Chief Information Security Officer

Venture outside the ordinary - TMX Careers The TMX group of companies includes leading global exchanges such as the Toronto Stock Exchange, Montreal Exchange, and numerous innovative organizations enhancing capital markets. United as a global team, we're connecting cross-functionally, traversing industries and geographies, moving opportunity into action, advancing global economic growth, and propelling progress. Through a rich exchange of ideas, meaningful collaboration, and a nimble operating model, we're powering some of the nation's most critical systems, fueling capital formation and innovation, bringing increased opportunity to business visionaries, product ingenuity to consumers, and career exploration to our team. Ready to be part of the action? The Chief Information Security Officer (CISO) is a key senior leadership position reporting to the Chief Information Officer (CIO) for TMX Group. The CISO is responsible for defining and executing TMX's global information security strategy. The role involves defining and implementing security policies, procedures, and programs to protect TMX's digital assets across all business units and all geographic locations. The CISO leads the efforts in identifying, assessing, and mitigating information security risks to ensure information confidentiality, integrity, and availability. **Key Accountabilities**: Leadership Lead, coach, and mentor a global, high performing IT Enterprise Security team which includes identity access management, security architecture, security tools and monitoring, and security governance, risk and compliance. Responsible for TMX Executive and Board-level communication on TMX IT security posture and the TMX Technology security roadmap to the TMX Board and business unit sub-boards. Advise, counsel, and educate executive and management teams on the relative importance and financial impact(s) of information security for their business unit. Engage with regulatory bodies (i.e., Bank of Canada, etc.) for matters pertaining to cyber security. Represent TMX Group on global industry committees that discuss, debate and share information and intelligence about global security, cyber terrorism, and cyber threats. Provide leadership and oversight to our vulnerability management program and security and risk mitigation strategies. Remain informed on trends and issues in the security industry, including current and emerging technologies. Security Strategy Establish and maintain a TMX IT Security framework that ensures a comprehensive, requirements-driven approach to IT security planning, administration, operations, measurement and communication. Implement a TMX enterprise security architecture that improves security and operational synergies while respecting unique line-of-business objectives and disparate regulatory requirements. Lead the creation of "what-if" incident occurrences and the associated impact statements for TMX Group. Lead strategic security planning to achieve business goals by prioritizing defense initiatives and coordinating the risk mitigation, evaluation, deployment, and management of current and future security technologies. Develop, track, and control the security services annual operating and capital budgets for purchasing, staffing, and operations. Governance, Audit & Compliance Ensure compliance with relevant laws, regulations, and industry standards across all TMX locations. This position leads TMX's response to security incidents and data breaches, working to minimize impact and prevent future occurrences. Responsible for the development and implementation of policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of TMX's cybersecurity activities, including evaluating the effectiveness of the organization's cybersecurity safeguards to ensure intended levels of protection. Develop, implement, maintain, and oversee enforcement of policies, procedures, and associated strategic plans for system security and identity management on industry-standard best practices. Promote security awareness and training across the organization, ensuring all employees understand their roles in maintaining security and protecting sensitive information. **Qualifications**: Requires a minimum 15 years progressive information technology management experience, managing technology, relationships, people, budgets, risks and projects in an information technology environment. A University graduate, with a Bachelor's Degree in Computer Science, Engineering and/or Business Administration. A Master's degree in Computer Science, Engineering or Business is an asset. Ability to assess emerging security standards and regulations development. Ability to align security objectives and with overall company and business. strategies. Strong negotiating, communication and presentation skills. Ability to present ideas in business-friendly and user-friendly language. Consistent track record of leading and developing high performin