Senior Manager, Information Security

Job Description:

Responsibilities:

• Lead Third-Party Cybersecurity governance and oversight program including scope, governance & transformation responsibilities.
• Acts as an escalation point for the 3PCRM team, assisting and supporting them in dealing with the most complex and challenging engagements & stakeholders
• Ensure effective governance and oversight of the 3PCRM program including the effective design and execution of cybersecurity controls.
• Responsible to serve as a trusted SME providing bank wide third-party cyber strategy, guidance, governance over Third-Party Cybersecurity risks and controls
• Lead program to identify and reduce the supply chain cyberattack surface by identifying risks represented by third parties, proposing remediation actions, and making risks transparent to stakeholders.
• Develop Third-Party Cyber strategy to maintain and uplift the program to align with Regulatory, Industry and Bank standards
• Establish the governance model and the accountability for Third-Party Cybersecurity end to end program
• Streamline and standardize third party cyber processes and procedures for effective risk management
• Manage technology and cyber risk controls in compliance with standards, processes and industry / regulatory guidelines
• Collaborate with SMEs to ensure Third-Party risk reduction across all key security functions including IAM, Network Security, AppSec, Data Protection, etc
• Identify potential threats in the outsourced infrastructure and implement effective mechanisms for mitigating them.
• Support on Regulatory and Audit responses related to technology risks associated with 3PCRM.
• Interact with a wide range of stakeholders both externally and within TD
• Collaborate with partners by providing Cybersecurity & Third-Party expertise and advice to enable informed decisions in alignment with the overall risk tolerance of the Enterprise.
• Proactively inform partners on overall risk position through reporting, metrics, analysis and insights.
• Support speed, simplicity, agility in decision making and action??

Qualifications:

• 10+ yrs of experience in Cybersecurity, Third-Party Risk and GRC
• In-depth knowledge of assessing Third-Party risk and associate cyber controls for a FI
• Experience implementing / managing operating model for risk management function in global organization
• Leadership experience, executive communications, able to track deliverables and ensure quality of deliverables.
• Problem-solving mindset and hands-on approach to complex issues?