Provide security expertise and direction to the project on security architecture and design, software development, operationalization, maintenance, governance, and risk management.
On an ongoing basis:
Provide training to application development teams in the areas of secure application architecting, secure coding practices, and use of static and dynamic security application code review tools.
Support development teams in interpreting findings obtained from the reviews done using security application code review tools and developing issues remediation solutions.
Working together with technology and business specialists, determine business impacts and security risks assessments for the findings of application and code security reviews and provide recommendations for prioritizing remediation activities.
Support new projects in formulating security requirements, both functional and non-functional.
Provide recommendations on appropriate security technology and controls for new projects, based on best industry practices and TMX security standards.
Develop security architectural solutions for financial systems.
Contribute to portfolio design initiatives by implementation and adoption of security related infrastructure/technology associated with networks, internet, messaging, operating systems, firewalls, VPNs, intrusion detection, cryptography, Wi-Fi, cloud and mobile solutions.
Represent Information Security in multiple concurrent projects.
Conduct security threat risk assessments of technology systems, applications, and organizational units.
Identify the risks resulting from the lack of compliance with internal controls and the risks related to TMX’s assets, while ensuring that adequate controls are maintained.
Work collaboratively with TMX business and technology teams to identify solutions and actions needed as a result of security and risk assessment issues.
Interface with technology and business-services vendors, to ensure that TMX acquires products and services that adequately protect confidentiality, integrity and availability of TMX informational assets.
Minimum two years of application development, three years information security architecture application design, and two years of security application and code review experience.
Working knowledge and experience with at least one of the security code review tools.
Undergraduate degree in Computer Science or Engineering.
CISSP designation (CISSP-ISSAP).
Knowledge of leading security standards, with a focus on NIST Cybersecurity Framework, ISO27001, ISO27002.
Knowledge of agile and waterfall application development methodologies.
Working knowledge of security threat risk assessment methodologies and frameworks.
Knowledge and previous experience in application and information security architecture of clearing, depository, financial risk, and trading systems.
Excellent communication skills and ability to communicate complex technology concepts and information security risks to nontechnical business system owners.
Ability to derive information security requirements and design information security architectural solutions based on understanding of business requirements and proposed technology solutions.
Proven record of providing information security guidance to the development teams and businesses.
Strong analytical and research skills combined with ability to translate theoretical knowledge into practical solutions to the security problems.
Ability to work with technical and non-technical TMX teams to achieve goals and meet deadlines in a fast-paced environment.
Superior written and oral communication is required to describe technical concepts to both technical and non-technical audiences that may include staff from: project teams, project managers, engineering, architecture, IT operations, security, finance, third party vendors and others.
Strong business and technical acumen.
Ability to work with teams to achieve common goals and meet deadlines in a fast-paced environment.
Work well under pressure and time constraints and can prioritize competing priorities appropriately.
Can work independently with limited supervision and direction.
Experience in the following areas:
Financial applications and systems architectures in both on premise and cloud environments.
Financial systems and applications security architecture, design, and review.
Security of service oriented and microservices architectures.
IT infrastructure and network security.
Secure application coding practices.
Static and dynamic security code reviews.
Security system testing and penetration testing.
Cryptographic techniques and tools.
Single-sign-on and Identity & Access Management techniques and tools.
Ability to determine the business impact of technology security vulnerabilities and to communicate it to business and non-technical staff.
Year One Success Factors:
Prepare and conduct training for application development teams in two TMX business units: CDS and CDCC. The training will cover the areas of secure application architecting, secure coding practices, and use of security application code review tools.
Establish close cooperative relationships with the development teams and on an ongoing basis, train them to interpret findings obtained from the reviews done using security application code review tools and developing issues remediation solutions.
Establish close cooperative relationships with the development teams technology and business specialists and support them in determining business impacts and security risks assessments for the findings of application and code security reviews and provide recommendations for prioritizing remediation activities.
Please note: Organizational as well as both oral and writing skills are mandatory.
However, this is a highly technical position, not management nor policies writing.
TMX is committed to creating and sustaining a collegial work environment in which all individuals are treated with dignity and respect and one which reflects the diversity of the community in which we operate. We provide accommodations for applicants and employees who require it.