The Information Security Office (ISO) at TMX is responsible for researching, deploying and maintaining Security Technologies that support the defense in depth methodology in accordance with TMX regulations and policy.
This includes cloud and on premises deployments and tie ins to threat intelligence and audit reporting capabilities.
Reporting to the Manager of Security Operations, the Senior Security Analyst is responsible for the design, planning, testing, implementation, and administration of industry-wide accepted Information Security principles, practices, and information systems to ensure the protection of information assets processed, stored, or transmitted on premise and in the TMX Group cloud instances.
The successful candidate will also evaluate the effectiveness of Information Security solutions and processes in place, monitor for and identify security risks and exposures, determine the causes of security violations, assess, and implement procedures to prevent future incidents.
The Senior Security Analyst will also be required to understand and provide assistance to system users relative to information systems and security matters.
Job Responsibilities :
Lead the implementation, configuration, and daily operation of Information Security technologies that are implemented in TMX Group cloud environments and on premise
Manage and support Security technology across different business units for TMX Group Limited
Monitor and advise on Information Security compliance related to IT to ensure Security controls are functioning appropriately
Support the ongoing Security control processes within the enterprise which includes security technologies, networks, information systems, and endpoints both on premise and in the cloud
Influences internal partners to ensure they build solutions consistent with the organization's planned policies, programs, architectural recommendations, and Information Security standards
Manage requirements documentation, analyzes opinions, and proposes solutions that leverage resources for highly complex projects
Assist in the design and implementation of resilient Information Security architecture and technologies for optimal threat protection, monitoring and Incident Response
Analyzes threat and vulnerability feeds and analyzes data for applicability to TMX’s environment including the identification and resolution of false positive findings in assessment results, as well as perform compensating controls analysis and validate efficacy of existing controls
Understanding of threat models, impact levels, and the different approaches and methodologies i.e. black / grey / white box testing
Develop innovative and secure solutions and provide guidance for TMX Group Limited stakeholders
Work with Security and IT stakeholders to implement a risk management program that allows for the identification and remediation of Information Security risks
Advise the organization about Information Security threats, technologies and related regulatory requirements
Develop and implement Information Security metrics, measurement criteria and reporting to ensure compliance and continuous improvement for cloud tools and environments
Assesses information technology control elements to mitigate IT risks regarding the confidentiality, integrity and availability of business information
Preferred Qualifications :
5+ years Security System administration and engineering experience
2+ years of SOC experience, or responding to cyber security investigations
2+ years’ experience with SIEM, DLP, and CASB
CCSP, CCSK, CISSP, CISM, ISO 27001 / 27002 certifications as asset
2+ years’ experience with Amazon Web Services (AWS) platform capabilities and best practices architectures, Google Compute Platform (GCP) an asset
Experience with Splunk, Tripwire, HX, Qradar, McAfee, F5, Imperva, Nexpose, Fortinet or similar technologies
Virtualization and cloud platforms : VMware, Xenserver and KVM, OpenStack, Cloudstack, AWS, GCP
Linux and / or Windows administration and troubleshooting experience
Programming / scripting experience, preferably with a diversity of languages
Well versed in internet architectures, including web, application, and database components such as Apache, IIS, memcache, MySQL, SQL Server, etc.
Experience utilizing or implementing the MITRE ATT&CK framework.
Experience with UEBA and other Security Analytics Platforms.
General Networking skills required (Layer 2 & 3 switches, OSI Model, TCP / IP, SNMP, etc.)
Strong interpersonal communication skills and the ability to communicate with customers, vendors and partners, and across all levels of the organization
Ability to interact, develop, engineer and communicate at the highest technical levels of organizational decision-making
Excellent oral and written communications for the development of the security program, strategy, guidelines, policies, standards and for presentations to technical and non-technical audiences at all levels of the organization
Ability to build and work with multi-disciplinary teams to achieve goals and to meet deadlines in a fast-paced environment
Works well under pressure and time constraints and can prioritize competing priorities appropriately
Strong business and technical acumen
TMX is committed to creating and sustaining a collegial work environment in which all individuals are treated with dignity and respect and one which reflects the diversity of the community in which we operate.
We provide accommodations for applicants and employees who require it.