Sr Mgr of Information Security
Company: TMX Finance
Posted on: February 24, 2021
Requisition ID 2021-9068Category: IT/ISLocation:
Senior Manager of Information Security
The TMX Finance Family of Companies is looking for a Senior Manager
of Information Security to join our team and oversee our
Information Security Compliance program. As a Senior Manager of
Information Security, you will help mature our Information Security
Compliance Program and supporting activities related to development
and maintenance of policies, standards, procedures, and controls.
You will collaborate with the broader security team and other
departments within TMX to advance program maturity, assess security
risks, and communicate/facilitate remediation of those risks.
The health and well-being of our Team Members, their families, and
our customers remains a top priority for us. That's why we've taken
a number of steps to help maintain a clean and safe environment
where Team Members can thrive, and customers can feel safe.
Currently, in our stores and Corporate offices, we're practicing
social distancing, wearing face coverings (subject to certain
exemptions), cleaning frequently, and following state and local
requirements as well as Center for Disease Control (CDC) guidelines
to help ensure a clean and safe environment for all. As the
situation evolves, changes may be made to our practices, in line
with state and local mandates as well as CDC-guidelines.
Oversee all Governance, Risk and Compliance for the IT
Aid in the further development and maturation of the IT Security
Risk Management Program and overall tools.
Develop and maintain a Risk Controls Matrix (RCM) that aligns with
applicable regulatory and compliance requirement frameworks
Determine, develop, maintain, and publish corporate-level
information security policies, standards, procedures, and
guidelines, including incident response and compliance reporting
procedures for general IT controls and SOX.
The identification, testing, maintenance, compliance reporting and
management assertion of general IT controls.
Leads the effort to implement new versions of PCI-DSS requirements,
including the reviewing of the technology lifecycle and end of life
impacts (platforms, software, database) on PCI applications and
Cardholder Data Environment.
Coordinates the work of the Qualified Security Assessor (QSA), as
Ensures the effective maintenance of the program to monitor service
providers PCI-DSS compliance status.
Manages PCI compliance risks and issues log
Responds to alleged violations of PCI compliance policies,
procedures, and standards by evaluating or recommending the
initiation of investigative procedures
Providing organizational guidance, leadership and promoting general
awareness and training of security policies and program.
Promoting adherence to NIST and other generally accepted IT
security and control practices throughout the IT landscape.
Supervise all investigations relating to security threats, legal
discovery, and violation of security policies and provide on-going
communication with senior management.
Engage in penetration studies, threat analysis, vulnerability
assessments, and security audit activities to ensure IT controls
and security are effective.
Maintain close working relationships with Internal/External
Auditors on Interim, Annual, Intellectual Property, SOX &
Assist peer managers in understanding security and control
deficiencies and responding to internal and external audit
Verify relevant third-party attestations to validate the necessary
safeguards are in place to protect our information assets under
their care Ensure that any remedial actions required by external
parties are addressed, Conduct security reviews of potential
third-party providers / acquisition targets
Perform periodic information privacy risk assessments and conduct
related ongoing compliance monitoring activities in coordination
with the entity's other compliance and operational assessment
- Bachelor's degree in Computer Science, Information Systems,
Engineering, Business, or other related scientific or technical
discipline is required. Four (4) years of experience in
IA/Information Security will be an acceptable substitute for a
- Minimum 5+ years in Information Security, Governance, Risk and
- Minimum 5+ years of IT and Cyber Security experience
- Regulatory compliance, including information security
management frameworks (e.g.,PCI-DSS, NIST CSF, ISO2700x, SANS Top
20 Critical Security Controls, SOX, COBIT)
- Experience actively governing risks and threats
- Experience conducting Risk Assessments and facilitating
executive level risk discussions
- Physical demands for this position frequently include: the
ability to remain in a stationary position, move about freely
inside and occasionally outside of the office, and the operation of
mechanical controls, such as a keyboard.
- Experience in developing and implementing information security
practices in a retail financial, or a highly decentralized
- Information Security certifications: CISSP, CISM and CIPP
- IT Security experience in a large multi-site retail/financial
- IT Security experience in large multi-vendor Cloud (AWS, Azure,
- Bachelor's degree in computer science or related field
Learn More About Us
The Senior Manager of Information Security is part of the
Information Services team, who works to design and drive the
innovation that keeps us competitive. The IT team members are the
first responders to global initiatives creating cutting-edge
solutions that enhance and differentiate our customers'
experiences, and the Service Desk provides a single point of
contact to help meet our team members' technology needs. To learn
Check out what's happening in our Company at
The information contained herein is not intended to be an
all-inclusive list of the duties and responsibilities of the job,
nor is it intended to be an all-inclusive list of the skills and
abilities required to do the job. The Company may, at its
discretion, revise the job description at any time, and additional
functions and requirements may be assigned by supervisors as deemed
appropriate. Requirements, skills and abilities included have been
determined to illustrate the minimal standards required to
successfully perform the position.
All TMX Finance Family of Companies Are Equal Opportunity
Keywords: TMX Finance, Carrollton , Sr Mgr of Information Security, Other , Carrollton, Texas
Didn't find what you're looking for? Search again!