Senior Vulnerability Management Specialist (1 year contract)

at  TMX Group Limited

Venture outside the ordinary - TMX Careers
The TMX group of companies includes leading global exchanges such as the Toronto Stock Exchange, Montreal Exchange, and numerous innovative organizations enhancing capital markets. United as a global team, we’re connecting cross-functionally, traversing industries and geographies, moving opportunity into action, advancing global economic growth, and propelling progress. Through a rich exchange of ideas, meaningful collaboration, and a nimble operating model, we’re powering some of the nation’s most critical systems, fueling capital formation and innovation, bringing increased opportunity to business visionaries, product ingenuity to consumers, and career exploration to our team.
Ready to be part of the action?
The Information Security Office (ISO) at TMX is responsible for researching, deploying and maintaining Security Technologies that support our defense in depth strategy in accordance with TMX regulations and policy. This includes vulnerability management deployments and tie-ins to threat intelligence and audit reporting capabilities.
Reporting to the Senior Manager of Security Operations, we are seeking a highly motivated and experienced Senior Vulnerability Management Specialist to join our team. The ideal candidate will have a deep understanding of vulnerability and patch management principles and practices, as well as a proven track record of successfully managing and mitigating vulnerabilities and applying patches in complex IT environments.

Responsibilities:

• Lead and manage the organization’s vulnerability program and work with the patch management program lead, including defining and implementing policies, procedures, and standards.
• Conduct comprehensive vulnerability assessments on a regular basis to identify and prioritize vulnerabilities based on risk, and using various other prioritization tools.
• Develop and implement strategies to mitigate and remediate vulnerabilities, including deploying patches, updating software, and implementing security controls.
• Collaborate with cross-functional teams, such as IT operations, security, and development squads, to ensure effective implementation of vulnerability and patch management solutions.
• Stay up-to-date on the latest vulnerability, patch trends and threats by monitoring security bulletins, advisories, and industry news.
• Provide regular reports to management on the status of the vulnerability and patch management program, including metrics on vulnerabilities identified, patched, and outstanding.
• Educate and train various IT and non-IT employees on vulnerability and patch management best practices, to raise awareness and promote responsible security behavior.

Qualifications:

• Bachelor’s degree in Cyber Security, IT Security, Computer Science, Information Technology, or a related field.
• 5+ years of experience in vulnerability and patch management, with a focus on sophisticated IT environments.
• 4+ years experience with vulnerability and patch management tools and techniques, such as Rapid7 Nexpose, InsightVM, and Kenna (Cisco VM).
• Experience with enterprise web application security platforms for scanning, SAST and DAST activities, such as BURP Suite, ZAP, Acunetix, Sonatype Nexus Repository, Sonatype Repository Firewall, and Sonatype Lifecycle.
• Experience with enterprise patching platforms, such as Ivanti LANDesk, JAMF, Automox, and Microsoft SCCM is an asset.
• Strong understanding of risk assessment and mitigation strategies, including common attack vectors and exploit techniques.

In the market for…
Excitement - Explore emerging technology and innovation, as well as ventures and digital finance that shape the future of global markets! Experience the movement of the market while grounded in the stability of close to 200 years of success.
Connection - With site hubs in some of the world’s most multicultural cities, we leverage our size and structure to create rich connections and belonging while experiencing powerful global impact through our work.
Impact - More than a platform, we use our talents to power mission-critical systems that drive global economic advancement, innovation, and growth. As well, our employee-led Team Impact spreads social good via our giving strategy.
Wellness - From empathetic leadership to a culture of flexibility and balance, we believe wellness at work creates the maximum yield and a stronger “we”. Plus, with a cloud-first and hybrid workstyle, as well as generous time-off and leaves, we support a life well lived!
Growth - From a growth mindset in our work, to expansion in our business, TMX is home to action-takers energized by the achievement of ambitious growth.
Ready to enrich your career with impactful work, leaders who truly care, and the flexibility and programs to help you thrive as part of #TeamTMX ? Apply now.
TMX is committed to creating and sustaining a collegial work environment in which all individuals are treated with dignity and respect and one which reflects the diversity of the community in which we operate. We provide accommodations for applicants and employees who require it

• Lead and manage the organization’s vulnerability program and work with the patch management program lead, including defining and implementing policies, procedures, and standards.
• Conduct comprehensive vulnerability assessments on a regular basis to identify and prioritize vulnerabilities based on risk, and using various other prioritization tools.
• Develop and implement strategies to mitigate and remediate vulnerabilities, including deploying patches, updating software, and implementing security controls.
• Collaborate with cross-functional teams, such as IT operations, security, and development squads, to ensure effective implementation of vulnerability and patch management solutions.
• Stay up-to-date on the latest vulnerability, patch trends and threats by monitoring security bulletins, advisories, and industry news.
• Provide regular reports to management on the status of the vulnerability and patch management program, including metrics on vulnerabilities identified, patched, and outstanding.
• Educate and train various IT and non-IT employees on vulnerability and patch management best practices, to raise awareness and promote responsible security behavior