Senior Cybersecurity Consultant

ONxpress Operations Inc. (OOI) is shaping the future of transit in the Greater Golden Horseshoe area. With a long-term partnership with Metrolinx, OOI will oversee the operations and maintenance of the GO Transit rail network and Union Pearson Express, as part of the groundbreaking GO Expansion program. Supported by global leaders Deutsche Bahn International Operations and Aecon, we are driving the transformation of one of North America's largest transit networks. Our mission is to deliver faster, more reliable, safe and sustainable rail services through innovative technology and a commitment to excellence, giving you the opportunity to be a part of the next generation of transportation.

Accountability:

Reporting to the Lead Cybersecurity Governance Risk and Compliance (GRC), the Sr. Cybersecurity Consultant is responsible for providing subject matter expertise (SME) to the governance, risk, compliance, training and awareness, vulnerability management activities of the Cybersecurity program. 

• Support and implement Cybersecurity governance for the ONxpress, ensuring adherence to policies, procedures, and standards.
• Adopt GRC tool to manage process Cybersecurity Governance, Risk and Compliance across the ONxpress
• Author and refresh Cybersecurity policies, standards, processes and guidelines and ensure they align with Cybersecurity framework.
• Evaluate, optimize, and mature Cybersecurity procedures and controls.
• Work closely with IT and business owners to ensure key information security risks and issues are identified, addressed and resolved in a timely manner.
• Monitor and report control gaps, including documenting and communicating findings with key stakeholders.
• Create content for ONxpress Cybersecurity training and awareness campaign.
• Support Vulnerability management activities and remediation 
• Mature the GRC program with ongoing trends and changes within the GRC community
• Support Compliance Assessment activities 
• Perform and measure Threat, Risk and Compliance assessments on new and existing systems, processes, and technology.
• Performs periodic gap assessments to validate internal compliance on an ongoing basis
• Create Cybersecurity metrics
• Performs other duties as assigned, in accordance with Branch and Department objectives.

Education & Qualifications:

• Successful completion of a university degree or college diploma in Engineering, Computer Science or a related field.

Certifications or Designations:

• Preferred One or more of Cybersecurity certifications including CISSP, CISM, CRISC, CGEIT

Experience:

• Minimum 10 years of professional experience in a Cybersecurity GRC role.
• Ability to champion a security program and best practices across the enterprise alongside various business stakeholders.
• Experience in working with internal and external stakeholders
• Demonstrated knowledge on security standards and best practices including SCF, SOC 1/2, NIST CSF, ISF, ISO2700X as well as privacy regulations

Competencies:

• A deep understanding of how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
• Ability to identify cybersecurity and privacy issues that stem from connections with internal and external customers and partner organizations.
• Proficiency in executing and managing a variety of tasks, problems and programs.
• Ability to work in a fast paced, dynamic and flexible hybrid office environment.
• Ability to persuade, convince, influence behavior.
• Ability to lead and work in a multi-team environment and drive completion of deliverables.
• Information seeking – ability to acquire, analyze, document and communicate information relevant to the achievement of valued goals.
• Strategic business thinking - ability to apply technical knowledge and experience to making management decisions for maximizing business objectives.
• Team leadership – ability to take a role of strategic advisor, guide and mentor of the team.
• Ability to assess enterprise risk with proper recommendation in remediation.
• Knowledge of and demonstrated ability in corporate core competencies including customer service, communication, team-work, initiative/self-management, accountability, flexibility and adaptability.

Why Work with Us?

• We offer a competitive compensation package including competitive salary, incentive pay and health benefits.
• We have an open and approachable culture that enables you to bring your best ideas forward.
• We offer flexible working arrangements to support your need to balance life at work and at home.

Privacy Notice: ONxpress Operations Inc. ("OOI"), safeguards the privacy of candidates and users of this career portal. We collect, use, and disclose personal information of job candidates solely for recruitment purposes, including, but not limited to, assessing qualifications, conducting background checks, communicating with applicants, and complying with legal obligations. Your information may be shared within OOI, and third-party recruiters within Canada and potentially in other jurisdictions to facilitate the recruitment process. We retain your data only as long as necessary and protect it according to our policies. For more information on how OOI collects, uses and discloses your personal information please review our Privacy Policy here. 

Accommodation: At OOI, we celebrate diversity and strive to create an inclusive environment where everyone feels valued and respected. We encourage individuals from all backgrounds to apply, including women, visible minorities, Indigenous peoples, persons with disabilities, and individuals of any sexual orientation or gender identity. If you require accommodation at any stage of the application process, please reach out to us at careers@onxpress.com. OOI will consult with all applicants seeking accommodation during the recruitment process to ensure accommodation is provided in accordance with applicable legislation and is tailored to meet each applicant’s specific needs.