détails d'emploi
Do you have 7+ years’ experience in information security, including working with large security projects? Do you have 7+ years’ experience in OT environments and understanding the unique governance, risks and compliance requirements of OT systems and operations? If so, this would be a great opportunity for you!
...
Our client is looking for a Senior Security Specialist for a 6 month contract in Toronto.
This is a hybrid role 2 days per week onsite.
Advantages
· Hybrid role: 2 Days onsite / 3 days remote
· Earn a competitive rate within the industry
Responsibilities
• Lead efforts to expand and improve cybersecurity governance and compliance in both IT and OT environments. This includes ensuring that OT security aligns with Metrolinx’s overall cybersecurity strategy, policy development, and risk management.
• Supporting annual PCI assessments by working with Qualified Security Assessors (QSAs) internal security teams, and business units to validate compliance and address findings to ensure that Metrolinx’s payment systems meet the required PCI compliance status.
• Develop and update critical governance documents such as security policies, standards, and procedures for both IT and OT environments. Ensure these documents are aligned with best practices, industry standards, and regulatory requirements (e.g., PCI-DSS, ISO 27001, NIST, ISA/IEC 62443, CIS controls).
• Lead the creation, review, and approval of cybersecurity policies and standards, working with relevant teams to ensure these documents are comprehensive, up to date, and applicable across both IT and OT environments.
• Manage security documentation and audit artifacts to maintain accuracy, completeness and controlled access for cybersecurity governance.
• Work closely with IT, business teams, product delivery, digital transformation, infrastructure, vendors, internal and external audit committees to align security strategies and remediate risks.
• Assist GRC team in designing security-compliant solutions and provide expert consultation on security threats and controls
• Foster collaboration across teams by effectively communicating complex security concepts in an accessible and actionable way, ensuring alignment with security policies and standards.
• Work with project teams as a cybersecurity SME to recommend and implement security controls to address identified risks.
• Ongoing compliance work related to regulatory requirements and/or compliance with Metrolinx standards.
• Develop the security process, procedure, governance artifacts and security controls within the Cybersecurity Risk Management and Governance/Compliance Programs.
• Assist with security audits and threat/risk assessments to ensure compliance with security policies, standards and procedures, and work with business/technical/operational areas in taking corrective actions on any identified security exposures and remediation progress.
• Communicate regularly with cybersecurity teams, internal stakeholders, project teams and representatives from various functional teams, including escalating any matters to senior team members that require additional analysis.
• Participate in the cybersecurity awareness programs to educate employees, contractors, and stakeholders on security best practices and compliance requirements.
• Collaborate with teams to ensure security awareness materials are tailored to address Metrolinx’s specific risks and regulatory needs.
Qualifications
Must Haves:
• 7+ years’ experience in information security, including working with large security projects
• 7+ years’ experience in OT environments and understanding the unique governance, risks and compliance requirements of OT systems and operations
• Expertise in security governance, risk management, and compliance, including developing road maps, policies, standards, procedures and processes
• Strong understanding of cybersecurity, governance, risk, and compliance (GRC) frameworks and regulatory requirements. (PCI-DSS, NIST, ISO 27001)
REQUIRED EXPERIENCE/SKILLS:
• A minimum of seven (7+) years of experience in information security. Including working with large security projects.
• Experience in OT environments and understanding the unique governance, risks and compliance requirements of OT systems and operations.
• Strong understanding of cybersecurity, governance, risk, and compliance (GRC) frameworks and regulatory requirements. (PCI-DSS, NIST, ISO 27001).
• Strong communication, interpersonal and presentation skills for engaging with diverse stakeholders
• Expertise in security governance, risk management, and compliance, including developing road maps, policies, standards, procedures and processes.
• Proven experience in contractual security requirements and third-party risk management through RFP processes and vendor evaluations throughout procurement life cycle.
• Ability to work in cross-functional teams, communicating complex technical information to all levels of the organization, including the leadership team.
• Proficient in cybersecurity risk management and third-party risk management tools (e.g., ServiceNow, One Trust, Audit Board).
• Experience with development of security processes, procedures and standards documentation.
• Strong time management skills and the ability to prioritize project work and ongoing responsibilities.
• Strong reporting and presentation skills, with the ability to communicate security risks and compliance status to executives and stakeholders.
• Self-motivated with the ability to work independently in a fast-paced environment in a fast-paced environment.
• Proficiency with standard Microsoft Office tools such as Word, Excel, PowerPoint, PowerBI, Visio and O365 SharePoint.
Summary
If you are interested in the Senior Security Specialist in Toronto, please apply online at www.randstad.ca. Qualified candidates will be contacted.
Randstad Canada is committed to fostering a workforce reflective of all peoples of Canada. As a result, we are committed to developing and implementing strategies to increase the equity, diversity and inclusion within the workplace by examining our internal policies, practices, and systems throughout the entire lifecycle of our workforce, including its recruitment, retention and advancement for all employees. In addition to our deep commitment to respecting human rights, we are dedicated to positive actions to affect change to ensure everyone has full participation in the workforce free from any barriers, systemic or otherwise, especially equity-seeking groups who are usually underrepresented in Canada's workforce, including those who identify as women or non-binary/gender non-conforming; Indigenous or Aboriginal Peoples; persons with disabilities (visible or invisible) and; members of visible minorities, racialized groups and the LGBTQ2+ community.
Randstad Canada is committed to creating and maintaining an inclusive and accessible workplace for all its candidates and employees by supporting their accessibility and accommodation needs throughout the employment lifecycle. We ask that all job applications please identify any accommodation requirements by sending an email to accessibility@randstad.ca to ensure their ability to fully participate in the interview process.
voir plus
Do you have 7+ years’ experience in information security, including working with large security projects? Do you have 7+ years’ experience in OT environments and understanding the unique governance, risks and compliance requirements of OT systems and operations? If so, this would be a great opportunity for you!
Our client is looking for a Senior Security Specialist for a 6 month contract in Toronto.
This is a hybrid role 2 days per week onsite.
Advantages
· Hybrid role: 2 Days onsite / 3 days remote
· Earn a competitive rate within the industry
Responsibilities
• Lead efforts to expand and improve cybersecurity governance and compliance in both IT and OT environments. This includes ensuring that OT security aligns with Metrolinx’s overall cybersecurity strategy, policy development, and risk management.
• Supporting annual PCI assessments by working with Qualified Security Assessors (QSAs) internal security teams, and business units to validate compliance and address findings to ensure that Metrolinx’s payment systems meet the required PCI compliance status.
...
• Develop and update critical governance documents such as security policies, standards, and procedures for both IT and OT environments. Ensure these documents are aligned with best practices, industry standards, and regulatory requirements (e.g., PCI-DSS, ISO 27001, NIST, ISA/IEC 62443, CIS controls).
• Lead the creation, review, and approval of cybersecurity policies and standards, working with relevant teams to ensure these documents are comprehensive, up to date, and applicable across both IT and OT environments.
• Manage security documentation and audit artifacts to maintain accuracy, completeness and controlled access for cybersecurity governance.
• Work closely with IT, business teams, product delivery, digital transformation, infrastructure, vendors, internal and external audit committees to align security strategies and remediate risks.
• Assist GRC team in designing security-compliant solutions and provide expert consultation on security threats and controls
• Foster collaboration across teams by effectively communicating complex security concepts in an accessible and actionable way, ensuring alignment with security policies and standards.
• Work with project teams as a cybersecurity SME to recommend and implement security controls to address identified risks.
• Ongoing compliance work related to regulatory requirements and/or compliance with Metrolinx standards.
• Develop the security process, procedure, governance artifacts and security controls within the Cybersecurity Risk Management and Governance/Compliance Programs.
• Assist with security audits and threat/risk assessments to ensure compliance with security policies, standards and procedures, and work with business/technical/operational areas in taking corrective actions on any identified security exposures and remediation progress.
• Communicate regularly with cybersecurity teams, internal stakeholders, project teams and representatives from various functional teams, including escalating any matters to senior team members that require additional analysis.
• Participate in the cybersecurity awareness programs to educate employees, contractors, and stakeholders on security best practices and compliance requirements.
• Collaborate with teams to ensure security awareness materials are tailored to address Metrolinx’s specific risks and regulatory needs.
Qualifications
Must Haves:
• 7+ years’ experience in information security, including working with large security projects
• 7+ years’ experience in OT environments and understanding the unique governance, risks and compliance requirements of OT systems and operations
• Expertise in security governance, risk management, and compliance, including developing road maps, policies, standards, procedures and processes
• Strong understanding of cybersecurity, governance, risk, and compliance (GRC) frameworks and regulatory requirements. (PCI-DSS, NIST, ISO 27001)
REQUIRED EXPERIENCE/SKILLS:
• A minimum of seven (7+) years of experience in information security. Including working with large security projects.
• Experience in OT environments and understanding the unique governance, risks and compliance requirements of OT systems and operations.
• Strong understanding of cybersecurity, governance, risk, and compliance (GRC) frameworks and regulatory requirements. (PCI-DSS, NIST, ISO 27001).
• Strong communication, interpersonal and presentation skills for engaging with diverse stakeholders
• Expertise in security governance, risk management, and compliance, including developing road maps, policies, standards, procedures and processes.
• Proven experience in contractual security requirements and third-party risk management through RFP processes and vendor evaluations throughout procurement life cycle.
• Ability to work in cross-functional teams, communicating complex technical information to all levels of the organization, including the leadership team.
• Proficient in cybersecurity risk management and third-party risk management tools (e.g., ServiceNow, One Trust, Audit Board).
• Experience with development of security processes, procedures and standards documentation.
• Strong time management skills and the ability to prioritize project work and ongoing responsibilities.
• Strong reporting and presentation skills, with the ability to communicate security risks and compliance status to executives and stakeholders.
• Self-motivated with the ability to work independently in a fast-paced environment in a fast-paced environment.
• Proficiency with standard Microsoft Office tools such as Word, Excel, PowerPoint, PowerBI, Visio and O365 SharePoint.
Summary
If you are interested in the Senior Security Specialist in Toronto, please apply online at www.randstad.ca. Qualified candidates will be contacted.
Randstad Canada is committed to fostering a workforce reflective of all peoples of Canada. As a result, we are committed to developing and implementing strategies to increase the equity, diversity and inclusion within the workplace by examining our internal policies, practices, and systems throughout the entire lifecycle of our workforce, including its recruitment, retention and advancement for all employees. In addition to our deep commitment to respecting human rights, we are dedicated to positive actions to affect change to ensure everyone has full participation in the workforce free from any barriers, systemic or otherwise, especially equity-seeking groups who are usually underrepresented in Canada's workforce, including those who identify as women or non-binary/gender non-conforming; Indigenous or Aboriginal Peoples; persons with disabilities (visible or invisible) and; members of visible minorities, racialized groups and the LGBTQ2+ community.
Randstad Canada is committed to creating and maintaining an inclusive and accessible workplace for all its candidates and employees by supporting their accessibility and accommodation needs throughout the employment lifecycle. We ask that all job applications please identify any accommodation requirements by sending an email to accessibility@randstad.ca to ensure their ability to fully participate in the interview process.
voir pluspartager l'offre d'emploi
