth®, and vehicle financing and dealer commercial services through TD Auto Finance. TD Bank is headquartered in Cherry Hill, N.J. To learn more, visit . Find TD Bank on Facebook at and on Twitter at .
TD Bank, America's Most Convenient Bank, is a member of TD Bank Group and a subsidiary of The Toronto-Dominion Bank of Toronto, Canada, a top 10 financial services company in North America. The Toronto-Dominion Bank trades on the New York and Toronto stock exchanges under the ticker symbol "TD". To learn more, visit .
Operational Risk Management (ORM), as an independent team, works in partnership with the business units and corporate groups of TD Bank Group to further the understanding and management of operational risk across the enterprise.
ORM for Enterprise Technology provides independent operational risk management oversight and challenge to the Technology organization and to the management of Cybersecurity and technology risks across the enterprise. They partner with the first line of defense (CIO & CISO organizations) in identifying, reporting, and mitigating Cybersecurity risk issues and provide subject matter expertise in the operational risk framework and Cybersecurity risks/processes/controls. The group will execute 2A requirements in support of 3 lines of defense framework.
The ORM Cybersecurity Risk Senior Manager will partner with the first line of defense to oversee and challenge the execution of risk management activities and leading practices/technologies used to keep up with the constantly evolving cyber threat landscape.
Reporting functionally to the AVP, ORM - Enterprise Technology and locally to SVP US ORM Segment Director, this role will have the following accountabilities:
•Provide Cybersecurity leadership, direction, advice and guidance to the ORM team.
•Contribute to the annual ORM planning process with a focus on developing the Cybersecurity challenge activities including: the identification and forecast of top/emerging Cybersecurity risks, alignment of ORM activities with 1st and 3rd line of defence annual plans, and the development of the ORM Cybersecurity Oversight & Challenge plan.
•Lead the execution of ORM Cybersecurity challenge activities.
•Support other members of the team during the ORM challenge activities, providing subject matter expertise (SME) advice on Cybersecurity topics and in managing complex risk and control assessments.
•Effectively communicate risk management practices and methodologies and results of risk assessments to executives in a supportive and collaborative manner and influence risk based decisions and remediation activities.
•Act as the 2nd line oversight and independent challenge of Cybersecurity risk management activities for the Enterprise including: Cybersecurity Strategy & Governance, Cyber threat intelligence operations, Security Architecture, Data Protection & Information Security, Third Party Risk Management, Regulatory compliance, Infrastructure Security, Vulnerability assessments & Penetration testing, Secure Software Development Lifecycle, End point protection, Logging and Monitoring, Incident Response, and Disaster Recovery.
•Conduct appropriate independent challenge and assessments of Technology for risk identification, assessment, reporting and monitoring based on a risk based methodology in areas such as:
oInnovative business products and services;
oProjects to mature Cybersecurity capabilities;
oTechnology risk assessments;
oCloud service provider risk assessments;
oThird party risk assessments, and;
oCybersecurity operational processes.
•Lead and manage 2nd line Cybersecurity challenge activities required to support the ORM Framework
•Be a positive team player to consistently maintain high levels of integrity, motivation and morale.
•Will be required to keep abreast of Cybersecurity emerging risks, the evolving Cyber threat landscape, best practices to address/mitigate Cybersecurity risks, and applicable Regulatory and Compliance requirements.
•Position will deal with executives in Cybersecurity & technology areas and Cybersecurity & technology risk professionals.
•This is a seasoned Cybersecurity risk and technology leader with 10+ years of experience in Cybersecurity, technology, and risk management.
Undergraduate degree in Business/ Computer Science/Risk Management is an asset
Accreditation such as CISSP, CISM, CEH, OSCP and/or OSCE is preferred.
•This role requires successful completion of all three levels of TD Operational Risk Management certification. Certification is not a requirement to apply for this role. The successful candidate will have 12 months from the start date in the role to complete required certifications. The required courses are available internally through TD Operational Risk Management.
•Ability to work in ambiguity; must be flexible to deal with changes in a fast paced and new environment, working closely with peers where Cybersecurity risk subject matter expertise is required.
•Organizationally astute, with superior influencing, collaboration and communication skills. Ability to digest and summarize complex technical scenarios and to communicate those effectively to business leaders.
•Proven Change Manager, with the ability to lead and influence change with Senior Leaders.
•In order to provide effective oversight and independent challenge the role requires the incumbent to have a good understanding of the following areas:
oCybersecurity risk framework, processes, methodologies,
controls and tools;
oTechnology operations and processes;
oThird party risk management;
oCloud service provider management, and;
•Experience in the Cybersecurity, Technology Solutions, Risk Management, or Internal Audit field
•Strong analytical skills, including segment risk analysis, data analysis, and comparative analysis. Ability to identify root causes on risk exposures and to correlate multiple risk exposures to assess aggregated risks and enterprise compensating controls.
•Proven ability to foster a cohesive team and promote a positive, high performing work environment. Expertise in working effectively in teams - requires a track record of knowledge across the organization.
•Experience assessing risk and challenging the status quo
•Strong business and financial acumen
•Deep understanding of Regulatory and Controls requirements: PCI, FFIEC, SOX, HIPAA, ISO 2700x, and NIST standards
At TD, we are committed to fostering an inclusive, accessible environment, where all employees and customers feel valued, respected and supported. We are dedicated to building a workforce that reflects the diversity of our customers and communities in which we live in and serve, and creating an environment where every employee has the opportunity to reach her/his potential.
If you are a candidate with a disability and need an accommodation to complete the application process, email the TD Bank US Workplace Accommodations Program at . Include your full name, best way to reach you, and the accommodation needed to assist you with the application process.
EOE/Minorities/Females/Veterans/Individuals with Disabilities/Sexual Orientation/Gender Identity.
Operational Risk Mgr II, VP - CyberSecurity Risk