Job Title

We are looking for someone to help shape the future of third party cyber risk management at TD. You will work closely with internal stakeholders spanning several teams within TD to align the third party cyber risk management programs with TD''s risk appetite. You will participate in and lead projects of moderate to high complexity driving change to the third party cyber risk management function. Meaningful work is fueled by meaningful performance and career development conversations with your manager. Responsibilities : Participate in the development and maintenance of the third party cyber risk management roadmap and accompanying processes and procedures. Socialize change to the third party cyber risk management program with internal stakeholders. Engage with procurement and technology governance, risk and compliance stakeholders to represent third party cyber risk management interests in process integration efforts. Identify opportunities for process efficiencies and resource optimization. Maintain awareness of current enterprise risk appetite and accompanying risk treatment strategy. Contribute to the definition, development, and oversight of a global third-party cyber risk governance strategy and framework. Represent the third party cyber risk management team in support of regulatory exams, internal audits, and second line of defense challenges. Contribute to the development of on-going technology risk reporting to monitoring key trends and defining metrics to regularly measure program effectiveness and quality. Maintain a working knowledge of industry trends in the third party cyber risk management practice. Adhere to internal policies and procedures, technology control standards, and applicable regulatory guidelines. Influence behavior to reduce risk and foster a strong technology risk management culture throughout the enterprise. Requirements : 10+ years of relevant experience conducting / leading cybersecurity risk assessments, or similar. Expert knowledge of IT security and risk disciplines and practices, including but not limited to : Demonstrated understanding of cloud security. Experience evaluating pen testing and vulnerability scanning methodologies. Experience interpreting the security testing results. Familiarity / experience with Third-Party cybersecurity solutions, tools and framework. Deep understanding of widely accepted information security frameworks, NIST Cybersecurity, HIPAA, PCI, Shared Assessments (SIG), etc. Experience leading / delivering complex, comprehensive or large projects and initiatives. Success communicating across multiple lines of defense. Experience developing, testing, and implementing process or process enhancements. Demonstrated ability to formally document process and procedures. Ability to communicate process and procedure changes to diverse group of internal stakeholders. Track record of critically thinking and problem solving. Experiencing supporting regulatory exams, internal audits, and second line of defense challenges. Familiarity with industry standard procurement and GRC tooling and process. Information Security Certification / Accreditation, such as CCSP, CCSK, CCSA are an asset. #J-18808-Ljbffr