Mgr Information Security - Pen Testing

TD Bank-posted 1 day ago
$87,000 - $151,000/Yr
Full-time • Manager
Hybrid • Mount Laurel, NJ
5,001-10,000 employees
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

The Manager Information Security manages / leads a team of Technology Controls / Information Security experts in the development and/ or management of relevant strategies, programs, tools, frameworks and policies and provides specialized oversight / control / governance activities for a key business line/segment or transformational (change the bank) strategic initiative / program, liaising across the organization and primarily interfacing with executive and/or functional stakeholders to minimize overall technology risks to the Bank for own area. This position manages junior level penetration testers, vendor coordination for multiple testing services, processes, procedures and scheduling for penetration, dynamic scanning, and manual code review testing services.

  • Vendor Management: Manage and coordinate penetration testing engagements with vendors.
  • People Management: Manage a team of Junior level penetration testers and their development.
  • DAST: Manage the DAST program and tooling. Familiarity with current industry tooling and technologies and those being introduced.
  • Facilitate Penetration Tests: Perform thorough and methodical penetration testing.
  • Evaluate and Assign: penetration tests to appropriate resources.
  • Vulnerability Assessment: Assess and analyze security weaknesses, and provide actionable recommendations to mitigate risks and improve overall security posture.
  • Report Findings: Document and communicate findings clearly and effectively to both technical and non-technical stakeholders. Prepare comprehensive reports with recommendations for remediation.
  • Develop Test Procedures: Design and execute detailed test requirements.
  • Stay Current: Keep up-to-date with the latest security trends, vulnerabilities, and tools to ensure testing methodologies are current and effective.
  • Collaborate with Teams: Work closely with IT and development teams to understand system architectures, provide guidance on security best practices, and support the implementation of security improvements; work closely with advisory and SDLC pipeline teams to ensure compliance; work closely with PCS team to manage PCI testing requirements. This position will collaborate with many application security teams.
  • Perform Risk Assessments: Evaluate and assess potential security risks related to new and existing systems and technologies.
  • Compliance: Ensure that penetration testing practices comply with relevant regulations, standards, and organizational policies.
  • Incidents: Act as a testing SME on incident calls; support testers on the calls.
  • Participate in computer security incident responses relevant to business (or enterprise wide) and represent respective function and Enterprise position to the business, and business needs to incident response team
  • Advanced knowledge of Bank, technology standards and managing people / projects
  • Leads a small team of IT professionals; coaches/ educates, monitors and manages team members
  • Strong communication, negotiation and organizational skills specifically including the ability to present options in business terms to both IT and business staff including executives
  • Bachelor's degree preferred
  • Information security certification / accreditation an asset
  • 7+ years of relevant experience
  • Penetration testing, DAST, Manual Code Review knowledge.
  • Strong analytical and problem-solving abilities with attention to detail.
  • Manage documents and procedures for testing team.
  • This job requires exceptional ability to multi-task with multiple workstreams to manage daily.
  • Excellent verbal and written communication skills, with the ability to convey complex technical concepts to non-technical stakeholders.
  • Demonstrated understanding of ethical hacking principles and a commitment to maintaining high ethical standards.
  • Technical Skills: Proficiency in penetration testing tools such as Metasploit, Burp Suite, Nmap, and Kali.
  • Knowledge of common web application vulnerabilities (e.g., OWASP Top Ten) and network security principles.
  • Experience with penetration testing in AI, cloud environments (e.g., AWS, Azure) and PCI testing.
  • Familiarity with security standards and frameworks.
  • Previous experience managing and developing teams.
  • Relevant certifications such as Offensive Security Certified Professional (OSCP), Certified Ethical Hacker (CEH), or GIAC Penetration Tester (GPEN) are highly desirable.
  • Total Rewards at TD includes base salary and variable compensation/incentive awards (e.g., eligibility for cash and/or equity incentive awards, generally through participation in an incentive plan) and several other key plans such as health and well-being benefits, savings and retirement programs, paid time off (including Vacation PTO, Flex PTO, and Holiday PTO), banking benefits and discounts, career development, and reward and recognition.
Track Jobs with Teal

Job Search Resources

Resume Builder
Resume Examples
Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service