CN is looking for an Information Security GRC (Governance, Risk & Compliance) specialist to help sustain and grow our Information Security Compliance responsibilities .
Reporting to the Senior Manager GRC , the specialist will primarily be responsible for supporting Sarbanes-Oxley (SOX) regulatory compliance and other compliance management activities relating to cybersecurity and the Information Security program. The specialist will act as Subject Matter Expert (SME) for Information Security subjects including, but not limited to: SOX IT General Controls compliance and understanding Information Security regulatory frameworks such as Payment Card Industry (PCI), Transportation Security Association (TSA), and others; compiling and reporting associated metrics and compliance evidence; project support and GRC processes consulting; owning, managing, reporting, and auditing compliance against Information Security controls.
·Assess and challenge the effectiveness of Information Security requirements and controls by working collaboratively with system owners and other stakeholders.
·Provide primary leadership on maintaining, supporting, and operating the CN Information Security GRC framework, including ensuring regulatory compliance within the I&T business unit, management of security related policies, and constant evolution to adapt to business requirements.
·Communicate, oversee, and support security recommendations to meet business objectives in a proactive and pragmatic manner, ensuring an appropriate level of engagement with clients to ensure success.
·Ensure that adequate and effective Information Security controls are documented and followed.
·Collaborate withGRC Risk SMEs to ensure that any identified risks are appropriately logged and managed.
·Report on Information Security compliance, and their relationship with business impacts.
·Provide guidance during the assessment and/or review of new IT solution and/or new and existing technology to maintain compliance with regulatory (g., Sarbanes Oxley, PCI, SWIFT, etc.) and security requirements.
·Interact with other cybersecurity teams and various I&T entities as necessary to understand, apply, and enforce security requirements.
Requirements
Experience
·5+ years of experience in an Information Security / cybersecurity / compliance / IT Audit role
·Practical experience tracking and reporting KPIs/KRIs
·Previous experience in ensuring compliance with SOX IT General Controls or other IT controls is an asset
·Experience with GRC tools, ServiceNow, and/or Power BI is a plus
Education/Certification/Designation
Possess a Bachelor's Degree in an IT discipline or a related field -or- equivalent work experience.
Professional Designation in Information Security compliance or Security such as Certified Information Systems Auditor (CISA), Certified in the Governance of Enterprise IT (CGEIT), and/or other related designations.
Technical Skills/Knowledge
·Broad knowledge of Information Security processes and functions including risk management, vulnerability management, access management, and secure development
·Strongknowledge and practical experience applying standards, frameworks, regulations, and legislation governing Information Security and privacy, e.g. NIST, ISO 27001, COBIT, SOX, PIPEDA
·Knowledge and practical experience developing, managing, and updating Information Security policies, standards, procedures, and other documentation
·Knowledge and general understanding of IT and OT security controls and control models.
General Skills and Competencies
·Integrity with high ethical standards
·Effective communication and interaction with others
·Teamwork & collaboration in order to achieve common goals
·Flexible in order to effectively manage multiple assignments and adapt to changing prioritiesAt CN, we are dedicated to building North America's safest, most inclusive and sustainable railroad, which includes reflecting the communities in which we operate. Research shows that candidates from underrepresented groups often don't apply unless they feel they fit the job posting at 100%. Even if you don't see yourself in every job requirement listed in a posting, we still encourage you to apply. If you require an accommodation for the recruitment process (including alternate formats of materials, accessible meeting rooms or other accommodations), please reach out to our team at cnrecruitment@cn.ca.
As an equal employment opportunity employer, all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, and other protected status as required by applicable law. We thank all applicants for their interest, however, only candidates under consideration will be contacted. Please monitor your email on a regular basis, as communication is primarily made through email.