Responsible for timely execution of assigned areas of the TDA Infrastructure and Cybersecurity Audit plan in accordance with the International Professional Practices Framework issued by the Institute of Internal Auditors. This will provide reasonable assurance to key business partners and stakeholders that TDA's systems of internal control will ensure safeguarding of assets and ensure compliance with established policies, procedures, laws, and regulations in an effective and efficient manner (i.e., an independent evaluation of management's assessment and conclusion on the adequate design and effective operations of the systems of internal control). This role will focus on TDAs Technology Infrastructure and the Firm's Cybersecurity control processes and technologies.

RESPONSIBILITIES:

• Lead Execution of the Audit Plan for Infrastructure and Cybersecurity and Assist in development of long term strategy based on company goals.
• Evaluate key risks of the assigned department or functional area.
• Understand scope of the audit in conjunction with the Senior Auditor, Audit Manager and/or Audit Director.
• Review risk assessment results of assigned department or functional area in established/required timeline with the Senior Auditor, Audit Manager and/or Audit Director.
• Evaluate processes throughout audit to ensure scope is appropriate and risk environment identified is accurate.
• Apply IT general controls concepts and auditing theories, procedures and techniques.
• Analyze design and operating effectiveness of systems of internal control.
• Perform process walkthrough of assigned functional area through discussions with key operating personnel using effective interviewing techniques.
• Accurately document the results of process walkthroughs and prepare work papers.
• Communicate and apply Infrastructure and Cybersecurity control concepts and auditing theories, procedures and techniques to various applications, platforms, databases or operating system environments. Strong knowledge and expertise with NIST and COBIT Partner with key business leaders and develop viable recommendations to establish and enhance the internal control environment, including as building relationships with cybersecurity leaders, including CISO.
• Develop and nurture relationships with key leaders in the technology and risk organization, demonstrating a solid understanding of the industry and related technology.
• Prepare and present to technology leadership the results of audits, including identified issues.
• Maintains project schedule by monitoring project progress; coordinating activities; resolving problems and leveraging guidance from senior staff as needed.
• Provide performance feedback and coaching to direct reports and others. Uphold high standards for performance ratings and alignment with compensation.
• Research product and technical data for ongoing enterprise projects.
• Assist senior staff to analyze project/products and determine security requirements and controls required to effectively secure the project.
• With guidance senior staff, propose and implement information security strategies and solutions in support of enterprise initiatives.
• Ensure audit techniques and approaches used by the audit team(s) are consistent with approved practices and evaluate those practices to ensure audit plan is executed in an effective and efficient manner, while providing sufficient risk-based coverage of key business processes.
• Assist senior staff to analyze project/products and determine security requirements and controls required to effectively secure the project.

REQUIREMENTS:

• 4 Year College Degree in Computer Science, Information Systems, Accounting or related major.

• Military education or experience may be considered in lieu of civilian requirements listed.

• Minimum of one (1) year of related experience in a technology audit or related field.

• Minimum of one (1) year of related experience working in information cybersecurity, infrastructure, and/or related technology roles.

• CISSP, CISM, CEH, OSCP or CISA certification required.

• Strong knowledge and experience of technology infrastructure processes, controls and technologies for infrastructure engineering, network management, infrastructure operations, voice and telecommunications, Cloud platforms, incident and problem management, systems monitoring, business continuity and disaster recover planning and technology risk.

• Strong knowledgeable and experience in Cybersecurity processes, controls and technologies for vulnerability and threat management, software security, security engineering and architecture, security incident detection and response management and Cloud and data security.

• Knowledge and practical experience of cybersecurity technologies.

• Experience with secure design principles and Security model concepts.

• Experience with Web-based and Mobile systems vulnerabilities.

• Understanding of TCP/IP networks and related technologies.

• Working knowledge of relational and non-relational databases.

• Knowledge of systems development life cycle methodology and practices (e.g., Agile).

• Must be able to communicate effectively (orally and written) with professionalism and possess strong presentation skills among all levels of management. Can hold difficult or sensitive discussions with confidence, while gaining and/or maintaining the trust of others. Is articulate and composed when delivering difficult messages to clients.

• Ability to communicate and convey, both verbally and written, complex technical security related concepts to business and technology teams.

• Demonstrates an in-depth and current knowledge of relevant industry, accounting, operational and/or technology/infrastructure.

• Working knowledge of COBIT 2019 framework.

• Ann Arbor, Michigan; Ann Arbor, Nebraska; Ann Arbor, New Jersey

At TD Ameritrade we help individual investors pursue their financial goals through our brokerage subsidiaries. For more than 40 years we have been serving individual investors – from the first-time investor to the sophisticated trader, and from the “do-it-yourself” to the “do-it-for-me” investor. We offer a broad range of investment tools and services – all at a great value.

We engage with our clients in many different ways including online, on-the-go via mobile applications, over the phone or through independent registered investment advisors. Our clients choose how they want to work with TD Ameritrade – not the other way around.