TD Ameritrade Senior Analyst, Security Risk Management in St. Louis, Missouri
The TDA Security Risk Management (SRM) Group, under the leadership of the Chief Information Security Officer (CISO), is tasked to protect information assets in support of TDA business objectives and in conformity with TDA policies. The Vulnerability and Threat Management Team is a core function of SRM and is primarily responsible for ensuring that IT systems are engineered and designed in a secure manner. The Vulnerability and Threat Management (VTM) Team is a core function of SRM and is tasked with continually improving the security posture of TDA through the analysis of vulnerability and threat data, responding appropriately to the results of such analysis, providing security-related guidance, developing security policies and evangelizing security matters throughout the company. The Security Business Practices Analyst will be focused on the governance, risk and compliance (GRC) aspects of VTM and is primarily responsible for managing the security policy program as well as policy and exception management processes. The Security Business Practices Analyst will also assist with the management of the corporate enterprise governance, risk and compliance (GRC) platform.
Well qualified candidates for this position will demonstrate the following key traits:
Ability to communicate effectively with a variety of internal stakeholders including C-level
Ability to partner with and influence peers to ensure security requirements are understood and met
Interest in financial services, trading platform processes and technologies, and corporate security
Well qualified candidates will also demonstrate expertise in the following technical areas:
Strong writing, organizational, analytical and communications skills
Experience with project management or managing a workflow
Familiarity with Information Security frameworks and standards (i.e. CIS, NIST, ITIL)
Oversee and track the progression of security policy exceptions and website exceptions in Archer
Assign risk level to Security Policy Exceptions based on likelihood and impact.
Consult with Vulnerability Threat Management, vendor assessments, Software Security Assessment, and Architecture teams to analyze and collect risk data from existing vulnerability, vendor management, project, threat management, and application related processes
Explain the risk related to the organization as well as recommend options to reduce the risk to an acceptable level
Manage workflow in Archer
Develop and deploy new policies and standards and process policy/standard change requests
Create and distribute risk reports relating to exceptions on a weekly basis to Senior Manager and Director outlining the risks introduced based on new exception requests
Create reports relating to SLA performance
Provide reports to the CISO on the areas of policy risk based on categories, and exception type
Perform quarterly ICAP testing
Maintain and update policies
Ability to positively influence the behavior of peers and build relationships with other teams without direct authority over those teams.
Assess current practices and identify relevant policies to ensure state of the art development practices as they relate to security.
Minimum of 3-5 years of experience in security policy and exception management as well as overall security risk management experience.
B.A./B.S. degree in related discipline.
Experience in Information Technology or Security required.
Ability to perform problem solving in a complex demanding environment.
Must be resourceful, creative, innovative, results driven, and adaptable.
Solid problem solving and analytical skills.
Competent designer of mixed-technology solutions.
Ability to perform in a fast-paced multidisciplinary environment.Information Security and control certifications in at least one of the following: CISSP, CISM, CRISC, or Security Plus.
Military education or experience may be considered in lieu of civilian requirements listed
TD Ameritrade is an equal opportunity employer. At TD Ameritrade we believe that people matter. We value diversity and believe that it transcends race, national origin, age, marital status, gender identity / expression, sexual orientation, citizenship status, service in the armed forces, disability, thoughts, ideas and perspectives. Our commitment to building an inclusive culture is aimed at attracting and retaining diverse talent, clients and shareholders to the firm. It's a belief that's core to the success of our organization.