Career Opportunities | Career Profile | Career Alert | Help 

Director, Information Security Operations and Programs

 
 
 
 
 





The Director, Information Security Operations and Programs is a senior leadership role accountable for the design, implementation and operation of the Security Operations Center (SOC), an organizational structure with the mandate of providing day-to-day security services to all member organizations of TMX Group Ltd. (TMX), globally. The purpose of the role is to ensure that all informational assets of TMX Group Ltd. (TMX) are protected against security threats in accordance with Tier 1 corporate policies and regulatory requirements.

Reporting to the VP Information Security and Chief Information Security Officer (CISO), the Director provides strategic leadership, direct and indirect management to staff, guidance and security operations oversight to TMX Business Units, technology vendors and clients. The Director ensures that Information Security policies, practices and controls are consistently implemented and effective across all organizations and departments involved in the corporate business value chain for the planning and delivery of TMX business products and services.

The Director’s role has both strategic planning and tactical accountabilities. The strategic outlook has a two to five year time horizon, and is focused on planning and delivering significant enterprise-level programs that provide qualitative and quantitative uplift to the security posture of TMX, as guided by corporate strategies and business objectives, and produces deliverables that are included in the strategic business plans of the TMX member organizations.

The tactical and operational accountabilities have shorter time-horizons and are focused on providing Business-As-Usual (BAU) security services to all TMX businesses, in support of their risk management and regulatory compliance objectives. The Director, has responsibility for ensuring that both the short- and the long-range operation of the department is effective and efficient.

The Director has several direct and indirect reports, and is responsible for the ongoing recruitment, performance evaluation, coaching, development and mentoring, for a team of highly specialized security professionals.

Key Accountabilities:

• Accountable for the functional design, implementation and oversight of the Security Operations Center (SOC) in support of corporate risk management policies and regulatory requirements.
• Establishes effective relationships and processes with all IT and business areas of TMX, and establishes clear roles and responsibilities for information security practices and controls.
• Provide oversight to the delivery of all enterprise operational security services, including the collection of cyber threat intelligence, security vulnerability management, perpetual scanning (VA), logging and monitoring, Security Information and Event Management (SIEM), event correlation, operational metrics and reporting, cryptographic services, management of remote access and tokens, security audits and remediation, access control, and specialized security services, as needed, to TMX organizations.
• Develop operational processes and procedures that demonstrate high quality and cost effectiveness in the delivery of security services.
• Develop and tracks Board-level security metrics under the direction of the CISO, communicating the security posture of individual TMX businesses, status of regulatory compliance with regard to data protection and cyber-security readiness, and opportunities to strengthen the security posture.
• Maintain current knowledge of security solutions, anticipate and plan for product end-of-life and replacement.
• Responsible for preparing and managing annual operating and project budgets ensuring uninterrupted delivery of security services.
• Develop, in partnership with multiple IT and security, a technology roadmap that meets the evolving data protection needs of TMX and integrates in future investment plans of the enterprise.
• Lead major security initiatives that protect TMX business units from security threats, and ensure continuous improvement of the TMX security posture. This includes strategy formulation, identification of business and resource requirements, investment planning, program management, executive buy-in, and deployment oversight.
• Elicit feedback from clients on products and services in order to monitor and improve service quality levels and to maintain security risks within the approved risk appetite of the corporation.
• Interact effectively and persuasively with key stakeholders, both internally and externally as part of the larger financial industry and critical infrastructure of Canada.

Must Have Skills:

CRITICAL SKILLS

• Strong project management, problem solving and analytical abilities.
• Exceptional and proven leadership capabilities – communication, influence, negotiation, conflict resolution, people management, relationship management (internally/externally), and multitasking.
• Advanced level of critical thinking and sound judgement.
• Strong strategic enterprise wide vision and planning skills.
• Proven ability to successfully partner and consult with stakeholders to identify business challenges and to develop effective strategies and alternatives to mitigate them.
• Ability to effectively lead change management initiatives.
• Strong conceptual skills; ability to deal with ambiguity; creativity; lateral thinker.
• Strong service management and service delivery orientation.
• Possesses expert written, oral, and interpersonal communication skills.
• Ability to present complex information in a manner suitable for technical and non-technical audiences.
• Highly self-motivated, self-directed, and attentive to detail.
• Ability to prioritize and execute tasks in a high-pressure environment.
• Strong team orientation and building skills, and ability to foster a collaborative environment.
• Accountable for the design, implementation and oversight of the corporate Information Security Program, as required by corporate policies and regulatory requirements.

COMPETENCIES

Corporate Values


Demonstrates that one’s business and professional behaviors are guided by principles, values and ethics. Works in a way that is recognizably governed by corporate values and corporate Code of Conduct.
Articulates what is right and wrong at work and demonstrates values-driven behavior.

• Customer Focus – Our customers provide the revenue that pays for the operation of the company. Understanding and meeting our customers’ needs and expectations drives everything we do.

• Partnership – Our partners are our employees, our customers, our vendors and other stakeholders. We seek out those who will be strong partners. We believe strong partnerships help us achieve our goals and objectives. As a team, we are TMX’s strength.

• Integrity
• Personal integrity means acting with respect, being accountable and trustworthy
• Professional integrity means our systems and services are reliable, secure and complete
• Corporate integrity means TMX is trusted, efficient and transparent.

• Continuous Improvement – We value continuous improvement, innovative solutions and adaptability to change.

Business Competencies

Proficiency Level
• Strategic Planning 5
• Communication 5
• Decision Making 5
• Delegation 4
• Negotiation 4
• Managing Change 4
• Organizational Awareness 4
• Diversity 3
• Coaching 4
• Financial Management 4
• Understanding the Business 3
• Business Acumen 4
• Strategic Thinking 5
• Leadership 4
• Customer Relations 3
• Responsibility Driven 4
• Creative Thinking 4
• Inspiring 4
• Quality Management 4
• Conflict Management 3
• Career Planning 3
• Performance Management 4
• Problem Solving 4
• Initiative 4
• Facilitating Meetings 3

Technical Competencies

Proficiency Level
• Optimizing 3
• Security Operations Best Practices 4
• Process Improvement 3
• IT Procurement/Asset Management 3
• Product Knowledge 3
• Security Information and Application Protection 5
• IT Security Policy Standards 5
• IT Security Monitoring Techniques 5
• Security Incident Management 5
• Security Threat & Risk Assessments (TRA) 5
• IT Security Resource Management 5

Education and Experience

• A University graduate, with a Bachelor's Degree in Computer Science, Information Systems, Business Administration, Engineering or other related field
• Minimum 15 years of IT experience, with at least 10 years in a senior management capacity
• A Certified Information Systems Security Professional (CISSP) designation or equivalent.

Skills:

  • Intrusion Tools





* Add to favourites