Chief Information Security Officer

Venture outside the ordinary - TMX Careers

The TMX group of companies includes leading global exchanges such as the Toronto Stock Exchange, Montreal Exchange, and numerous innovative organizations enhancing capital markets. United as a global team, we're connecting cross-functionally, traversing industries and geographies, moving opportunity into action, advancing global economic growth, and propelling progress. Through a rich exchange of ideas, meaningful collaboration, and a nimble operating model, we're powering some of the nation's most critical systems, fueling capital formation and innovation, bringing increased opportunity to business visionaries, product ingenuity to consumers, and career exploration to our team.

Ready to be part of the action?

The Chief Information Security Officer (CISO) is a key senior leadership position reporting to the Chief Information Officer (CIO) for TMX Group. The CISO is responsible for defining and executing TMX's global information security strategy. The role involves defining and implementing security policies, procedures, and programs to protect TMX's digital assets across all business units and all geographic locations. The CISO leads the efforts in identifying, assessing, and mitigating information security risks to ensure information confidentiality, integrity, and availability.

1. Lead, coach, and mentor a global, high performing IT Enterprise Security team which includes identity access management, security architecture, security tools and monitoring, and security governance, risk and compliance.
2. Responsible for TMX Executive and Board-level communication on TMX IT security posture and the TMX Technology security roadmap to the TMX Board and business unit sub-boards.
3. Advise, counsel, and educate executive and management teams on the relative importance and financial impact(s) of information security for their business unit.
4. Engage with regulatory bodies (i.e., Bank of Canada, etc.) for matters pertaining to cyber security.
5. Represent TMX Group on global industry committees that discuss, debate and share information and intelligence about global security, cyber terrorism, and cyber threats.
6. Provide leadership and oversight to our vulnerability management program and security and risk mitigation strategies.
7. Remain informed on trends and issues in the security industry, including current and emerging technologies.

1. Establish and maintain a TMX IT Security framework that ensures a comprehensive, requirements-driven approach to IT security planning, administration, operations, measurement and communication.
2. Implement a TMX enterprise security architecture that improves security and operational synergies while respecting unique line-of-business objectives and disparate regulatory requirements.
3. Lead the creation of "what-if" incident occurrences and the associated impact statements for TMX Group.
4. Lead strategic security planning to achieve business goals by prioritizing defense initiatives and coordinating the risk mitigation, evaluation, deployment, and management of current and future security technologies.
5. Develop, track, and control the security services annual operating and capital budgets for purchasing, staffing, and operations.

1. Ensure compliance with relevant laws, regulations, and industry standards across all TMX locations. This position leads TMX's response to security incidents and data breaches, working to minimize impact and prevent future occurrences.
2. Responsible for the development and implementation of policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of TMX's cybersecurity activities, including evaluating the effectiveness of the organization's cybersecurity safeguards to ensure intended levels of protection.
3. Develop, implement, maintain, and oversee enforcement of policies, procedures, and associated strategic plans for system security and identity management on industry-standard best practices.
4. Promote security awareness and training across the organization, ensuring all employees understand their roles in maintaining security and protecting sensitive information.

1. Requires a minimum 15 years progressive information technology management experience, managing technology, relationships, people, budgets, risks and projects in an information technology environment.
2. A University graduate, with a Bachelor's Degree in Computer Science, Engineering and / or Business Administration. A Master's degree in Computer Science, Engineering or Business is an asset.
3. Ability to assess emerging security standards and regulations development.
4. Ability to align security objectives and with overall company and business strategies. Strong negotiating, communication and presentation skills.
5. Ability to present ideas in business-friendly and user-friendly language.
6. Consistent track record of leading and developing high performing teams and attracting and retaining top talent.
7. Proven experience in planning, organizing, and developing IT security and facility security system technologies.
8. Advanced knowledge and understanding of general and specific Cyber and internal security threats and defenses including Perimeter Security, Anti-Malware, Intrusion Prevention and Countermeasure techniques.
9. Requires a broad based technical knowledge of Distributed Systems Platforms (Windows and UNIX), Network, Security, Enterprise Storage / SAN, Mainframe, High Availability Configurations, Systems Architecture, Database and Desktop.
10. Experience liaising and presenting with all levels within the organization including Board members and senior management as well as external parties including customers, regulatory bodies, auditors and vendors.
11. Excellent understanding of project management principles and budget ownership.
12. A standing member of industry standard security groups such as CISSP, ICS2, ISACA, etc.

In the market for…

1. Excitement - Explore emerging technology and innovation, as well as ventures and digital finance that shape the future of global markets! Experience the movement of the market while grounded in the stability of close to 200 years of success.
2. Connection - With site hubs in some of the world's most multicultural cities, we leverage our size and structure to create rich connections and belonging while experiencing powerful global impact through our work.
3. Impact - More than a platform, we use our talents to power mission-critical systems that drive global economic advancement, innovation, and growth. As well, our employee-led Team Impact spreads social good via our giving strategy.
4. Wellness - From empathetic leadership to a culture of flexibility and balance, we believe wellness at work creates the maximum yield and a stronger "we". Plus, with a cloud-first and hybrid workstyle, as well as generous time-off and leaves, we support a life well lived!
5. Growth - From a growth mindset in our work, to expansion in our business, TMX is home to action-takers energized by the achievement of ambitious growth.

Ready to enrich your career with impactful work, leaders who truly care, and the flexibility and programs to help you thrive as part of #TeamTMX? Apply now.

TMX is committed to creating and sustaining a collegial work environment in which all individuals are treated with dignity and respect and one which reflects the diversity of the community in which we operate. We provide accommodations for applicants and employees who require it.