Head of Security Management

Head of Information Security, Europe page is loaded Head of Information Security, Europe Apply locations London – 2 Gresham Street time type Full time posted on Posted 5 Days Ago job requisition id R-5246 The Head of Information Security, Europe reports directly to the Chief Information Security Officer, TMX Group and has a dotted line reporting relationship to the Chief Technology Officer, Trayport. Head of Information Security, Europe page is loaded Head of Information Security, Europe Apply locations London – 2 Gresham Street time type Full time posted on Posted 5 Days Ago job requisition id R-5246 The Head of Information Security, Europe reports directly to the Chief Information Security Officer, TMX Group and has a dotted line reporting relationship to the Chief Technology Officer, Trayport. The Head of Information Security will be responsible for defining, implementing, and managing the organization\’s information security strategy and framework for Europe. This critical role involves overseeing all aspects of information security, including a strong focus on application security, ensuring compliance with ISO27001 standards, financial services regulations, and other relevant legal and contractual requirements. As a senior leader of the Enterprise Information Security team, the role will also be accountable to provide information security oversight, through leadership and guidance across the TMX Group. The successful candidate will be a strategic leader with a strong technical background, including deep application security knowledge, and the ability to effectively communicate security risks and requirements across all levels of the business. Information Security Strategy and Governance : Develop, implement, and maintain a comprehensive information security strategy aligned with business objectives and risk tolerance. Establish and enforce information security policies, procedures, and standards in accordance with ISO27001, customer requirements, relevant legislation, and application security best practices. Develop and maintain an organization-wide security culture. Build and implement a company-wide communication strategy to promote information security, including application security, within the organization. Team Leadership and Development : Lead and develop the Information Security team. Recruit, retain, and develop talent and expertise, including application security specialists. Business Continuity and Disaster Recovery : Contribute to the development and testing of business continuity and disaster recovery plans from an information security perspective, including considerations for application security. Security Monitoring and Incident Response : Establish and maintain processes for continuous security monitoring and detection of security events, including application-specific security events. Lead the investigation and resolution of security incidents, including those related to application vulnerabilities, root cause analysis, and implementation of corrective actions. Provide regular reports on the organization\’s security posture, including application security vulnerabilities and risks, risks, and compliance status to the Trayport Board, other internal sub-Boards, and relevant stakeholders. Ensure ongoing compliance with ISO27001 certification requirements, including managing audits, reviews, and continual improvement of the Information Security Management System (ISMS). GDPR, NIS2, DORA) and other relevant legal and contractual obligations, as well as application security standards. Risk Management : Lead the information security risk management process, including identification, assessment, treatment, and monitoring of risks, with a particular emphasis on application security risks. Conduct regular risk assessments and vulnerability analyses of systems, applications, and infrastructure. Security Operations : Oversee the management of security technologies and controls, including but not limited to, firewalls, intrusion detection/prevention systems, security information and event management (SIEM), data loss prevention (DLP), vulnerability management tools, and application security testing tools. Secure Software Development Lifecycle (SSDLC) : Integrate security best practices into the software development lifecycle. Work closely with development teams to ensure secure coding practices, conduct comprehensive security testing (e.g., penetration testing, vulnerability scanning, application security reviews), and promote a security-aware development culture with a strong application security focus. Third-Party Risk Management : Develop and implement a program for assessing and managing the information security risks, including application security risks, associated with third-party vendors and service providers. Security Awareness and Training : Develop and deliver information security awareness training programs for all employees to foster a security-conscious culture, including specific training on application security best practices. Act as the primary point of contact for all information security matters. Advise the business on information security best practices and the potential impact of emerging threats. Collaborate with IT, legal, compliance, and other departments to ensure a cohesive approach to risk management and security. Manage the information security budget and resources effectively. Participate in relevant industry forums and stay updated on the latest security trends and technologies. Proven experience in a senior information security role, preferably within the financial services or a similarly regulated industry. Strong understanding of financial services regulations and their impact on information security. In-depth knowledge of information security frameworks, standards, and best practices (e.g., Experience with secure software development practices and application security testing. Strong technical understanding of network security, system security, and security architecture. Experience with risk management methodologies and tools. Proven leadership and team management skills. Experience with cloud security principles and practices. Familiarity with agile development methodologies. Experience in a software development environment. This is a challenging and rewarding opportunity for a seasoned information security professional to make a significant impact in a growing and security-conscious organisation within the financial services sector. Trayport is committed to creating and sustaining a collegial work environment in which all individuals are treated with dignity and respect and one which reflects the diversity of the community in which we operate. We provide accommodations for applicants and employees who require it. freedom, training, and guidance to allow them to consistently achieve their potential.