Career Opportunities | Career Profile | Career Alert | Help 

Director, Information Security Identity and Access Management

 
 
 
 
 





Global Enterprise Services (GES) is one of the foundational divisions of TMX organization that empowers internal TMX business lines for their technology needs, operations and digital innovation. GES as a client centric organization focuses on building technology capabilities, enabling our clients with the best technology solutions and providing effective technology financial and resource management processes. The cost effective operation is a key attribute of the GES execution. GES is responsible for delivery of all technology initiatives and services across TMX.

The Director of Identity and Access Management (IAM) is a senior leadership role accountable for the governance, design, development, implementation, and day-to-day operation of the Identity and Access Management across all member organizations of the TMG Group Ltd. (TMX). The purpose of the role is to ensure that all access to informational assets of TMX are effectively and efficiently managed in accordance with corporate policies and regulatory requirements.

Reporting to the VP Information Security and Chief Information Security Officer, the Director provides both strategic and operational leadership, direct and indirect management to staff, guidance and oversight to clients and vendors, to ensure that access management practices and controls are consistently implemented and effective across all TMX member organizations and departments involved in planning and delivering TMX business products and services.

The role has a strategic planning accountability as well as a tactical and operational accountability. The strategic outlook has a three to five year horizon as guided by corporate strategies and business objectives, and produces deliverables that are included in the strategic business plans of the TMX member organizations.

The tactical and operational accountabilities have shorter time-horizons and are focused on providing Business As Usual (BAU) access management services to all TMX companies, in support of their risk management and regulatory compliance objectives. The Director, has responsibility for ensuring that both the short- and the long-range operation of the department is effective and efficient.

The Director manages two or three direct reports at Manager or Sr. Manager-level, and several indirect reports, including recruitment, performance reviews, development, coaching and mentoring, for a team of highly specialized security professionals.

Key Accountabilities:

Strategy and Operation:
• Accountable for the design, implementation and oversight for the Identity and Access Management (IAM), as required by corporate policies and regulatory requirements.
• Establishes appropriate relationships and interface processes with all relevant IT and business areas of TMX, and establishes clear roles and responsibilities for IAM practices and controls.
• Represents the IAM program in internal and external interactions with representatives from diverse constituencies, such as project teams, market participants/customers, regulators, public/private sector security specialists, auditors, and law enforcement.
• Responsible to establish and maintain a TMX Identity and Access Management Framework that ensures a comprehensive, requirements-driven approach to IAM planning, implementation, administration, operations, measurement and communication.
• Establishes and applies Security Technology Standards required for the delivery of services which demonstrate quality and cost effectiveness, within the risk management framework of TMX.
• Contributes to the TMX ability to provide value-added services to its customers through effective and efficient Identity and Access Management services and technologies for both internal and external users of TMX business services.
• Ensures that access management requirements and deliverables are documented and integrated across project management life cycle, from early strategic planning to ongoing production operations.
• Takes the lead on managing the technical side of any access control incidents, and partners with other major departments, such as Legal, HR, IT Operations, etc., to help correct the issues and minimize the impact on the TMX business.
• Provides input for project and operating budgets for services under his areas of responsibility, and manages department budget.
• Participates in the effective governance of IT at TMX through involvement in steering committees, policy development and the development/execution of IT risk reduction strategies.

Team Leadership:
• Delegates appropriate responsibilities and commensurate authority to subordinates while retaining overall accountability for results.
• Directs and approves the recruitment, training, development and retention of managers and technical specialists in order to establish and maintain qualified staff, and to ensure the continuity and reliability of the organization's products and services.
• Communicates with staff and executives on objectives, priorities, performance targets and standards, plans, unit accomplishments, and budget reports on a regular basis.
• Provides motivation, coaching, training and developmental opportunities to ensure employees are capable of performing at or above the necessary professional standards. This includes providing expert counsel to staff for the resolution of difficult or complex issues.
• Accountable for performance management, promotions and salary reviews of all subordinates and ensures that all HR processes are conducted fairly, effectively and professionally.
• Communicates formal and informal performance feedback on a regular basis, to ensure performance is managed fairly and effectively.

Must Have Skills:

Technology and Information Security Experience:
• University undergraduate degree in Computer Science or Engineering, or emphasis in technology or related field. Master degree is preferred.
• 15+ years of broad information technology experience, of which minimum 10 years should be in information security.
• Demonstrated proficiency in developing information security programs, governance and security risk management and operational practices.
• 7+ years in people management and/or program leadership experience.
• Understand and assess the impact of changes in the areas of business strategy, organizational design, and technologies; and how they relate to potential threats and risks to the TMX Group’s ability to meet its objectives.
• Familiarity with traditional and advanced methodologies or techniques for assessing risks and threats to informational assets, and ability to apply them in the context of TMX business.
• Function as an integral part of the senior management team with regard to strategic planning, capital expenditures and operational budget management.
• Proven track record as a team player and business partner.
• Proven record in developing others.
• Familiarity with leading international security standards, such as; ISO27001/ ISO27002, or NIST 800, or ISF, etc.
• CISSP certification is a must.
• CISA, CISM, ISO 27001, or similar certification is an asset.



Expertise in 2 or more IAM knowledge areas:
• Demonstrate extensive knowledge across a broad range of identity and access management technologies, including IAM vendor products and services.
• Must have hands-on experience developing and deploying large-scale enterprise Identity & Access Management solutions.
• Identity Management (Provisioning, Enrolment)
• Access Management – Authentication, Authorization, Role Based Access Control (RBAC)
• Identity Governance – Attestation, Re-certification
• Identity Federation, Single Sign-On (Desktop SSO, Web SSO, eSSO)
• Privileged Access/User Management (PAM/PUM)
• Directory Services (Meta-Directory, Virtual Directory, Unified Directory, Active Directory)
• Security and IAM management for cloud based solutions, including IaaS, PaaS, SaaS and IDaaS.
• Social Login
• Identity Analytics
• Identity Trust Frameworks
• Expertise in two or more of the following IAM Technologies: LDAP, SAML, OAuth, OpenID Connect (OIDC), XAML, NAPPS, WS-Fed, FIDO, UMA, SCIM, IWA, etc.
Solution Architecture experience
• Exposure to ArchiMate/UML/TOGAF
• Knowledge of security-by-design and privacy-by-design concepts
Project management experience
• Understanding of PMLC and SDLC
• Basics of scope/budget/schedule management



• SOFT SKILLS

• Solid oral and written communications are required for the development of the security program, strategy, guidelines, policies, standards and presentations of prescribed directives.
• Extensive written and oral communication skills are required to describe and clarify technical concepts to both technical and business audiences such as: project team members, IT solution designers and architects, security specialists, developers, data-center and network operations, finance, business-line leaders, auditors, technology vendors TMX clients and others.
• Strong business and technical acumen.
• Understand how to network and develop working relationships with various key line positions throughout the TMX Group.
• Strong negotiation and persuasion skills.
• Ability to work with teams to achieve goals and meet deadlines in a fast-paced environment.
• Works well under pressure and time constraints and can prioritize competing priorities appropriately.
• Can work independently with minimal supervision and direction.


TMX is committed to creating and sustaining a collegial work environment in which all individuals are treated with dignity and respect and one which reflects the diversity of the community in which we operate. We provide accommodation for applicants and employees who require it.

Skills:

  • CISA
  • Intrusion Tools





* Add to favourites