Senior Manager CIAM Risk and Controls

Work Location:
Mount Laurel, New Jersey, United States of America

Hours:
40

Pay Details:
$115,440 - $173,160 USD

TD is committed to providing fair and equitable compensation opportunities to all colleagues. Growth opportunities and skill development are defining features of the colleague experience at TD. Our compensation policies and practices have been designed to allow colleagues to progress through the salary range over time as they progress in their role. The base pay actually offered may vary based upon the candidate's skills and experience, job-related knowledge, geographic location, and other specific business and organizational needs.

As a candidate, you are encouraged to ask compensation related questions and have an open dialogue with your recruiter who can provide you more specific details for this role.

Line of Business:
Governance & Control
Job Description:

The Governance and Control Senior Manager is accountable for ensuring the channel is meeting its compliance obligations to a number of internal and external stakeholders including Interac, Visa, MasterCard, TRMIS, Strategic Sourcing, OFSFI, Quarterly Sarbanes Oxley, Global AML, SAS 70 Reviews, Business continuity planning, and Risk self-assessments. This position will take a leadership role in identifying operational risks and ensuring the appropriate controls are introduced and followed to ensure risks are well communicated, understood and mitigated where possible. This role will be accountable for channel compliance to external regulatory agencies.

Depth & Scope:

• Develops an Operational Risk Oversight model for the ATM channel which consolidates known risks, documents existing controls and fits within the overall Direct Channels/TDBFG risk framework
• Participates within all external audits (Interac, Visa PCI, MasterCard), tracking of non-compliant items with development of action plans to address any gaps
• Ensures ATM Channel remains compliant to current Accessibility standards - provides input into the evolution of existing standards
• Represents channel through participation in information security Risk oversight model (TRMIS)
• Remains current on changes and trends to internal/external operational risks that would impact the channels risk profile
• Remains current on external regulatory changes and understands impact to ATM channel operational environment
• Accountable for the development and execution of the ATM Channels BCM Plan including Pandemic Planning
• Accountable for the assessment of vendor BCM plans to ensure risks are understood and mitigated
• Works with internal audit in the completion of operational audits with the channels including tracking and mitigation of any findings
• Liaises on a regular basis with various internal risk based departments to ensure all Regulatory and Operational requirements are understood and met
• Develops and maintains relationships with external organizations that create the ATMs channels regulatory environment
• Monitors fraud trends within the channel and works with ATM operations to mitigate
• Accountable for the delivery of all risk based reporting in support of the channel
• Primary relationship owner for Operational/Regulatory Risk, Audit, Direct Channels Risk/Compliance oversight and External Agencies that audit our controls against their standards
• Develops and maintains an operating budget, ensuring adherence to budget, and taking corrective action as necessary
• Provides input and assistance to senior management in developing budget and ensures adherence to assigned budgetary factors
• Utilizes and follows Compliance/Risk control programs
• Works with business partners to minimize/eliminate the number of non-compliant items
• Supports and assists with the implementation of company policies, procedures and practices
• Participates on cross-functional project teams and task groups, including those in support of conversion activities
• Takes ownership of and contributes to the ongoing improvement of the Customer experience
• Has a high degree of business acumen in terms of analyzing and understanding business decisions, highly motivated to achieve results, and a commitment to operational and service excellence
• Manages a high performing team in the delivery of accountabilities
• Encourages team to achieve common goals and objectives through effective leadership of people and creates an open, diverse and supportive work environment; acts as a role model
• Develops a team of high quality resources by participating in selection of team members and assessment of performance
• Administers employees in compliance with all human resource policies, procedures and guidelines of conduct
• Successfully completes all required online training and ensures staff completes all required online training

• Owns the CIAM Standard, associated Technical Specifications, and Controls Library, including ongoing maintenance and enhancements throughout the Standards lifecycle, ensuring alignment with industry peer benchmarks, industry standards, and regulatory requirements.
• Acts in a consultative advisory role to TD technology asset owners and lines of business, providing definitive guidance and support related to CIAM standards, risk governance, control design, and best practices.
• Understand cross-segment end-to-end customer interaction and transaction process flows, ensuring alignment to CIAM Standards and raising risk awareness of identified control gaps.
• Consult with internal stakeholders (e.g., Risk Management, other control functions, Business Segments, etc.) and external experts and counterparts (e.g., industry and professional associations, peer banks, etc.) on the implications of risks related to customer identity and authentication in current and emerging technology and banking trends.
• Stay current with applicable regulatory expectations and emerging IAM trends.

• Support CIAM Product and Technology teams risk assessments, including but not limited to, reviewing Change Risk Assessment (CRA), Privacy Impact Assessment (PIA), etc.
• Support regulatory and internal audit remediation efforts from a CIAM Standards compliance perspective.
• Review and deliver updates to governance committees (e.g., Identity Assurance Management Committee).

• Support CIAM Standards compliance monitoring and escalate gaps or deficiencies.
• Identify IAM control weaknesses in customer-facing processes and assets and work collaboratively with risk partners and technical and business stakeholders to drive remediation.
• Drive continuous improvement in CIAM Standard, control effectiveness, operational efficiency, and internal stakeholder and customer experience.

• Lead a team of dedicated CIAM professionals with expertise in compliance and risk controls..
• Work closely with Cyber and Application Security teams for visibility into current and emerging IAM risks and engage CIAM Product and Engineering teams to adjust CIAM roadmap and Standards as necessary.
• Collaborate with Workforce IAM counterparts to ensure alignment and identify efficiency opportunities.
• Work closely with CIAM Product and Engineering, line of business, and supporting Technology leaders to ensure alignment between CIAM capability roadmap, provide guidance regarding CIAM Standards compliance, and identify where planned new technologies and customer platforms may require enhancements to the CIAM Standard.
• Partner with Risk Marketplace (1B), second-line functions (AML, Compliance, Legal), and third-line audit teams.

• Undergraduate degree in a business related discipline is required
• 10+ years of related experience
• Risk professional with previous experience within an operations and/or technology environment
• Strong interpersonal skills with the ability to lead in a team environment
• Strong problem solving skills with ability to identify problems, recommend solutions and present recommended approach
• Previous exposure to Operational Risk, Compliance and/or Audit
• Strong negotiation skills
• Solid understanding of Project Management methodology
• Excellent verbal and written communication skills
• Ability to prioritize and meet tight timelines
• Team player who takes initiative to accomplish department objectives
• Works with minimal supervision and meets demanding turnaround times
• High proficiency in Microsoft Applications (PowerPoint, Excel, Word)
• Well organized, detailed individual with the ability to multi task in a fast paced environment with deadlines

• Extensive background in identity and access management (IAM) principles and direct exposure to relevant industry standards related to information and cybersecurity (e.g., NIST CSF, NIST 800.63, ISO 27001, CIS Controls).
• Deep technical understanding of IAM tools and architecture supporting identity proofing and authentication functions.
• Solid understanding and experience in compliance enforcement of IAM and/or other information/cybersecurity standards.
• Comprehensive experience in risk and control gap identification and remediation, working collaboratively with technology and business stakeholders to ensure timely and effective resolution.
• Thorough understanding and prior working experience in one or more of the Three Lines of Defense.
• Working experience with operational risk management, internal audit, and regulatory exams and remediation efforts, including documentation and management of evidence artifacts, progress reporting, and support to executive leadership updates.
• Identifying opportunities to improve program and team effectiveness and embracing innovation and automation where practicable.
• Knowledge of CIAM tools and systems, and integration with governance, risk, and controls (GRC) tools is a requirement.

• Domestic Travel - Occasional
• International Travel - Occasional
• Performing sedentary work - Continuous
• Performing multiple tasks - Continuous
• Operating standard office equipment - Continuous
• Responding quickly to sounds - Occasional
• Sitting - Continuous
• Standing - Occasional
• Walking - Occasional
• Moving safely in confined spaces - Occasional
• Lifting/Carrying (under 25 lbs.) - Occasional
• Lifting/Carrying (over 25 lbs.) - Never
• Squatting - Occasional
• Bending - Occasional
• Kneeling - Never
• Crawling - Never
• Climbing - Never
• Reaching overhead - Never
• Reaching forward - Occasional
• Pushing - Never
• Pulling - Never
• Twisting - Never
• Concentrating for long periods of time - Continuous
• Applying common sense to deal with problems involving standardized situations - Continuous
• Reading, writing and comprehending instructions - Continuous
• Adding, subtracting, multiplying and dividing - Continuous