Security Specialist 0146-2212

Skills Required :

• Security designation, Information Security Risk Assessment, Network Security Management, Incident Response Planning, Security Auditing, Compliance Standards (e.g., ISO 27001, NIST, PCI-DSS), Cloud Security, Penetration Testing

HM Note: This hybrid contract role requires three (3) days in the office. Candidates must include their first and last name in their resume.

Description

We are seeking a consultant with a strong background in OT/IT governance and compliance to support the development of a solid foundation for both IT and OT governance. This includes designing a roadmap, establishing an operating model, and enhancing IT compliance frameworks such as PCI and OT compliance. The consultant will play a key role in developing robust security policies, standards, procedures, risk management strategies, and compliance frameworks that effectively manage third-party risks, ensuring alignment with overall business objectives.

REQUIRED EXPERIENCE/SKILLS:

• Minimum of seven (7+) years of experience in information security, including large security projects.
• Experience in OT environments and understanding the unique governance, risks, and compliance requirements of OT systems and operations.
• Strong understanding of cybersecurity, governance, risk, and compliance (GRC) frameworks and regulatory requirements (PCI-DSS, NIST, ISO 27001).
• Excellent communication, interpersonal, and presentation skills for engaging with diverse stakeholders.
• Expertise in security governance, risk management, and compliance, including developing roadmaps, policies, standards, procedures, and processes.
• Proven experience in contractual security requirements and third-party risk management through RFP processes and vendor evaluations.
• Ability to work in cross-functional teams, communicating complex technical information to all organizational levels, including leadership.
• Proficient in cybersecurity risk management and third-party risk management tools (e.g., ServiceNow, One Trust, Audit Board).
• Experience in developing security processes, procedures, and standards documentation.
• Strong time management skills and the ability to prioritize projects and responsibilities.
• Strong reporting and presentation skills to communicate security risks and compliance status to executives and stakeholders.
• Self-motivated with the ability to work independently in a fast-paced environment.
• Proficiency with Microsoft Office tools such as Word, Excel, PowerPoint, PowerBI, Visio, and O365 SharePoint.
• Lead efforts to expand and improve cybersecurity governance and compliance in both IT and OT environments, ensuring alignment with Metrolinx’s cybersecurity strategy, policies, and risk management.
• Support annual PCI assessments by collaborating with QSAs, internal security teams, and business units to validate compliance and address findings.
• Develop and update governance documents such as security policies, standards, and procedures for IT and OT, aligned with industry standards and regulations (e.g., PCI-DSS, ISO 27001, NIST, ISA/IEC 62443, CIS controls).
• Lead creation, review, and approval of cybersecurity policies and standards, ensuring they are comprehensive and applicable across environments.
• Manage security documentation and audit artifacts to maintain accuracy and controlled access.
• Collaborate with IT, business teams, vendors, and audit committees to align security strategies and remediate risks.
• Assist GRC team in designing security-compliant solutions and providing expert consultation on threats and controls.
• Foster collaboration by effectively communicating complex security concepts and ensuring policy adherence.
• Work with project teams as a cybersecurity SME to recommend and implement controls addressing risks.
• Engage in ongoing compliance activities related to regulatory requirements and Metrolinx standards.
• Develop security processes, procedures, governance artifacts, and controls within Cybersecurity Risk Management and Governance/Compliance Programs.
• Assist with security audits and risk assessments, ensuring compliance and remediation of exposures.
• Maintain regular communication with cybersecurity teams, stakeholders, and project teams, escalating matters as needed.
• Participate in cybersecurity awareness programs to educate staff on best practices and compliance.
• Collaborate with teams to tailor security awareness materials to Metrolinx’s risks and needs.

Additional Terms

• A current security designation (CISSP, CISM, CCSP, or CISA).
• Familiarity with key OT governance frameworks and standards, such as NIST CSF, ISO/IEC 27001, ISA/IEC 62443.

Must Haves:

• 7+ years’ experience in information security, including large security projects.
• 7+ years’ experience in OT environments with understanding of governance, risks, and compliance requirements.
• Expertise in security governance, risk management, and compliance, including policies, standards, and procedures development.
• Strong understanding of cybersecurity, GRC frameworks, and regulatory requirements.

Didn't find the role you were looking for? Upload your resume now to be considered for future opportunities at Foilcon.