Job Specifications
Venture outside the ordinary - TMX Careers
The TMX group of companies includes leading global exchanges such as the Toronto Stock Exchange, Montreal Exchange, and numerous innovative organizations enhancing capital markets. United as a global team, we’re connecting cross-functionally, traversing industries and geographies, moving opportunity into action, advancing global economic growth, and propelling progress. Through a rich exchange of ideas, meaningful collaboration, and a nimble operating model, we're powering some of the nation's most critical systems, fueling capital formation and innovation, bringing increased opportunity to business visionaries, product ingenuity to consumers, and career exploration to our team.
Ready to be part of the action?
Reporting to the Chief Information Security Officer, the Head, Security Regulatory Compliance is a senior position accountable to ensure that all TMX business units and legal entities meet their cyber security regulatory requirements and manage cyber risk in accordance with the TMX Information Security Policy.
Key Accountabilities
Works with business heads and the Boards to implement information security services and controls that manage their national and global business and compliance cyber risks
Advises and reports to heads of TMX Business Units, the Board and the TMX EORC on cyber security regulatory matters and implications of new regulations coming from provincial, federal or international forums (e.g. Bank of Canada’s Expectations for Cyber Resilience for Financial Markets Infrastructures)
Manages the relationship with key regulators such as Bank of Canada, OSFI, AMF, OSC, other provincial regulators, etc on topics of cyber resilience, and reports on behalf of TMX Business Units on specific compliance requirements
Represents TMX in international bodies such as The International Organization of Securities Commissions (IOSCO), The Committee on Payments and Market Infrastructures (CPMI), international working groups (IWG) set up to implement the Principles for Financial Markets Infrastructures (PFMI) developed under the auspices of the Bank for International Settlements, World Federation of Exchanges (WFE), Working Groups sponsored by IOSCO, etc
In partnership with business top management, establishes the information security strategy for the business/business partner area in line with their supervisory/regulatory obligations
Develops and leads the implementation of strategies to reduce the likelihood of regulatory impacts due to non-compliance with the financial institution’s information security policies and standards, including local procedures specific to the business area
Uses strategic relationships to influence at all levels of the organization
Acts as primary point of contact and top technical authority for new and upcoming cybersecurity and cyber resiliency regulatory and supervisory requests and, in consultation with business leaders, provides comments on new rules, rules interpretations and guidance
Works with business units heads to assess and plan for the financial impact and risk management requirements of new cyber-related regulatory requirements
Develops and maintains a comprehensive understanding of the applicable cyber laws and regulations as well as requirements and resulting controls that enable compliance
Develops the assessment program to review business areas compliance with cybersecurity regulatory obligations and report to the CISO, CIA and CRO.
Collaborates with the TMX Legal, Risk and Governance (LRG) department and the Enterprise Risk Management (ERM) department to ensure executive awareness of cyber security regulatory requirements, and to prepare and manage holistic cyber risk reports for the EORC and the Boards.
Act as primary point of contact within ITSS to respond to TMX clients inquiries about TMX security posture, or TMX response to widely advertised security vulnerabilities that are of concern for TMX clients.
Skills And Experience
Minimum 20 years of IT experience, of which minimum 10 years are in information security in the financial industry
Demonstrated extensive knowledge of information security best practices and a specialized understanding of the business areas control and information security environment
Knowledge of the Canadian cybersecurity and FMI regulations is a must
Knowledge of the US and global cybersecurity and cyber resilience regulations
Superior written and oral communication skill to be able to describe technical concepts to both technical and non-technical audiences that include heads of business units, board members, internal and external auditors, provincial and federal regulators
Ability to work with multiple teams to achieve common goals and meet deadlines in a fast-paced environment
Can work independently with limited supervision and direction
Nice to Have Skills
Knowledge of the Canadian Financial Markets
In the market for…
Excitement - Explore emerging technology and innovation,
About the Company
At TMX Group, we build world-class markets to enable businesses and investors to succeed and help communities thrive. Powered by our people, TMX has the means to bring inspired ideas to life, and to unlock human potential. We believe better markets serve as a propulsive engine, creating opportunities for bold and ambitious ideas to create a brighter future.
With offices in some of the world's most multicultural cities, we proudly celebrate diversity, learn from one another, and cultivate true belonging in a Hybrid-First wor...
Know more