Why join the CanDeal Team? CanDeal Group is a leading provider of electronic marketplaces and data services for Canadian dollar fixed income securities and derivatives. CanDeals Markets Division, provides access to a deep pool of liquidity for Canadian government, agency, provincial and corporate bonds, as well as money market instruments and interest rate swaps. CanDeal Data & Analytics (DNA) delivers data and analytics products and other services that support business, trading and technology needs for participants in the Canadian capital markets. CanDeal Group is a growing and entrepreneurial organization with a solid foundation in the Canadian fixed income markets and an ownership group which includes: BMO Nesbitt Burns Inc., CIBC World Markets Inc., National Bank Financial Inc., RBC Dominion Securities Inc., Scotia Capital Inc., TD Securities Inc. and TMX Group.This is an exciting time to join a growing organization led by visionary leaders who are helping to shape their industrys future. JOB PURPOSEThe Chief Information Security Officer (CISO) provides the leadership and strategy necessary to ensure the confidentiality, integrity, and availability of CanDeals IT assets and electronic information by communicating and mitigating risks to senior management, developing and maintaining enforceable policies and supporting procedures, and ensuring compliance with regulatory requirements. The CISO is accountable for the enterprise information security program, collaborates with senior leadership from other departments, including the evaluation, procurement, and deployment of security-related products and coordinates information security awareness and education programs. PRIMARY RESPONSIBILITIESLeads information security function and accountable for the enterprise information security program.Creates/contributes information security strategies, both short-term and long-range, in support of business strategic goals and IT strategies.Collaborates with senior leadership from other departments to provide oversight, operational expertise and direction to the organization and operational teams.Reviews IT and security governance structures, processes and procedures to prevent security breaches, major incidents and non-compliance with regulatory requirements.Monitors and conducts ongoing assessments of security standards, policies and controls, in accordance with recognized frameworks such as ISO, NIST and COBIT, necessary for breach prevention, data loss prevention, detection and remediation, and continuous improvement.Assesses security infrastructure, cloud environments, changes and new additions to existing systems including identity and access management, data protection, vulnerability assessment, testing and recommendations for improvement.Provides reports and recommendations to mitigate risks to the senior management by communicating in non-technical, cost/benefit terms and in a format relevant to senior management so decisions can be made to ensure the security of information systems and information entrusted to CanDeal.Oversees all ongoing activities related to the development, implementation, and maintenance of CanDeals information security policies and procedures by ensuring these policies and procedures encompass the overall security of electronic information at rest or in motion within CanDeal environment and assisting departments in local process and procedure development.Provides mentorship, staff development, and assists other departments to ensure regulatory compliance in areas such as OSC, OSFI, PIPEDA, GDPR to ensure full compliance in securing Privacy Information (PI). Chairs the Information Security Committee (ISC) and coordinates the activities of ISC so that security decisions do not interrupt business processes while maintaining the confidentiality, integrity, and availability of CanDeal information.Develops information security awareness training and education programs, works with other CanDeals groups to present them to staff, as appropriate.Acts proactively to prevent potential disaster situations by ensuring that proper protections are in place, such as detection and prevention systems, secured networking systems, secured cloud hosting CanDeals electronic information, and effective physical safeguards, and provides for the availability of computer resources by ensuring a business continuity/disaster recovery plan is in place to offset the effects caused by intentional and unintentional acts.Evaluates security incidents and determines what response as per incident response plan is needed and leads CanDeal responses, including technical incident response teams, when sensitive information is breached.Manages and supports other initiatives as required.QUALIFICATIONSEducation & ExperiencePost-secondary education in IT.Minimum 10 years of related information security experience including, but not limited to, IT security architecture, cloud environments, security tools, network security, vulnerability management and assessment, anti-malware, endpoint security, secured software development, regulatory compliance, security program management and governance.Professional/industry certifications such as CISSP, GIAC, CISA, CISM, or similar.Knowledgeable in frameworks such as COBIT 5, ISO 27002, NIST and ITIL in assessing IT control gaps in organizations.Knowledge, Skills & AbilitiesStrong understanding of security architecture and methodologies.Ability to develop and maintain policies and procedures relating to IT/security governance.Ability to keep current with IT security developments and vulnerabilities.Proven experience in relationship and stakeholder management.Effectively manage multiple concurrent projects and to reason analytically.The ability to work with and train people possessing differing levels of technical knowledge.Effective verbal and written communication skills and proficiency in writing technical specifications.Key Qualities for SuccessSelf-motivated and driven.Highly attentive to detail and committed to quality.Enthusiastic, service oriented.DECISION MAKINGProvides input into the hiring process for IT Security Analyst roles.Recommends IT security tools, solutions to the Chief Information Officer (CIO), based on current industry knowledge and best practice, and owns IT Security policies.If you are interested in this opportunity, please send your resume to: Please inform us if you require any accommodation during the hiring process.
Job Title
Chief Information Security Officer