Security Specialist 0146-2212
Security Specialist 0146-2212
Posted on :
17-05-2025
Employer Active
1 Vacancy
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Share
Send me jobs like this
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Job Description
HM Note: This hybrid contract role is three 3 days in office. Candidates resume must include first and last name.
Description
We are seeking a consultant with a strong background in OT/IT governance and compliance to support the development of a solid foundation for both IT and OT governance. This includes designing a roadmap establishing an operating model and enhancing IT compliance frameworks such as PCI and OT compliance. The consultant will play a key role in developing robust security policies standards procedure risk management strategies and compliance frameworks that effectively manage thirdparty risks ensuring alignment with overall business objectives.
REQUIRED EXPERIENCE/SKILLS:
- A minimum of seven 7 years of experience in information security. Including working with large security projects.
- Experience in OT environments and understanding the unique governance risks and compliance requirements of OT systems and operations.
- Strong understanding of cybersecurity governance risk and compliance (GRC) frameworks and regulatory requirements. (PCIDSS NIST ISO 27001.
- Strong communication interpersonal and presentation skills for engaging with diverse stakeholders
- Expertise in security governance risk management and compliance including developing road maps policies standards procedures and processes.
- Proven experience in contractual security requirements and thirdparty risk management through RFP processes and vendor evaluations throughout procurement life cycle.
- Ability to work in crossfunctional teams communicating complex technical information to all levels of the organization including the leadership team.
- Proficient in cybersecurity risk management and thirdparty risk management tools (e.g. ServiceNow One Trust Audit Board).
- Experience with development of security processes procedures and standards documentation.
- Strong time management skills and the ability to prioritize project work and ongoing responsibilities.
- Strong reporting and presentation skills with the ability to communicate security risks and compliance status to executives and stakeholders.
- Selfmotivated with the ability to work independently in a fastpaced environment in a fastpaced environment.
- Proficiency with standard Microsoft Office tools such as Word Excel PowerPoint PowerBI Visio and O365 SharePoint.
Deliverables
- Lead efforts to expand and improve cybersecurity governance and compliance in both IT and OT environments. This includes ensuring that OT security aligns with Metrolinxs overall cybersecurity strategy policy development and risk management.
- Supporting annual PCI assessments by working with Qualified Security Assessors (QSAs) internal security teams and business units to validate compliance and address findings to ensure that Metrolinxs payment systems meet the required PCI compliance status.
- Develop and update critical governance documents such as security policies standards and procedures for both IT and OT environments. Ensure these documents are aligned with best practices industry standards and regulatory requirements (e.g. PCIDSS ISO 27001 NIST ISA/IEC 62443 CIS controls).
- Lead the creation review and approval of cybersecurity policies and standards working with relevant teams to ensure these documents are comprehensive up to date and applicable across both IT and OT environments.
- Manage security documentation and audit artifacts to maintain accuracy completeness and controlled access for cybersecurity governance.
- Work closely with IT business teams product delivery digital transformation infrastructure vendors internal and external audit committees to align security strategies and remediate risks.
- Assist GRC team in designing securitycompliant solutions and provide expert consultation on security threats and controls
- Foster collaboration across teams by effectively communicating complex security concepts in an accessible and actionable way ensuring alignment with security policies and standards.
- Work with project teams as a cybersecurity SME to recommend and implement security controls to address identified risks.
- Ongoing compliance work related to regulatory requirements and/or compliance with Metrolinx standards. and nbsp; and nbsp;
- Develop the security process procedure governance artifacts and security controls within the Cybersecurity Risk Management and Governance/Compliance Programs.
- Assist with security audits and threat/risk assessments to ensure compliance with security policies standards and procedures and work with business/technical/operational areas in taking corrective actions on any identified security exposures and remediation progress.
- Communicate regularly with cybersecurity teams internal stakeholders project teams and representatives from various functional teams including escalating any matters to senior team members that require additional analysis.
- Participate in the cybersecurity awareness programs to educate employees contractors and stakeholders on security best practices and compliance requirements.
- Collaborate with teams to ensure security awareness materials are tailored to address Metrolinxs specific risks and regulatory needs.
Additional Terms
- A current security designation (CISSP CISM CCSP or CISA)
- Familiar with key OT governance frameworks and standards such as NIST Cybersecurity Framework (CSF) ISO/IEC 27001 ISA/IEC 62443
Must Haves:
and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp;7 years experience in information security including working with large security projects
and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp;7 years experience in OT environments and understanding the unique governance risks and compliance requirements of OT systems and operations
and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp;Expertise in security governance risk management and compliance including developing road maps policies standards procedures and processes
and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp; and nbsp;Strong understanding of cybersecurity governance risk and compliance (GRC) frameworks and regulatory requirements. (PCIDSS NIST ISO 27001
Employment Type
Full Time
Key Skills
Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.
