Security Specialist 0146-2212

Join to apply for the Security Specialist 0146-2212 role at Foilcon

1 day ago Be among the first 25 applicants

Join to apply for the Security Specialist 0146-2212 role at Foilcon

HM Note: This hybrid contract role is three (3) days in office. Candidates resume must include first and last name.

Description

We are seeking a consultant with a strong background in OT/IT governance and compliance to support the development of a solid foundation for both IT and OT governance. This includes designing a roadmap, establishing an operating model, and enhancing IT compliance frameworks such as PCI and OT compliance. The consultant will play a key role in developing robust security policies, standards, procedure, risk management strategies, and compliance frameworks that effectively manage third-party risks, ensuring alignment with overall business objectives.

Required Experience/Skills

• A minimum of seven (7+) years of experience in information security. Including working with large security projects.
• Experience in OT environments and understanding the unique governance, risks and compliance requirements of OT systems and operations.
• Strong understanding of cybersecurity, governance, risk, and compliance (GRC) frameworks and regulatory requirements. (PCI-DSS, NIST, ISO 27001).
• Strong communication, interpersonal and presentation skills for engaging with diverse stakeholders
• Expertise in security governance, risk management, and compliance, including developing road maps, policies, standards, procedures and processes.
• Proven experience in contractual security requirements and third-party risk management through RFP processes and vendor evaluations throughout procurement life cycle.
• Ability to work in cross-functional teams, communicating complex technical information to all levels of the organization, including the leadership team.
• Proficient in cybersecurity risk management and third-party risk management tools (e.g., ServiceNow, One Trust, Audit Board).
• Experience with development of security processes, procedures and standards documentation.
• Strong time management skills and the ability to prioritize project work and ongoing responsibilities.
• Strong reporting and presentation skills, with the ability to communicate security risks and compliance status to executives and stakeholders.
• Self-motivated with the ability to work independently in a fast-paced environment in a fast-paced environment.
• Proficiency with standard Microsoft Office tools such as Word, Excel, PowerPoint, PowerBI, Visio and O365 SharePoint.
  
  

• Lead efforts to expand and improve cybersecurity governance and compliance in both IT and OT environments. This includes ensuring that OT security aligns with Metrolinx's overall cybersecurity strategy, policy development, and risk management.
• Supporting annual PCI assessments by working with Qualified Security Assessors (QSAs) internal security teams, and business units to validate compliance and address findings to ensure that Metrolinx's payment systems meet the required PCI compliance status.
• Develop and update critical governance documents such as security policies, standards, and procedures for both IT and OT environments. Ensure these documents are aligned with best practices, industry standards, and regulatory requirements (e.g., PCI-DSS, ISO 27001, NIST, ISA/IEC 62443, CIS controls).
• Lead the creation, review, and approval of cybersecurity policies and standards, working with relevant teams to ensure these documents are comprehensive, up to date, and applicable across both IT and OT environments.
• Manage security documentation and audit artifacts to maintain accuracy, completeness and controlled access for cybersecurity governance.
• Work closely with IT, business teams, product delivery, digital transformation, infrastructure, vendors, internal and external audit committees to align security strategies and remediate risks.
• Assist GRC team in designing security-compliant solutions and provide expert consultation on security threats and controls
• Foster collaboration across teams by effectively communicating complex security concepts in an accessible and actionable way, ensuring alignment with security policies and standards.
• Work with project teams as a cybersecurity SME to recommend and implement security controls to address identified risks.
• Ongoing compliance work related to regulatory requirements and/or compliance with Metrolinx standards.
• Develop the security process, procedure, governance artifacts and security controls within the Cybersecurity Risk Management and Governance/Compliance Programs.
• Assist with security audits and threat/risk assessments to ensure compliance with security policies, standards and procedures, and work with business/technical/operational areas in taking corrective actions on any identified security exposures and remediation progress.
• Communicate regularly with cybersecurity teams, internal stakeholders, project teams and representatives from various functional teams, including escalating any matters to senior team members that require additional analysis.
• Participate in the cybersecurity awareness programs to educate employees, contractors, and stakeholders on security best practices and compliance requirements.
• Collaborate with teams to ensure security awareness materials are tailored to address Metrolinx's specific risks and regulatory needs.
  
  

• A current security designation (CISSP, CISM, CCSP or CISA)
• Familiar with key OT governance frameworks and standards, such as NIST Cybersecurity Framework (CSF), ISO/IEC 27001, ISA/IEC 62443
  
  

• 7+ years' experience in information security, including working with large security projects
• 7+ years' experience in OT environments and understanding the unique governance, risks and compliance requirements of OT systems and operations
• Expertise in security governance, risk management, and compliance, including developing road maps, policies, standards, procedures and processes
• Strong understanding of cybersecurity, governance, risk, and compliance (GRC) frameworks and regulatory requirements. (PCI-DSS, NIST, ISO 27001)

• Seniority level
  Mid-Senior level

• Employment type
  Contract

• Job function
  Other, Information Technology, and Management
• Industries
  IT Services and IT Consulting

Referrals increase your chances of interviewing at Foilcon by 2x

Get notified about new Security Professional jobs in Toronto, Ontario, Canada.

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.