Senior Information Security Architect

TMX Group is at the heart of the Capital Markets industry in Canada. TMX Group owns and operates the Toronto Stock Exchange, TSX Venture Exchange, TSX Alpha Exchange, Montreal Exchange, & Natural Gas Exchange (NGX) / AgriClear (tech start-up), in addition to the Canadian Depository for Securities & Canadian Derivatives Clearing Corporation. We also operate globally diverse lines of businesses in Issuer Support (TSX Trust), Data Delivery & Analytics (TMX Datalinx and TMX Insights), Risk Management Software (Razor Risk), Low-Latency Infrastructure (TMX Atrium), and Fixed-Income/Energy Brokerages & TSX Private Markets (Shorcan). We have offices in Toronto, Montreal, Calgary, Vancouver, London, New York, Houston, Sydney & Beijing.

Global Enterprise Services (GES) is one of the foundational divisions of TMX organization that empowers internal TMX business lines for their technology needs, operations and digital innovation. GES as a client centric organization focuses on building technology capabilities, enabling our clients with the best technology solutions and providing effective technology financial and resource management processes. The cost effective operation is a key attribute of the GES execution. GES is responsible for delivery of all technology initiatives and services across TMX.

Department Overview:
Information Security Office is responsible for managing security-related risks across all TMX business units, to enable the achievement of corporate objectives, to comply with laws and regulations, and limit potential harm from security threats.

Role Summary:
The Sr. Security Architect works with project teams to provide security solutions from project inception to project transfer from development to production, including security architecture, security controls and security services needed for the respective projects.

Key Accountabilities:

Be a key contributor to defining enterprise security architecture utilizing a service (SOA) approach to common security services, with a focus on cloud based solutions.

• Provide security expertise and direction to new projects and initiatives on security requirements, architecture and design, software development, maintenance, governance, and security risk management.
• Responsible for developing technical standards, processes and procedures, within a technology or process domain by designing, integrating, and modifying TMX’ management, measurement, and reporting tools for successful implementation of the Information Security Program at TMX.
• Influences internal partners to ensure they build solutions consistent with the organization's policies, programs, architectural recommendations, and information security standards.
• Contributes to portfolio design initiatives by implementation and adoption of security related infrastructure/technology associated with networks, internet, messaging, operating systems, firewalls, VPNs, intrusion detection, cryptography, Wi-Fi, cloud and mobile solutions.
• Provides recommendations on appropriate security technology, vendors and products in support of new projects, based on TMX security policy and standards.
• Represents Information Security in multiple concurrent projects.
• Conducts Threat and Risk Assessments (TRAs) for different business units or projects.
• Works collaboratively with internal teams to identify solutions and actions needed as a result of security and risk assessment issues.
• Interfaces with technology and business-services vendors, to ensure that TMX acquires products and services that protect the confidentiality, integrity and availability of TMX informational assets.

Must Have Skills:

Must Have(s):
• 8-10 years of IT experience, of which minimum 5 years are in Information Security Architecture.
• Undergraduate degree in Computer Science or Engineering required. Graduate degree, preferred.
• Knowledge in Security Architecture, including: securing service oriented architecture (SOA); cloud security; mobile devices and applications’ security; network security; application security; Internet and Intranets; network infrastructure; web services; identity and access management, CASB, Vulnerability Assessments; SIEM; security incident management.
• Previous hands-on experience with multiple security domains.
• Understanding of security risk management methodologies and frameworks.
• Strong analytical and research skills.
• Solid oral and written communications.
• CISSP designation (or commitment to achive the registration within 12 month) is a must


Nice to Have(s):
• Preference will be given to people with experience in AWS, Azure and Google cloud security.
• Knowledge of NIST, and ISO 27000-series standards and best practices are an asset.
• CISA, CISM, ISO 27001 Lead Auditor, SABSA or similar certification is an asset.

Skills:

• Infrastructure architecture
• Intrusion Tools