May 1, 2023
Tell us your story. Don't go unnoticed. Explain why you're a winning candidate. Think ?TD? if you crave meaningful work and embrace change like we do. We are a trusted North American leader that cares about people and inspires them to grow and move forward.
Stay current and competitive. Carve out a career for yourself. Grow with us. Here's our story: jobs.td.com
Building a World-Class Technology Team at TD
We can't afford to be boring. Neither can you. The scale and scope of what TD does may surprise you. The rapid pace of change makes it a business imperative for us to be smart and open-minded in the way we think about technology. TD's technology and business teams become more intertwined as new opportunities present themselves. This new era in banking does not equal boring. Not at TD, anyway.
TD Information Security covers the development and management of security strategies, policies and programs to assess, prioritize, and mitigate business risk with technology controls. Priorities include: mitigating and managing cyber security threats, ensuring systems availability, aligning with global regulatory risk and compliance requirements, managing systems and network complexity, and partnering with businesses for better technology delivery by providing advice on technology controls.
There's room to grow in all of it.
About This Role
We are looking for someone to join us as we develop and implement policies, programs and tools related to TD Technology Controls and Information Security. In this role you will be responsible for writing and maintaining information security hardening standards for TD.
The candidate must have a strong technical background in information security and proven ability to write clear, concise, and testable security standards and control procedures.
You may also be asked to participate in projects of moderate to high complexity and provide complex reporting, analysis, and assessments at the functional, business line or enterprise level.
You'll have the opportunity to take on meaningful work fueled by meaningful performance and career development conversations that you'll routinely have with your manager.
What does it entail?
More specifically, the distinguished Security Technical Writer will:
- Develop and maintain information security hardening standards and procedures based on industry best practices, regulatory requirements, and organizational needs
- Collaborate with multiple teams to understand business processes and technical requirements and translate them into testable security requirements
- Influence compliance and governance as code operations for infrastructure security
- Analyze new information, consolidate content into user-centric documents for various personas and fully embrace an agile working environment with complex, fast-paced projects
- Manage multiple projects and priorities simultaneously in an Agile environment
- Write, edit, organize, and maintain world-class documentation, including user guides, integration guides, API developer guides, technical specifications, procedures, in-product help, and release notes
- Collaborate in a cross-functional agile team to determine documentation needs while describing key use cases and document features for end-users
- Write for a variety of audiences, from non-technical end-users to developers, system administrators and integrators
- Develop in-house style guides and templates
- Assist and mentor documentation contributors in adherence with defined standards
- Create supporting visual diagrams of documentation
- Conduct research on emerging security threats and vulnerabilities and incorporate mitigating security controls into the hardening standards
- Review existing security controls and hardening standards and make recommendations for improvements
- Keep up to date with industry trends and regulatory requirements related to information security
What can you bring to TD? Share your credentials, but your relevant experience and knowledge can be just as likely to get our attention. It helps if you have:
- University degree or/equivalent with 5 years of related work experience
- 3+ years of experience with developing and maintaining security hardening standards
- 5+ years of technical writing experience, specifically with security, cloud, software, or infrastructure documentation
- 2-3 years of experience with Cloud platforms such as Amazon Web Services (AWS), Azure and Google Cloud Platform (GCP)
- Strong written and verbal communication skills with the ability to synthesize information from a multitude of resources and compile all relevant information clearly and comprehensively
- Knowledge of cloud concepts, Github and technologies
- Skilled in documenting APIs
- Proven work experience with ContentOps, including build processes, docs pipelines, troubleshooting markup, builds, or CMS issues, and creating guidance and instructions
- Ability to learn new tools and processes quickly while adapting to change
- Proven experience working with service-oriented architecture for cloud-based services
- Experience and exposure to threat modelling and design reviews to assess security implications and requirements for the introduction of new technologies
- Skilled in representing technical viewpoints to diverse audiences and in making timely and prudent technical risk decisions
- Proven work experience with performing tasks and sub-tasks to design, build, or integrate IT solutions
- Knowledge of technical engineering artifacts, including requirements traceability matrices, network diagrams, bills of materials, data flow diagrams, installation procedures or operations manuals
- Familiarity with IT service management processes and concepts, including change management, incident management, problem management and configuration management
- Knowledge of cybersecurity concepts, including threats, vulnerabilities, security operations, encryption, boundary defense, auditing, authentication, and risk management
- Knowledge of federal IT and cloud security policies, including FISMA, FedRAMP, NIST 800-53, and DoD Cloud SRG and applying them to the design and implementation of cloud solutions to achieve an authorization to operate (ATO)
- Strong interpersonal and communication skills; ability to work in a team environment
- Knowledge around implementation, configuration, and administration of network and system security tools, including network firewalls, intrusion detection systems (IDS), intrusion prevention systems (IPS) anti-malware, vulnerability scanning, encryption, monitoring, or IAM tools
- Valid certification such as CompTIA Security+, CISSP, CCSP or CCSK, CISM, CRISC are a plus
- Azure, GCP, or AWS Certifications are a plus
Join in on what others in TD Technology Solutions are doing:
- Inspire a positive work environment and help champion quality, innovation, teamwork and service to the business.
- Learn voraciously, stretch your thinking,
At TD, we are committed to fostering an inclusive, accessible environment, where all employees and customers feel valued, respected and supported. We are dedicated to building a workforce that reflects the diversity of our customers and communities in which we live and serve. If you require an accommodation for the recruitment/interview process (including alternate formats of materials, or accessible meeting rooms or other accommodation), please let us know and we will work with you to meet your needs.