Specialist Security Governance

• Req ID: [[id]]
• Department: [[filter6]]
• Job Type: [[jobLevel]]
• Position Type: [[relocationPack]]
• Location: [[filter3]], [[filter2]]
• Country: [[filter1]]
• % of Travel: [[travel]]
• # of Positions: [[numberOpenings]]
• Job Grade: [[jobGrade]]
• Job Available to: [[jobAvailable]]
• Deadline to apply: [[closeDate]]

Canadian Pacific is a transcontinental railway in Canada and the United States with direct links to major ports on the west and east coasts. CP provides North American customers a competitive rail service with access to key markets in every corner of the globe. CP is growing with its customers, offering a suite of freight transportation services, logistics solutions and supply chain expertise. Visit cpr.ca to see the rail advantages of CP.

Job Description:

Canadian Pacific’s Enterprise Security team is seeking a passionate cyber security professional to help us with cybersecurity governance and risk management. You will be responsible for working with IT and business teams to effectively identify security risks and make recommendations to management regarding the adequacy of the security controls for CP’s information and technology systems. Also, you will partner with stakeholders to develop policies, procedures, standards, and guidelines around Governance, Risk, and Compliance. Each day will be fast-paced, challenging, rewarding and meaningful and you will be inspired to bring your best, every day.

Position Accountabilities:

The successful candidate will perform the following activities:

• Participate and assist in improving the maturity of the security risk management program at CP;
• Work with IT, business and third-party vendors to perform security risk assessments on new and existing systems, processes and technologies (including cloud solutions);
• Assess, identify and document cybersecurity risks that may exist in various IT solutions in a manner that highlights the business impact and risk;
• Recommend risk treatment options for identified risks to protect critical assets based on the appropriate risk and budget;
• Assist in maintenance of Security risk register by documenting and monitoring risks as required;
• Develop, implement and maintain cybersecurity policies, standards, directives and processes;
• Work with various multi-functional departments to foster a culture of security maturity enhancements, awareness and secure practices;
• Manage a security framework and controls tailored around NIST Cybersecurity Framework and ISO 27001;
• Assist in implementing and managing a risk management tool;
• Stay abreast of and advise on current and emerging cyber security threats, related compliance/regulatory requirements and industry best practices;
• Various other duties as required;

Position Requirements:

• Strong knowledge and experience with information technology and cybersecurity;
• University degree or college diploma in an IT or Engineering related field;
• 5+ years of IT experience with a diverse technology background;
• 3+ years of experience specifically in an IT/ Cyber risk management or security risk assessment role;
• Knowledge of ISO 27001, 27002 and NIST Cybersecurity Framework;
• Familiarization with Amazon Web Services (AWS) and Azure security model and controls;
• Experience with or extensive familiarity with information security concepts such as:
  • Access control models, authentication, authorization, etc.
  • Cloud Security
  • Defense in depth principles
  • Linux / Windows security
  • Network architecture and secure network design
• Previous experience of working with any risk management tool;

• IT industry security certification (CISSP, CRISC, CCSP or CISA ) or equivalent working experience is desirable (but not mandatory);
• Previous consulting experience with one of the large professional services firms is desirable (but not mandatory).

About You:

• Good written and verbal communication abilities with technical and non-technical audiences;
• Good analytical, investigative and problem solving mindset;
• Must be team oriented and at the same able to work with limited supervision;
• Communicate exceptionally well with management, peers, and customers;
• Have high attention to detail and commitment to quality;
• Ability to work effectively in a fast-paced, changing environment;
• Excellent time management skills;
• Desire for continuous improvement and a commitment to best practices.

COVID-19 Vaccination Requirement: Pursuant to the Government of Canada’s mandate that all federally-regulated employers require their employees to be fully vaccinated against COVID-19, CP requires all prospective employees to confirm their vaccination status as part of the hiring process and as a condition of continued employment.

WHAT CP HAS TO OFFER:

• Flexible and competitive benefits package
• Competitive company pension plan
• Employee Share Purchase Plan
• Performance Incentive Program
• Annual Fitness Subsidy

ADDITIONAL INFORMATION:

As an employer with national presence, the possibility does exist that the location of your position may be changed based on organizational requirements.

Background Investigation:

The successful candidate will need to successfully complete the following clearances:

• Criminal history check
• Reference check

Management Conductor Program:

Becoming a qualified conductor or locomotive engineer is the single best way for a management employee to learn the business at CP. You may be required to obtain a certification or to maintain your current certification/qualification as a conductor or locomotive engineer.

CP is an equal opportunity employer committed to the principles of employment equity and inclusion. We welcome applications from all qualified individuals. All applicant information will be managed in accordance with the federal Personal Information Protection and Electronic Documents Act ("PIPEDA").