Product Owner I (Customer Identity & Access Management (CIAM) Risk and Controls Manager)

Work Location:
Toronto, Ontario, Canada

Hours:
37.5

Line of Business:
Enterprise Enabling Functions

Pay Details:
$96,900 - $136,800 CAD

TD is committed to providing fair and equitable compensation opportunities to all colleagues. Growth opportunities and skill development are defining features of the colleague experience at TD. Our compensation policies and practices have been designed to allow colleagues to progress through the salary range over time as they progress in their role. The base pay actually offered may vary based upon the candidate's skills and experience, job-related knowledge, geographic location, and other specific business and organizational needs.

As a candidate, you are encouraged to ask compensation related questions and have an open dialogue with your recruiter who can provide you more specific details for this role.

Job Description:

Customer Identity & Access Management (CIAM) Risk and Controls Manager

Role Overview:

Customer Identity and Access Management (CIAM), part of TD Global Technology & Solutions, is responsible for safeguarding the Bank and its customers from fraud, financial crimes, and other data protection risks.

The CIAM Risk & Controls team owns and enforces TD CIAM Control Standards, across all TD entities and operational jurisdictions with customer-facing operations. CIAM Risk & Controls operates as a First Line of Defense (1A) function, supporting CIAM product and technology teams to ensure secure customer banking experiences, reduce risk, and maintain customer confidence and trust.

We are seeking a seasoned, detail-oriented, and results-driven CIAM Risk and Controls Manager to join our team to support risk governance, control oversight, and compliance initiatives in a highly regulated environment. Reporting to the Senior Manager, CIAM Risk & Controls, this role plays a key part in maturing our CIAM program and ensuring alignment with internal policy and external regulatory and industry standards.

The ideal candidate will be able to demonstrate a proven track record of:

• Working experience in risk and control gap identification and remediation, working collaboratively with technology and business stakeholders to ensure timely and effective resolution.
• Knowledge and understanding of identity and access management (IAM) principles and familiarity or direct exposure to relevant industry standards related to information and cybersecurity (e.g., NIST CSF, NIST 800.63, ISO 27001, CIS Controls).
• Thorough understanding and prior working experience in one or more of the Three Lines of Defense.
• Working experience with internal audit and regulatory exams and remediation efforts, including documentation and management of evidence artifacts, progress reporting, and support to executive leadership updates.
• Identifying opportunities to improve program and team effectiveness and embracing innovation and automation where practicable.
• Knowledge of CIAM tools and systems, and integration with governance, risk, and controls (GRC) tools is a definite asset.

• Act as an advisor to TD technology asset owners and lines of business, providing guidance and support related to CIAM standards, risk governance, control design, and best practices.
• Provide support to the CIAM Control Standards lifecycle, ensuring alignment with industry peer benchmarks, industry standards, and regulatory requirements.
• Develops, maintains, and enhances CIAM process controls to monitor adherence to CIAM Control Standards.
• Investigate and understand cross-segment end-to-end customer interaction and transaction process flows, ensuring alignment to TD CIAM Control Standards and raising risk awareness of identified control gaps.
• Consult with internal stakeholders (e.g., Risk Management, other control functions, Business Segments, etc.) and external experts and counterparts (e.g., industry and professional associations, peer banks, etc.) on the implications of risks related to customer identity and authentication in current and emerging technology and banking trends.
• Stay current with applicable regulatory expectations and emerging CIAM trends.

• Support CIAM Product and Technology teams risk assessments, including but not limited to, reviewing Change Risk Assessment (CRA), Privacy Impact Assessment (PIA), etc.
• Support regulatory and internal audit remediation efforts, including evidence documentation and executive reporting.
• Prepare and deliver updates to governance committees (e.g., Identity Assurance Management Committee).

• Monitor adherence to CIAM Control Standards and escalate gaps or deficiencies.
• Identify IAM control weaknesses in customer-facing processes and assets and work collaboratively with risk partners and technical and business stakeholders to drive remediation.
• Consolidate and synthesize findings and support communication of actionable recommendations to senior leadership.
• Drive continuous improvement in control effectiveness, operational efficiency, and customer experience.

• Partner with Risk Marketplace (1B), second-line functions (AML, Compliance, Legal), and third-line audit teams.
• Act as liaison with 3LOD partners for for regulatory inquiries and external audits.

• Undergraduate degree in Information Security, Risk Management, Computer Science, or related discipline is an asset.
• Advanced degree (MBA, MS in Cybersecurity) preferred.
• 5-7+ years in Identity & Access Management (IAM), Risk Management, or Cybersecurity
• Financial services experience is an asset.
• Proven experience in risk assessments, control design, and regulatory remediation.
• Familiarity with CIAM tools and GRC platforms.

• Certified Identity and Access Manager (CIAM) or equivalent IAM certifications
• CISM (Certified Information Security Manager)
• CISSP (Certified Information Systems Security Professional)
• CRISC (Certified in Risk and Information Systems Control)
• CIPM (Certified Information Privacy Manager) or CIPP for privacy expertise
• ITIL Foundation for process governance

• Advanced knowledge of IAM principles, identity proofing, fraud prevention, and data protection.
• Proficiency in risk frameworks (NIST, ISO, CIS) and regulatory compliance standards.
• Hands-on experience with CIAM platforms and integration with GRC tools.
• Strong understanding of change management, and testing methodologies.

• Bias for Action: Make informed risk-based decisions quickly; take action to deliver on business objectives swiftly over endless deliberation and inaction.
• Adaptability: Able to work effectively in an often high-stress environment on high-profile time-bound initiatives.
• Analytical and detail oriented: Stay connected to details, audit frequently, and are skeptical when data differs.
• Strategic Thinker: Able to align CIAM initiatives with TD business objectives and regulatory requirements.
• Effective Communicator: Excellent oral and written communication skills with ability to concisely and effectively translate complex technical risks into business impact messaging that resonates with executive audiences.
• Relationship-focused: Ability to build strong relationships across business and technology teams.
• Integrity & Accountability: Uphold the highest standards of ethics and compliance; have conviction and do not compromise for the sake of team cohesion.
• Leadership: Seeks and accepts responsibility.
• Curiosity & Fearlessness: Willing to accept new challenges outside your comfort zone and are unafraid to fail fast and learn.