Information Security Specialist Vulnerability Management (Infrastructure & Containers)

Work Location:

Hours:

Line of Business:

Pay Details:

TD is committed to providing fair and equitable compensation opportunities to all colleagues. Growth opportunities and skill development are defining features of the colleague experience at TD. Our compensation policies and practices have been designed to allow colleagues to progress through the salary range over time as they progress in their role. The base pay actually offered may vary based upon the candidates skills and experience job-related knowledge geographic location and other specific business and organizational needs.

As a candidate you are encouraged to ask compensation related questions and have an open dialogue with your recruiter who can provide you more specific details for this role.

Job Description:

Job Summary:

The Senior Information security analyst is responsible for identifying assessing prioritizing and coordinating responses to security vulnerabilities within the organizations systems applications and networks. This role requires a deep understanding of vulnerability management risk assessment and cross-functional collaboration to ensure timely remediation and alignment with organizational security objectives.

Key Responsibilities:

Vulnerability Management and Triage:

• Oversee the end-to-end vulnerability triage process including identification assessment prioritization and tracking.

• Develop and maintain a triage framework that balances risk levels exploitability and business impact.

• Analyze vulnerability reports from various sources (e.g. scanners penetration tests threat intelligence) to determine criticality.

• Ensure vulnerabilities are accurately classified and assigned to the appropriate teams for remediation.

Collaboration and Coordination:

• Work closely with system owners application teams DevOps and IT infrastructure to drive vulnerability remediation.

• Act as a liaison between technical teams and business stakeholders to communicate risk and remediation priorities effectively.

• Collaborate with threat intelligence teams to assess the real-world impact of vulnerabilities.

Risk Assessment and Prioritization:

• Develop and maintain a risk-based approach to prioritize vulnerabilities based on business context likelihood of exploitation and potential impact.

• Establish timelines for remediation based on severity and compliance requirements.

Process Improvement:

• Implement and optimize workflows for vulnerability triage and reporting.

• Continuously review and refine vulnerability management policies processes and tools.

• Stay updated on evolving industry best practices and emerging threats

Reporting and Metrics:

• Define and track key performance indicators (KPIs) for vulnerability management such as mean time to remediate (MTTR) and vulnerability closure rates.

• Create regular reports on vulnerability status and risk posture for executive leadership and technical teams.

Leadership and Team Management:

• Manage and mentor the vulnerability triage team ensuring high performance and professional growth.

• Provide training and guidance to enhance the teams technical expertise and analytical skills.

• Foster a culture of security awareness and proactive risk management across the organization.

Container Security

• Provide technical expertise and oversight for container scanning container vulnerability prioritization and remediation.

• Be a lead contributor to enterprise-level initiatives pertaining to container security and risk remediation.

• Effectively communicate critical vulnerabilities their impacts associated risk and remediation priorities to cross-functional leadership teams.

• Help build and enforce technology controls along with container security standards to ensure best practices are followed when building and deploying application containers.

• Influence behavior to reduce risk and foster a strong technology risk management culture throughout the bank.

Qualifications:

Education: Bachelors degree in Computer Science Information Security or a related field (or equivalent experience).

Experience:

• 5 years of experience in vulnerability management security operations or related fields.

• 2 years of experience in a leadership or management role

Technical Skills:

• Expertise in vulnerability scanning tools (e.g. Qualys Nessus Rapid7).

• Knowledge of CVSS (Common Vulnerability Scoring System) and threat modeling.

• Strong understanding of operating systems cloud platforms networks and application security.

• Familiarity with compliance frameworks (e.g. ISO 27001 NIST PCI-DSS).

• Soft Skills:

• Strong analytical and problem-solving skills.

• Excellent verbal and written communication skills with the ability to present technical information to non-technical audiences.

• Proven ability to manage multiple priorities and work under tight deadlines.

Preferred Qualifications:

• Certifications such as CISSP CISM CEH or GIAC.

• Experience with threat intelligence platforms and integration.

• Familiarity with automation tools and scripting languages (e.g. Python PowerShell).

#Li-Tech

Who We Are:

TD is one of the worlds leading global financial institutions and is the fifth largest bank in North America by branches/stores. Every day we deliver legendary customer experiences to over 27 million households and businesses in Canada the United States and around the world. More than 95000 TD colleagues bring their skills talent and creativity to the Bank those we serve and the economies we support. We are guided by our vision to Be the Better Bank and our purpose to enrich the lives of our customers communities and colleagues.

TD is deeply committed to being a leader in customer experience that is why we believe that all colleagues no matter where they work are customer facing. As we build our business and deliver on our strategy we are innovating to enhance the customer experience and build capabilities to shape the future of banking. Whether youve got years of banking experience or are just starting your career in financial services we can help you realize your potential. Through regular leadership and development conversations to mentorship and training programs were here to support you towards your goals. As an organization we keep growing and so will you.

Our Total Rewards Package
Our Total Rewards package reflects the investments we make in our colleagues to help them and their families achieve their financial physical and mental well-being goals. Total Rewards at TD includes a base salary variable compensation and several other key plans such as health and well-being benefits savings and retirement programs paid time off banking benefits and discounts career development and reward and recognition programs. Learn more

Additional Information:
Were delighted that youre considering building a career with TD. Through regular development conversations training programs and a competitive benefits plan were committed to providing the support our colleagues need to thrive both at work and at home.

Please be advised that this job opportunity is subject to provincial regulation for employment purposes. It is imperative to acknowledge that each province or territory within the jurisdiction of Canada may have its own set of regulations requirements.

Colleague Development
If youre interested in a specific career path or are looking to build certain skills we want to help you succeed. Youll have regular career development and performance conversations with your manager as well as access to an online learning platform and a variety of mentoring programs to help you unlock future opportunities. Whether you have a passion for helping customers and want to expand your experience or you want to coach and inspire your colleagues there are many different career paths within our organization at TD and were committed to helping you identify opportunities that support your goals.

Training & Onboarding
We will provide training and onboarding sessions to ensure that youve got everything you need to succeed in your new role.

Interview Process
Well reach out to candidates of interest to schedule an interview. We do our best to communicate outcomes to all applicants by email or phone call.

Accommodation
Your accessibility is important to us. Please let us know if youd like accommodations (including accessible meeting rooms captioning for virtual interviews etc.) to help us remove barriers so that you can participate throughout the interview process.

We look forward to hearing from you!

Language Requirement (Quebec only):