Head of Security Grc

**Venture outside the ordinary - TMX Careers**

The TMX group of companies includes leading global exchanges such as the Toronto Stock Exchange, Montreal Exchange, and numerous innovative organizations enhancing capital markets. United as a global team, we’re connecting cross-functionally, traversing industries and geographies, moving opportunity into action, advancing global economic growth, and propelling progress. Through a rich exchange of ideas, meaningful collaboration, and a nimble operating model, we're powering some of the nation's most critical systems, fueling capital formation and innovation, bringing increased opportunity to business visionaries, product ingenuity to consumers, and career exploration to our team.

**Ready to be part of the action?**

Reporting to the Chief Information Security Officer, the Head, Security Regulatory Compliance is a senior position accountable to ensure that all TMX business units and legal entities meet their cyber security regulatory requirements and manage cyber risk in accordance with the TMX Information Security Policy.

Key Accountabilities

Works with business heads and the Boards to implement information security services and controls that manage their national and global business and compliance cyber risks

Advises and reports to heads of TMX Business Units, the Board and the TMX EORC on cyber security regulatory matters and implications of new regulations coming from provincial, federal or international forums (e.g. Bank of Canada’s Expectations for Cyber Resilience for Financial Markets Infrastructures)

Manages the relationship with key regulators such as Bank of Canada, OSFI, AMF, OSC, other provincial regulators, etc on topics of cyber resilience, and reports on behalf of TMX Business Units on specific compliance requirements

Represents TMX in international bodies such as The International Organization of Securities Commissions (IOSCO), The Committee on Payments and Market Infrastructures (CPMI), international working groups (IWG) set up to implement the Principles for Financial Markets Infrastructures (PFMI) developed under the auspices of the Bank for International Settlements, World Federation of Exchanges (WFE), Working Groups sponsored by IOSCO, etc

In partnership with business top management, establishes the information security strategy for the business/business partner area in line with their supervisory/regulatory obligations

Develops and leads the implementation of strategies to reduce the likelihood of regulatory impacts due to non-compliance with the financial institution’s information security policies and standards, including local procedures specific to the business area

Uses strategic relationships to influence at all levels of the organization

Acts as primary point of contact and top technical authority for new and upcoming cybersecurity and cyber resiliency regulatory and supervisory requests and, in consultation with business leaders, provides comments on new rules, rules interpretations and guidance

Works with business units heads to assess and plan for the financial impact and risk management requirements of new cyber-related regulatory requirements

Develops and maintains a comprehensive understanding of the applicable cyber laws and regulations as well as requirements and resulting controls that enable compliance

Develops the assessment program to review business areas compliance with cybersecurity regulatory obligations and report to the CISO, CIA and CRO.

Collaborates with the TMX Legal, Risk and Governance (LRG) department and the Enterprise Risk Management (ERM) department to ensure executive awareness of cyber security regulatory requirements, and to prepare and manage holistic cyber risk reports for the EORC and the Boards.

Act as primary point of contact within ITSS to respond to TMX clients inquiries about TMX security posture, or TMX response to widely advertised security vulnerabilities that are of concern for TMX clients.

Skills and Experience

Minimum 20 years of IT experience, of which minimum 10 years are in information security in the financial industry

Demonstrated extensive knowledge of information security best practices and a specialized understanding of the business areas control and information security environment

Knowledge of the Canadian cybersecurity and FMI regulations is a must

Knowledge of the US and global cybersecurity and cyber resilience regulations

Superior written and oral communication skill to be able to describe technical concepts to both technical and non-technical audiences that include heads of business units, board members, internal and external auditors, provincial and federal regulators

Ability to work with multiple teams to achieve common goals and meet deadlines in a fast-paced environment

Can work independently with limited supervision and direction

Nice to Have Skills

Knowledge of the Canadian Financial Markets

**In the market for**

**Excitement**:

- Explore e