Your application
Now you can easily start the application process online.
Apply nowJob description
Accountability
Reporting to the Lead Cybersecurity Governance Risk and Compliance (GRC), the consultant is responsible for providing subject matter expertise (SME) to the governance, risk and compliance management activities of the Cybersecurity program. As a consultant, you will work on ONxpress efforts to mature Governance, Risk and Compliance(GRC) aligned to modern security risks.
Responsibility
- Support and implement Cybersecurity Risk Management framework for the ONxpress, ensuring adherence to policies, procedures, and standards.
- Adopt GRC tool to manage process Cybersecurity Governance, Risk and Compliance across the ONxpress
- Document and enhance Cybersecurity Governance, Risk Management and Compliance activities to ensure they align with Cybersecurity framework.
- Evaluate, optimize, and mature Cybersecurity Risk management procedures and controls.
- Work closely with IT and business owners to ensure key information security risks and issues are identified, documented, addressed and resolved in a timely manner.
- Monitor and report control gaps, including documenting and communicating findings with key stakeholders.
- Support Third Party Risk Management(TPRM) program and the monitoring of third parties’ adherence to Cybersecurity and privacy obligations.
- Support mature the GRC Risk management program with ongoing trends and changes within the GRC community
- Support Risk Assessment and Audit activities
- Perform and measure Threat, Risk and Compliance assessments on new and existing systems, processes, and technology.
- Performs periodic gap assessments to validate internal compliance on an ongoing basis.
- Performs other duties as assigned, in accordance with Branch and Department objectives.
- Section 3: Requirements
- Education & Qualifications
- Successful completion of a university degree or college diploma in Engineering, Computer Science or a related field.
Experience
- Minimum 10 years of professional experience in a Cybersecurity GRC role.
- Ability to champion a GRC program and best practices across the enterprise alongside various business stakeholders.
- Experience in working with Risk management framework
- Demonstrated knowledge on security standards and best practices including SOC 2, NIST CSF, ISF, ISO2700X as well as privacy regulations
Competencies & Skills
- A deep understanding of how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
- Ability to identify cybersecurity and privacy issues that stem from connections with internal and external customers and partner organizations.
- Proficiency in executing and managing a variety of tasks, problems and programs.
- Ability to work in a fast paced, dynamic and flexible hybrid office environment.
- Ability to assess enterprise risk with proper recommendation in remediation.
- Ability to persuade, convince, influence behavior.
- Ability to lead and work in a multi-team environment and drive completion of deliverables.
- Information seeking – ability to acquire, analyze, document and communicate information relevant to the achievement of valued goals.
- Strategic business thinking - ability to apply technical knowledge and experience to making management decisions for maximizing business objectives.
- Team leadership – ability to take a role of strategic advisor, guide and mentor of the team.
- Knowledge of and demonstrated ability in corporate core competencies including customer service, communication, team-work, initiative/self-management, accountability, flexibility and adaptability.
Certifications or Designations
Preferred One or more of Cybersecurity certifications including CISSP, CISM, CRISC, CGEIT
Data are loading ...
Just a moment please ...
Its taking you too long?
Shorten the loading time by adding search terms or filters.
We are sorry. The amount of data is too large.
Narrow your search and speed up loading time.
About us
Who We AreONxpress Transportation Partners (ONxpress) was chosen by Metrolinx and Infrastructure Ontario (IO) to enter the Development Phase of the On-Corridor Works project – the largest project in Metrolinx’s GO Expansion. Unprecedented in its scale and complexity, this multi-billion dollar capital program will transform the GO regional rail network with electrification, more frequent service, shorter journey times and a more modernized system for the Greater Toronto and Hamilton Area.
Apply with ease!
Create profile
Provide personal details and answer job specific questions
Upload resume
Review and send application
Disclaimer
Why Work with Us?
- We offer a competitive compensation package including competitive salary, incentive pay and health benefits.
- We have an open and approachable culture that enables you to bring your best ideas forward.
- We offer flexible working arrangements to support your need to balance life at work and at home.
Privacy Notice: ONxpress Operations Inc. (“ONxpress”), a member of the Deutsche Bahn group of companies, is committed to protecting the privacy of our candidates and users of this career portal. By applying to a position through this career portal, you acknowledge and agree that your personal information will be accessible only by ONxpress and the Deutsche Bahn group of companies to enable them to provide you with recruitment services and for the purposes of business development, systems development, and testing.
ONxpress fosters diversity, inclusion and belonging within and across our organization. We welcome all to apply including, women, visible minorities, Indigenous peoples, persons with disabilities, and persons of any sexual orientation or gender identity.
If you require accommodation during any step of the application process, please click here.
Go