Post Incident Lead

Post Incident Lead

Requirements

• At least 5 years of experience in a technology focused role (e.g. incident management, incident response, engineering, etc.) preferred.
• Bachelor’s Degree in Computer Science or related field, or equivalent experience, knowledge, or certification required.
• In-depth understanding of security issues across many different platforms and capability to articulate and communicate these issues to both technical and non-technical audiences.
• Advanced knowledge of ongoing trends of cybersecurity, fraud, and insider threats.
• Team-oriented and skilled in working within a collaborative environment.
• Ability to effectively multi-task, prioritize and execute tasks in a high-pressure environment.
• Displays a high of level of passion, energy, excitement, and intensity.
• Ability to be broadly focused and manage multiple efforts concurrently.
• Ability to work independently.
• Strong written and verbal communication skills.
• Strong critical thinking and problem-solving skills.
• Good organizational skills, including prioritization and time management.

Responsibilities

• Responsible for providing facilitation and direction on post incident activities discussions.
• Accountable for the delivery of documented root cause and post incident reports.
• Representing the post incident management team on all meetings with key stakeholders.
• Providing leadership and supporting stakeholders throughout the post incident activities.
• Responsible for the quality assurance of root cause analysis, post incident reports, and adherence to SLOs.
• Partner across teams for retrospective identification of opportunities for improvement to support continuous improvement of TD’s security posture.
• Collaborate with relevant teams to identify appropriate security controls, validations, best practices, and procedural updates to address opportunities for improvement.
• Facilitate audit activities as initiated from internal and external entities, following established policies and procedures.
• Contribute to Playbooks, Operating Models and on-going maintenance of standards and processes.
• Contribute to the development of the company-wide information security requirements, threat modeling, secure design, cryptography standards, third-party component, selection of approved tools, secure implementation, and system monitoring.
• Consult with partners on Technology Controls and Information Security programs, incidents, and controls.
• Support and partner with information security investigations and forensics teams during active incidents.
• Articulate and document impact of control gaps to the business and the overall Bank, risk mitigation and remediation plans, documentation of triage steps or engagement with key stakeholders on resolving overall Bank issues.
• Develop and enhance internal policies and procedures for related post incident management capabilities.
• Adhere to and advise on, oversee, monitor, and/or enforce enterprise frameworks and methodologies that relate to post incident management activities.
• Provide executive level updates, written and verbally, on current and past cyber incidents. Explain complex technical concepts in business terms.

Preferred Qualifications

• CISSP or equivalent preferred.
• Prior experience in the Financial Services sector preferred.
• Thought leadership with deep expertise and knowledge of the business and technology standards.
• Understanding the connection points between information security, physical security, legal, and fraud operations to ensure holistic response to Enterprise-wide issues.