Security Advisor, Operational Technology (OT) Cybersecurity (Hybrid)

COVID-19 Vaccination Requirement:

Pursuant to the Government of Canada’s mandate that all federally regulated employers require their employees to be fully vaccinated against COVID-19, CP requires all prospective employees to confirm their vaccination status as part of the hiring process and as a condition of continued employment.

• Req ID: [[id]]
• Department: [[filter6]]
• Job Type: [[jobLevel]]
• Position Type: [[relocationPack]]
• Location: [[filter3]], [[filter2]]
• Country: [[filter1]]
• % of Travel: [[travel]]
• # of Positions: [[numberOpenings]]
• Job Grade: [[jobGrade]]
• Job Available to: [[jobAvailable]]
• Deadline to apply: [[closeDate]]

Canadian Pacific is a transcontinental railway in Canada and the United States with direct links to major ports on the west and east coasts, providing North American customers a competitive rail service with access to key markets in every corner of the globe. CP is growing with its customers, offering a suite of freight transportation services, logistics solutions and supply chain expertise. Visit cpr.ca to see the rail advantages of CP.

PURPOSE OF THE POSITION:

Canadian Pacific’s Enterprise Security team is seeking an experienced, skilled, and hands-on OT Cybersecurity Senior Technical Advisor. This role's primary function will be to bridge the gap between Operational Technology (OT) and Information Technology (IT) systems, as well as to provide leadership in the implementation and development of an OT cybersecurity practice. This challenging position requires in-depth experience and knowledge of both OT and IT cybersecurity.

POSITION ACCOUNTABILITIES:

The successful candidate will perform the following activities:

• Serve as a technical liaison between the IT Security and OT business units to ensure Train operations and systems are following security best practices
• Lead the implementation and development of an OT cybersecurity practice
• Define and ensure compliance with security policies, processes, and standards to build a comprehensive OT security program
• Serve as subject matter expert in OT security
• Provide Security guidance on OT Projects
• Provide recommendations on how best to mitigate OT security risks
• Responsible for the development & implementation of OT-specific Security policies & procedures
• Work with operational teams and provide leadership to address OT security deficiencies
• Work closely with the Security Operations Center (SOC) to perform incident response activities when a security incident is discovered, participate in investigations to determine the root cause of security incidents, and ensure that appropriate protection or corrective measures are taken.
• Provide operational support, troubleshooting, and maintenance of Security-related processes, controls, or products
• Work with various operational teams to foster a culture of security maturity enhancements, awareness and secure practices
• Stay abreast of and advise on current and emerging cyber security threats, related compliance/regulatory requirements and industry best practices
• Conduct research to maintain and expand knowledge on the latest cybersecurity technologies and standards.
• Various other duties as required.

POSITION REQUIREMENTS:

• Strong knowledge and experience with information technology and cybersecurity.
• University Degree in Information Technology, Computer Science, Security or equivalent educational or professional IT/OT-related experience and/or qualifications
• 8+ years of progressive cybersecurity experience with a diverse technology background.
• 5+ years of cybersecurity experience with a focus on OT environments.
• Experience with securing cross-domain IT/OT communications to and from Business Networks, third parties, and OT networks
• Knowledge of OT cyber security architectures and processes, including OT monitoring and logging
• Knowledge of OT-specific attack vectors, vulnerabilities, and how malicious actors exploit them is desirable
• Strong understanding of cybersecurity principles such as encryption, ports, protocols, and services, policies, procedures, physical security, risk management, asset management, configuration management, access control, security architecture, business continuity, contingency planning, and application security, among others.
• Strong understanding of network security architecture, such as zones, firewall rules, detection/inspection technologies, and east-west security controls.
• Ability to conduct research and develop new OT cybersecurity solutions, as well as write research papers, proposals, and presentations

• Working knowledge of various OT technologies and providers
• Security certifications such as CISSP, GICSP or equivalent certifications are a plus.
• Good written and verbal communication abilities with technical and non-technical audiences;
• Good analytical, investigative and problem solving mindset;
• Must be team oriented and at the same able to work with limited supervision;
• Communicate exceptionally well with management, peers, and customers;
• Have high attention to detail and commitment to quality;
• Ability to work effectively in a fast-paced, changing environment;
• Excellent time management skills;
• Desire for continuous improvement and a commitment to best practices.

WHAT CP HAS TO OFFER:

• Flexible and competitive benefits package
• Competitive company pension plan
• Employee Share Purchase Plan
• Performance Incentive Program
• Annual Fitness Subsidy

ADDITIONAL INFORMATION:

As an employer with national presence, the possibility does exist that the location of your position may be changed based on organizational requirements.

Background Investigation:

The successful candidate will need to successfully complete the following clearances:

• Criminal history check
• Reference check

Management Conductor Program:

Becoming a qualified conductor or locomotive engineer is the single best way for a management employee to learn the business at CP. You may be required to obtain a certification or to maintain your current certification/qualification as a conductor or locomotive engineer.

CP is an equal opportunity employer committed to the principles of employment equity and inclusion. We welcome applications from all qualified individuals. All applicant information will be managed in accordance with the federal Personal Information Protection and Electronic Documents Act ("PIPEDA").