TD Ameritrade Senior Analyst, Security Risk Management in St. Louis, Missouri

The TDA Security Risk Management (SRM) Group, under the leadership of the Chief Information Security Officer (CISO), is tasked to protect information assets in support of TDA business objectives and in conformity with TDA policies. The Vulnerability and Threat Management Team is a core function of SRM and is primarily responsible for ensuring that IT systems are engineered and designed in a secure manner. The Vulnerability and Threat Management (VTM) Team is a core function of SRM and is tasked with continually improving the security posture of TDA through the analysis of vulnerability and threat data, responding appropriately to the results of such analysis, providing security-related guidance, developing security policies and evangelizing security matters throughout the company. The Security Business Practices Analyst will be focused on the governance, risk and compliance (GRC) aspects of VTM and is primarily responsible for managing the security policy program as well as policy and exception management processes. The Security Business Practices Analyst will also assist with the management of the corporate enterprise governance, risk and compliance (GRC) platform.

Well qualified candidates for this position will demonstrate the following key traits:

  1. Ability to communicate effectively with a variety of internal stakeholders including C-level

  2. Ability to partner with and influence peers to ensure security requirements are understood and met

  3. Interest in financial services, trading platform processes and technologies, and corporate security

Well qualified candidates will also demonstrate expertise in the following technical areas:

  1. Strong writing, organizational, analytical and communications skills

  2. Experience with project management or managing a workflow

  3. Familiarity with Information Security frameworks and standards (i.e. CIS, NIST, ITIL)

  • Oversee and track the progression of security policy exceptions and website exceptions in Archer

  • Assign risk level to Security Policy Exceptions based on likelihood and impact.

  • Consult with Vulnerability Threat Management, vendor assessments, Software Security Assessment, and Architecture teams to analyze and collect risk data from existing vulnerability, vendor management, project, threat management, and application related processes

  • Explain the risk related to the organization as well as recommend options to reduce the risk to an acceptable level

  • Manage workflow in Archer

  • Develop and deploy new policies and standards and process policy/standard change requests

  • Create and distribute risk reports relating to exceptions on a weekly basis to Senior Manager and Director outlining the risks introduced based on new exception requests

  • Create reports relating to SLA performance

  • Provide reports to the CISO on the areas of policy risk based on categories, and exception type

  • Perform quarterly ICAP testing

  • Maintain and update policies

  • Ability to positively influence the behavior of peers and build relationships with other teams without direct authority over those teams.

  • Assess current practices and identify relevant policies to ensure state of the art development practices as they relate to security.

  • Minimum of 3-5 years of experience in security policy and exception management as well as overall security risk management experience.

  • B.A./B.S. degree in related discipline.

  • Experience in Information Technology or Security required.

  • Ability to perform problem solving in a complex demanding environment.

  • Must be resourceful, creative, innovative, results driven, and adaptable.

  • Solid problem solving and analytical skills.

  • Competent designer of mixed-technology solutions.

  • Ability to perform in a fast-paced multidisciplinary environment.Information Security and control certifications in at least one of the following: CISSP, CISM, CRISC, or Security Plus.

  • Military education or experience may be considered in lieu of civilian requirements listed

TD Ameritrade is an equal opportunity employer. At TD Ameritrade we believe that people matter. We value diversity and believe that it transcends race, national origin, age, marital status, gender identity / expression, sexual orientation, citizenship status, service in the armed forces, disability, thoughts, ideas and perspectives. Our commitment to building an inclusive culture is aimed at attracting and retaining diverse talent, clients and shareholders to the firm. It's a belief that's core to the success of our organization.