JOB INFORMATION
Requisition ID: 9097
Number of Vacancies: 1
Department: Information Technology Services (20000014) - Information Security Office (30000033)
Pay Scale Group: 09SA (CAN/S/J/09SA)
Employment Type: Regular
Weekly Hours: 35, Off Days:Shift:
Posted On: February 16, 2024
Last Day to Apply: March 1, 2024
Reports to: Dir, Cybersecurity Risk Management
Requisition ID: 9097
Number of Vacancies: 1
Department: Information Technology Services (20000014) - Information Security Office (30000033)
Pay Scale Group: 09SA (CAN/S/J/09SA)
Employment Type: Regular
Weekly Hours: 35, Off Days:Shift:
Posted On: February 16, 2024
Last Day to Apply: March 1, 2024
Reports to: Dir, Cybersecurity Risk Management
The Toronto Transit Commission (TTC) is North America's third largest transit system and has been recognized as one of the top places to work in the GTA. Guided by a forward-thinking strategic plan, the TTC's vision is to be a transit system that makes Toronto proud. The TTC's recruitment efforts are directly aligned to its mission of providing "a reliable, efficient, and integrated bus, streetcar and subway system that draws its high standards of customer care from our rich traditions of safety, service and courtesy."
General Accountability
Reporting to the Director, Cybersecurity Risk Management, the Analyst, Cybersecurity Awareness is responsible for the development, review, implementation, and maintenance of the TTC’s Cybersecurity Awareness program aimed to effectively motivate desired behavioral changes and foster a culture towards secure use and handling of information assets.
This role provides technical support and services on all Cybersecurity awareness initiative, working closely with various business subject matter experts to ensure appropriate security awareness and training programs are in place to address identified enterprise security risks.
This role is a key contributor for promoting a culture of security within the TTC and increasing awareness and understanding of the role each individual plays in maintaining the security of the TTC’s system and data
Key Job Functions
- Develop and implement cybersecurity training programs that align with TTC’s cybersecurity policies, standards and procedures
- Identify and evaluate risks and associated training that could be delivered to employees to mitigate those risks
- Create and manage metrics framework that effectively measures employee compliance with information security policies, maintain minimum agreed security awareness training completion rates
- Ensure security awareness trainings, communications, and marketing are engaging and are aligned to the leading practices in cyber security
- Determine Cybersecurity Awareness requirements of business strategies in order to provide appropriate training advice and guidance
- Conduct cybersecurity training sessions for new hires and ongoing training for existing employees
- Conduct research and fact-finding exercises for maintaining and revising related technologies, policies, guidelines, processes, procedures and standards
- Ensure security awareness information and documentation are timely updated, reflecting the latest security trends and threats as well as compliance requirements
- Assess effectiveness of Cybersecurity Awareness program and the existing practices and make recommendations for continuous improvement
- Lead the courseware development process and ensure appropriate contents, quality, and timely delivery of the courses.
- Manage current and create new business relationships with approved Cybersecurity Training Vendors
- Staying up-to-date with industry trends and emerging threats to ensure that cybersecurity training programs remain relevant and effective
- Develop and conduct simulated phishing exercises on a regular basis and follow-up with clickers and repeat clickers
- Prepare and present various reports relating to areas of responsibility
Key Job Functions continued
- Contribute to the development and refinement of Cybersecurity training strategy and policies
- Participate in incident investigations for potential compliance violations to identify the cause and adjust applicable program, policies or training
- Provide support for various Cybersecurity program initiatives as required
- Participate in disaster recovery and business continuity planning
- Work collaboratively with stakeholders and vendors in planning, preparing and performing tasks and activities for the program
- Assist in supporting other tasks and activities required by the Information Security team
- Responsible for treating passengers and/or employees with respect and dignity and ensuring the needs of passengers or employees with disabilities are accommodated and/or addressed (if applicable and within their area of responsibility) in accordance with the Ontario Human Rights Code and Related Orders so that they can fully benefit from the TTC as a service-provider and an employer.
- Perform related duties as assigned
Skills
Demonstrate appropriate and effective interpersonal communications through various media
Apply analytical skills
Communicate in a variety of mediums
Gather information and conduct research
Maintain documentation and historical records
Use office technology, software and applications
Education and Experience
- University degree in Computer Science, Information Security, Cybersecurity, or a related field as well as several years of Cybersecurity risk management experience or the equivalent combination of education and experience.
- Several years of relevant Cybersecurity experience (Security awareness and training)
- Knowledge and experience with Information security frameworks, standards, best practices and regulations (e.g. NIST CSF, NIST RMF, ISO/IEC 27001/27002, CIS, SANS, COBIT, etc.)
Additional Requirements
- Good understanding of Information technology systems and processes, network infrastructure, data architecture, data processes, and protocols.
- Knowledge of the following areas; Vulnerability management, Configuration management, Pen testing, change management, Identity & Access management etc.
- Experience with phishing and cybersecurity training tools and vendors.
- Ability to form complex communications/messages in a simple, clear and concise manner to various teams within the TTC.
- Exceptional interpersonal and communications skills.
- Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
- An understanding of TTC’s mission, values, goals and consistent application of this knowledge.
- Ability to work in a fast-paced environment managing multiple priorities with proven time management skills.
- Any of the following will be an asset:
- Entry level Cybersecurity certifications such as ISC2 Certified in Cybersecurity, ISACA Cybersecurity Fundamentals, CompTIA Security+, etc.
- Cybersecurity Awareness certifications such as SANs Security Awareness Professional
- Experience with project management, photo & video editing software and Information Security technical writing.
The TTC is committed to upholding the values of equity, diversity, anti-racism and inclusion in the delivery of its services and in its workplaces. The TTC is committed to fostering a diverse workforce that is representative of the communities it serves at all levels of the organization, and supports an inclusive environment where diverse employee and community perspectives and experiences bring value to the organization. The TTC encourages applications from all applicants, including members of groups with historical and/or current barriers to equity, including but not limited to, Indigenous, Black and racialized groups, people with disabilities, women and people from the LGBTQIA+ community. The TTC values and supports an inclusive and barrier-free recruitment and selection process. Accommodations for applicants are available upon request throughout the recruitment and selection process, including for those who identify as having a disability. Please contact Talent Management at (416) 393-4570. Any information received related to an accommodation will be addressed confidentially.
The TTC’s policy prohibits relatives of current TTC employees from being hired, assigned, transferred or promoted into positions, where there is a conflict of interest due to a relationship. Should you be selected for an interview, you will be required to disclose the name, relationship and position of any relative who is a current TTC employee.
We thank all applicants for their interest but advise only those selected for an interview will be contacted.