Senior Manager of Information Security
The TMX Finance® Family of Companies is looking for a Senior Manager of Information Security to join our team and oversee our Information Security Compliance program. As a Senior Manager of Information Security, you will help mature our Information Security Compliance Program and supporting activities related to development and maintenance of policies, standards, procedures, and controls. You will collaborate with the broader security team and other departments within TMX to advance program maturity, assess security risks, and communicate/facilitate remediation of those risks.
Essential Functions & Responsibilities
Oversee all Governance, Risk and Compliance for the IT department.
Determine, develop, maintain, and publish corporate-level information security policies, standards, procedures, and guidelines, including incident response and compliance reporting procedures for general IT controls and SOX.
The identification, testing, maintenance, compliance reporting and management assertion of general IT controls.
Providing organizational guidance, leadership and promoting general awareness and training of security policies and program.
Promoting adherence to NIST and other generally accepted IT security and control practices throughout the IT landscape.
Supervise all investigations relating to security threats, legal discovery, and violation of security policies and provide on-going communication with senior management.
Engage in penetration studies, threat analysis, vulnerability assessments, and security audit activities to ensure IT controls and security are effective.
Develop and conduct regular security awareness training for all employees to ensure consistently high levels of compliance with enterprise security policies.
Maintain close working relationships with Internal/External Auditors on Interim, Annual, Intellectual Property, SOX & regulatory engagements.
Assist peer managers in understanding security and control deficiencies and responding to internal and external audit reports.
Verify relevant third-party attestations to validate the necessary safeguards are in place to protect our information assets under their care Ensure that any remedial actions required by external parties are addressed, Conduct security reviews of potential third-party providers / acquisition targets
Perform periodic information privacy risk assessments and conduct related ongoing compliance monitoring activities in coordination with the entity's other compliance and operational assessment functions.
- Bachelor's degree in Computer Science, Information Systems, Engineering, Business, or other related scientific or technical discipline is required. Four (4) years of experience in IA/Information Security will be an acceptable substitute for a bachelor's degree
- Minimum 5+ years in Information Security, Governance, Risk and Compliance
- Minimum 5+ years of IT and Cyber Security experience
- Regulatory compliance, including information security management frameworks (e.g., NIST CSF, ISO2700x, SANS Top 20 Critical Security Controls, SOX, COBIT)
- Experience actively governing risks and threats
- Experience conducting Risk Assessments and facilitating executive level risk discussions
- Physical demands for this position frequently include: the ability to remain in a stationary position, move about freely inside and occasionally outside of the office, and the operation of mechanical controls, such as a keyboard.
- Experience in developing and implementing information security practices in a retail financial, or a highly decentralized corporate environment
- Information Security certifications: CISSP, CISM and CIPP
- IT Security experience in a large multi-site retail/financial retail environment.
- IT Security experience in large multi-vendor Cloud (AWS, Azure, Oracle) environments.
- Bachelor's degree in computer science or related field
Learn More About Us
The Senior Manager of Information Security is part of the Information Services team, who works to design and drive the innovation that keeps us competitive. The IT team members are the first responders to global initiatives creating cutting-edge solutions that enhance and differentiate our customers' experiences, and the Service Desk provides a single point of contact to help meet our team members' technology needs. To learn more, visit https://www.tmxfinancefamily.com/careers/top-talent/information-technology.
Check out what's happening in our Company at https://www.tmxfinancefamily.com/tmx-talks.
The information contained herein is not intended to be an all-inclusive list of the duties and responsibilities of the job, nor is it intended to be an all-inclusive list of the skills and abilities required to do the job. The Company may, at its discretion, revise the job description at any time, and additional functions and requirements may be assigned by supervisors as deemed appropriate. Requirements, skills and abilities included have been determined to illustrate the minimal standards required to successfully perform the position.
All TMX Finance® Family of Companies Are Equal Opportunity Employers.