The role of Manager, Cyber-Fraud Incident Management is responsible for cyber-fraud threat prevention, incident management and response.
Serving as a key subject matter expert (SME) within the Protect Platform, this position works with a team of cyber-fraud incident specialists and managers to manage and mitigate cyber-fraud risk.
This role is part of a fast-paced team of experts that identifies, investigates, disrupts, and prevents account-level attacks targeting the global digital properties of TD.
This will be achieved by drawing upon deep knowledge of incident management, digital fraud, risk-based authentication, bot mitigation and identity proofing.
Using threat detection, analysis, correlation capabilities and tools, this role supports the development of a comprehensive picture of the short to long term cyber-fraud threat landscape and is expected to support in designing controls, practices and solutions to prevent, detect and mitigate these threats and events.
This role works closely with team members across the Cyber-Fraud and broader Protect Platform team.
The incumbent should possess strong experience in cyber security and / or cyber enabled fraud, with strong expertise in a combination of incident management, digital identity proofing;
risk-based authentication and authentication logic flaws; bot-mitigation; and security information and event management tools.
The incumbent must demonstrate a history of positive outcomes in advocacy work with a cross-functional executive audience.
They must maintain the highest professional standards regarding personal conduct while performing work and must possess the ability to communicate complex information, concepts, and ideas in a confident, well organized, and succinct manner.
Responsibilities / Accountabilities :
Provide incident management response and support on a 24 / 7 basis (or as needed) from triage through to containment and remediation
Ability to provide leadership and technical guidance on related major incident conference calls
Lead or participate in post incident reviews to ensure continuous learning and identify recurring themes across multiple incidents that may require dedicated attention
Through thorough incident analysis, identify and propose solutions to reduce our attack surface and exposure to cyber-fraud incidents targeting TD's global infrastructure including but not limited to online and mobile banking and investment, insurance, and loyalty web-applications and other customer and non-customer facing platforms
Rapid response, analysis, recommendations associated with third-party data compromise events that have a direct effect on TD customer digital authentication
Produce and maintain incident documentation in various formats including incident chronology, stakeholder status updates, executive briefing notes, and post-incident reports
Act as a leader within the team and provide coaching and support to the Cyber-Fraud Analysts, ensuring quality and efficiency for event and incident activities and appropriate documentation
Meet with peers and the broader team on a regular basis to present results and action plans related to problem management activities and regulatory requirements
Facilitate meetings with and provide communications to internal business groups including CISO, Fusion, Digital, Legal, Privacy, ORM, and FRM and executives throughout incident and problem lifecycle
Contribute to the advancement of incident management capabilities
Ensure that identified problems are referred to an appropriate problem management team or process and participate in required advocacy
Ability to collect and document business requirements related to cyber-fraud projects and initiatives
Ability to convey business and data requirements to support automation of existing manual analysis
Conduct retrospective analysis framework to deepen understanding around existing and emerging attack modalities
Supports Cyber Fusion strategic initiatives including investigations and risk-assessment, testing, and solutioning activities
Supports the expansion of incident management model across other functional teams (including North American Fraud Operations)
Working knowledge of ITIL V4 Service Management Framework with specialization on Incident and Problem Management processes (Foundation certification preferred)
Related industry certification is an asset (preferred CISSP, CISM)
Preferred computer sciences degree or equivalent experience
Preferred incident handler / manager certification (ex. GCIH)