Head of Security GRC & Regulatory Assurance

Venture outside the ordinary - TMX Careers

The TMX group of companies includes leading global exchanges such as the Toronto Stock Exchange, Montreal Exchange, and numerous innovative organizations enhancing capital markets. United as a global team, we’re connecting cross-functionally, traversing industries and geographies, moving opportunity into action, advancing global economic growth, and propelling progress. Through a rich exchange of ideas, meaningful collaboration, and a nimble operating model, we're powering some of the nation's most critical systems, fueling capital formation and innovation, bringing increased opportunity to business visionaries, product ingenuity to consumers, and career exploration to our team.

Ready to be part of the action?

Reporting to the Chief Information Security Officer, the Head, Security Regulatory Compliance is a senior position accountable to ensure that all TMX business units and legal entities meet their cyber security regulatory requirements and manage cyber risk in accordance with the TMX Information Security Policy.

• Works with business heads and the Boards to implement information security services and controls that manage their national and global business and compliance cyber risks
• Advises and reports to heads of TMX Business Units, the Board and the TMX EORC on cyber security regulatory matters and implications of new regulations coming from provincial, federal or international forums (e.g. Bank of Canada’s Expectations for Cyber Resilience for Financial Markets Infrastructures)
• Manages the relationship with key regulators such as Bank of Canada, OSFI, AMF, OSC, other provincial regulators, etc on topics of cyber resilience, and reports on behalf of TMX Business Units on specific compliance requirements
• Represents TMX in international bodies such as IOSCO, CPMI, international working groups (IWG) set up to implement the PFMI, World Federation of Exchanges (WFE), and other related groups
• In partnership with senior management, establishes the information security strategy for the business / business partner area in line with supervisory / regulatory obligations
• Develops and leads the implementation of strategies to reduce the likelihood of regulatory impacts due to non-compliance with information security policies and standards, including local procedures specific to the business area
• Uses strategic relationships to influence at all levels of the organization
• Acts as primary point of contact and top technical authority for new and upcoming cybersecurity and cyber resiliency regulatory and supervisory requests; provides comments on new rules, interpretations and guidance
• Works with business unit heads to assess and plan for the financial impact and risk management requirements of new cyber-related regulatory requirements
• Develops and maintains a comprehensive understanding of applicable cyber laws and regulations as well as requirements and resulting controls that enable compliance
• Develops the assessment program to review business areas' compliance with cybersecurity regulatory obligations and reports to the CISO, CIA and CRO
• Collaborates with the TMX Legal, Risk and Governance (LRG) department and the Enterprise Risk Management (ERM) department to ensure executive awareness of cyber security regulatory requirements and to prepare and manage holistic cyber risk reports for the EORC and the Boards
• Acts as primary point of contact within ITSS to respond to TMX clients' inquiries about TMX security posture and TMX responses to security vulnerabilities of concern for TMX clients

• Minimum 20 years of IT experience, of which minimum 10 years are in information security in the financial industry
• Demonstrated extensive knowledge of information security best practices and a specialized understanding of the business areas control and information security environment
• Knowledge of the Canadian cybersecurity and FMI regulations is a must
• Knowledge of the US and global cybersecurity and cyber resilience regulations
• Superior written and oral communication skill to describe technical concepts to both technical and non-technical audiences including heads of business units, board members, internal and external auditors, provincial and federal regulators
• Ability to work with multiple teams to achieve common goals and meet deadlines in a fast-paced environment
• Can work independently with limited supervision and direction

• Knowledge of the Canadian Financial Markets

Excitement - Explore emerging technology and innovation, as well as ventures and digital finance that shape the future of global markets! Experience the movement of the market while grounded in the stability of close to 200 years of success.

Connection - With site hubs in some of the world’s most multicultural cities, we leverage our size and structure to create rich connections and belonging while experiencing powerful global impact through our work.

Impact - More than a platform, we use our talents to power mission-critical systems that drive global economic advancement, innovation, and growth. As well, our employee-led spreads social good via our giving strategy.

Wellness - From empathetic leadership to a culture of flexibility and balance, we believe wellness at work creates the maximum yield and a stronger “we”. Plus, with a cloud-first and hybrid workstyle, as well as generous time-off and leaves, we support a life well lived!

Growth - From a growth mindset in our work, to expansion in our business, TMX is home to action-takers energized by the achievement of ambitious growth.

Ready to enrich your career with impactful work, leaders who truly care, and the flexibility and programs to help you thrive as part of #TeamTMX? Apply now.