Job Specifications
Work Location:
Toronto, Ontario, Canada
Hours
37.5
Line Of Business
Technology Solutions
Pay Details
$91,200 - $136,800 CAD
TD is committed to providing fair and equitable compensation opportunities to all colleagues. Growth opportunities and skill development are defining features of the colleague experience at TD. Our compensation policies and practices have been designed to allow colleagues to progress through the salary range over time as they progress in their role. The base pay actually offered may vary based upon the candidate's skills and experience, job-related knowledge, geographic location, and other specific business and organizational needs.
As a candidate, you are encouraged to ask compensation related questions and have an open dialogue with your recruiter who can provide you more specific details for this role.
Job Description
Job Summary:
The Senior Information security analyst is responsible for identifying, assessing, prioritizing, and coordinating responses to security vulnerabilities within the organization's systems, applications, and networks. This role requires a deep understanding of vulnerability management, risk assessment, and cross-functional collaboration to ensure timely remediation and alignment with organizational security objectives.
Key Responsibilities
Vulnerability Management and Triage:
Oversee the end-to-end vulnerability triage process, including identification, assessment, prioritization, and tracking.
Develop and maintain a triage framework that balances risk levels, exploitability, and business impact.
Analyze vulnerability reports from various sources (e.g., scanners, penetration tests, threat intelligence) to determine criticality.
Ensure vulnerabilities are accurately classified and assigned to the appropriate teams for remediation.
Collaboration And Coordination
Work closely with system owners, application teams, DevOps, and IT infrastructure to drive vulnerability remediation.
Act as a liaison between technical teams and business stakeholders to communicate risk and remediation priorities effectively.
Collaborate with threat intelligence teams to assess the real-world impact of vulnerabilities.
Risk Assessment And Prioritization
Develop and maintain a risk-based approach to prioritize vulnerabilities based on business context, likelihood of exploitation, and potential impact.
Establish timelines for remediation based on severity and compliance requirements.
Process Improvement
Implement and optimize workflows for vulnerability triage and reporting.
Continuously review and refine vulnerability management policies, processes, and tools.
Stay updated on evolving industry best practices and emerging threats
Reporting And Metrics
Define and track key performance indicators (KPIs) for vulnerability management, such as mean time to remediate (MTTR) and vulnerability closure rates.
Create regular reports on vulnerability status and risk posture for executive leadership and technical teams.
Leadership And Team Management
Manage and mentor the vulnerability triage team, ensuring high performance and professional growth.
Provide training and guidance to enhance the team's technical expertise and analytical skills.
Foster a culture of security awareness and proactive risk management across the organization.
Container Security
Provide technical expertise and oversight for container scanning, container vulnerability prioritization, and remediation.
Be a lead contributor to enterprise-level initiatives pertaining to container security and risk remediation.
Effectively communicate critical vulnerabilities, their impacts, associated risk, and remediation priorities to cross-functional leadership teams.
Help build and enforce technology controls, along with container security standards to ensure best practices are followed, when building and deploying application containers.
Influence behavior to reduce risk and foster a strong technology risk management culture throughout the bank.
Qualifications
Education: Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience).
Experience
5+ years of experience in vulnerability management, security operations, or related fields.
2+ years of experience in a leadership or management role
Technical Skills
Expertise in vulnerability scanning tools (e.g., Qualys, Nessus, Rapid7).
Knowledge of CVSS (Common Vulnerability Scoring System) and threat modeling.
Strong understanding of operating systems, cloud platforms, networks, and application security.
Familiarity with compliance frameworks (e.g., ISO 27001, NIST, PCI-DSS).
Soft Skills:
Strong analytical and problem-solving skills.
Excellent verbal and written communication skills, with the ability to present technical information to non-technical audiences.
Proven ability to manage multiple priorities and work under tight deadlines.
Preferred Qualifications
Certifications such as CISSP, CISM, CEH, or GIAC.
Experie