Analyst, Cybersecurity Awareness

General Accountability

Key Job Functions

• Develop and implement cybersecurity training programs that align with TTC’s cybersecurity policies, standards and procedures
• Identify and evaluate risks and associated training that could be delivered to employees to mitigate those risks
• Create and manage metrics framework that effectively measures employee compliance with information security policies, maintain minimum agreed security awareness training completion rates
• Ensure security awareness trainings, communications, and marketing are engaging and are aligned to the leading practices in cyber security
• Determine Cybersecurity Awareness requirements of business strategies in order to provide appropriate training advice and guidance
• Conduct cybersecurity training sessions for new hires and ongoing training for existing employees
• Conduct research and fact-finding exercises for maintaining and revising related technologies, policies, guidelines, processes, procedures and standards
• Ensure security awareness information and documentation are timely updated, reflecting the latest security trends and threats as well as compliance requirements
• Assess effectiveness of Cybersecurity Awareness program and the existing practices and make recommendations for continuous improvement
• Lead the courseware development process and ensure appropriate contents, quality, and timely delivery of the courses.
• Manage current and create new business relationships with approved Cybersecurity Training Vendors
• Staying up-to-date with industry trends and emerging threats to ensure that cybersecurity training programs remain relevant and effective
• Develop and conduct simulated phishing exercises on a regular basis and follow-up with clickers and repeat clickers
• Prepare and present various reports relating to areas of responsibility

Key Job Functions continued

• Contribute to the development and refinement of Cybersecurity training strategy and policies
• Participate in incident investigations for potential compliance violations to identify the cause and adjust applicable program, policies or training
• Provide support for various Cybersecurity program initiatives as required
• Participate in disaster recovery and business continuity planning
• Work collaboratively with stakeholders and vendors in planning, preparing and performing tasks and activities for the program
• Assist in supporting other tasks and activities required by the Information Security team
• Responsible for treating passengers and/or employees with respect and dignity and ensuring the needs of passengers or employees with disabilities are accommodated and/or addressed (if applicable and within their area of responsibility) in accordance with the Ontario Human Rights Code and Related Orders so that they can fully benefit from the TTC as a service-provider and an employer.
• Perform related duties as assigned

Skills

Education and Experience

• University degree in Computer Science, Information Security, Cybersecurity, or a related field as well as several years of Cybersecurity risk management experience or the equivalent combination of education and experience.
• Several years of relevant Cybersecurity experience (Security awareness and training)
• Knowledge and experience with Information security frameworks, standards, best practices and regulations (e.g. NIST CSF, NIST RMF, ISO/IEC 27001/27002, CIS, SANS, COBIT, etc.)

Additional Requirements

• Good understanding of Information technology systems and processes, network infrastructure, data architecture, data processes, and protocols.
• Knowledge of the following areas; Vulnerability management, Configuration management, Pen testing, change management, Identity & Access management etc.
• Experience with phishing and cybersecurity training tools and vendors.
• Ability to form complex communications/messages in a simple, clear and concise manner to various teams within the TTC.
• Exceptional interpersonal and communications skills.
• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
• An understanding of TTC’s mission, values, goals and consistent application of this knowledge.
• Ability to work in a fast-paced environment managing multiple priorities with proven time management skills.
• Any of the following will be an asset:
  • Entry level Cybersecurity certifications such as ISC2 Certified in Cybersecurity, ISACA Cybersecurity Fundamentals, CompTIA Security+, etc.
  • Cybersecurity Awareness certifications such as SANs Security Awareness Professional
  • Experience with project management, photo & video editing software and Information Security technical writing.