Head of Security GRC & Regulatory Assurance

Head of Security GRC & Regulatory Assurance – TMX Group. Reporting to the Chief Information Security Officer, the Head, Security Regulatory Compliance is a senior position accountable to ensure that all TMX business units and legal entities meet their cyber security regulatory requirements and manage cyber risk in accordance with the TMX Information Security Policy.

• Works with business heads and the Boards to implement information security services and controls that manage their national and global business and compliance cyber risks
• Advises and reports to heads of TMX Business Units, the Board and the TMX EORC on cyber security regulatory matters and implications of new regulations coming from provincial, federal or international forums (e.g. Bank of Canada’s Expectations for Cyber Resilience for Financial Markets Infrastructures)
• Manages the relationship with key regulators such as Bank of Canada, OSFI, AMF, OSC, other provincial regulators, etc on topics of cyber resilience, and reports on behalf of TMX Business Units on specific compliance requirements
• Represents TMX in international bodies such as The International Organization of Securities Commissions (IOSCO), The Committee on Payments and Market Infrastructures (CPMI), international working groups (IWG) set up to implement the Principles for Financial Markets Infrastructures (PFMI) developed under the auspices of the Bank for International Settlements, World Federation of Exchanges (WFE), Working Groups sponsored by IOSCO, etc
• In partnership with business top management, establishes the information security strategy for the business / business partner area in line with their supervisory / regulatory obligations
• Develops and leads the implementation of strategies to reduce the likelihood of regulatory impacts due to non-compliance with the financial institution’s information security policies and standards, including local procedures specific to the business area
• Uses strategic relationships to influence at all levels of the organization
• Acts as primary point of contact and top technical authority for new and upcoming cybersecurity and cyber resiliency regulatory and supervisory requests and, in consultation with business leaders, provides comments on new rules, rules interpretations and guidance
• Works with business units heads to assess and plan for the financial impact and risk management requirements of new cyber-related regulatory requirements
• Develops and maintains a comprehensive understanding of the applicable cyber laws and regulations as well as requirements and resulting controls that enable compliance
• Develops the assessment program to review business areas compliance with cybersecurity regulatory obligations and report to the CISO, CIA and CRO
• Collaborates with the TMX Legal, Risk and Governance (LRG) department and the Enterprise Risk Management (ERM) department to ensure executive awareness of cyber security regulatory requirements, and to prepare and manage holistic cyber risk reports for the EORC and the Boards
• Acts as primary point of contact within ITSS to respond to TMX clients inquiries about TMX security posture, or TMX response to widely advertised security vulnerabilities that are of concern for TMX clients.

• Minimum 20 years of IT experience, of which minimum 10 years are in information security in the financial industry
• Demonstrated extensive knowledge of information security best practices and a specialized understanding of the business areas control and information security environment
• Knowledge of the Canadian cybersecurity and FMI regulations is a must
• Knowledge of the US and global cybersecurity and cyber resilience regulations
• Superior written and oral communication skill to be able to describe technical concepts to both technical and non-technical audiences that include heads of business units, board members, internal and external auditors, provincial and federal regulators
• Ability to work with multiple teams to achieve common goals and meet deadlines in a fast-paced environment
• Can work independently with limited supervision and direction

• Knowledge of the Canadian Financial Markets

Please note that our company is not currently sponsoring work permit applications and the applicant must be authorized to work in the country where this position is located. TMX is committed to creating and sustaining a collegial work environment in which all individuals are treated with dignity and respect and one which reflects the diversity of the community in which we operate. We provide accommodations for applicants and employees who require it.

• Executive

• Full-time

• Other, Information Technology, and Management