Analyst, Cybersecurity Risk Management - Toronto, Canada - Toronto Transit Commission

Toronto Transit Commission

Verified Company

Toronto, Canada

1 week ago

Posted by:

Sophia Lee

beBee Recruiter

Description

JOB INFORMATION

Requisition ID: 9327

Number of Vacancies: 1

Department:
Information Technology Services Information Security Office

Salary Information:
$88, $110,401.20

Pay Scale Group: 09SA

Employment Type:
Regular

Weekly Hours: 35
Off Days: Saturday and Sunday
Shift:

Posted On:
April 8, 2024

Last Day to Apply:
April 21, 2024

Reports to:
Director, Cybersecurity Risk Management

The Toronto Transit Commission (TTC) is North America's third largest transit system and has been recognized as one of the top places to work in the GTA.

Guided by a forward-thinking strategic plan, the TTC's vision is to be a transit system that makes Toronto proud.

The TTC's recruitment efforts are directly aligned to its mission of providing "a reliable, efficient, and integrated bus, streetcar and subway system that draws its high standards of customer care from our rich traditions of safety, service and courtesy.

"

Career Opportunity
A great opportunity within the Information Technology Services to work on Cybersecurity Initiatives.

What You Will Do

Reporting to the Director, Cybersecurity Risk Management, the Analyst Cybersecurity Risk Management is responsible for reducing information security and cybersecurity risks to the Information Technology (IT) of the TTC.

The incumbent supports the risk mitigation efforts through conducting risk assessments, establishing and maintaining governance and compliance standards, creating, communicating, and enforcing information security policies and providing recommendations on risk management strategies.

The incumbent executes and administers security solutions/systems consistent with regulations and established frameworks and may lead relevant implementation projects and is also responsible for promoting cybersecurity awareness throughout the TTC.

The incumbent is also responsible for promoting cybersecurity awareness throughout the TTC.

You will be responsible for Security Risk Assessment and Governance and Compliance where you will conduct comprehensive security risk assessments of new and existing information systems, networks and infrastructure to identify potential vulnerabilities, threats, and risks, evaluate and benchmark TTC's cybersecurity capabilities in line with NIST Cybersecurity Framework and develop plans to prioritize actions and investments required to improve capabilities to industry best practices recommend controls to mitigate security risks identified through the risk assessment process and communicate risk findings that are clear and actionable by relevant stakeholders, conduct Threat Risk Assessment (TRA) (e.g.

Harmonized Threat and Risk Assessment (HTRA) methodology) and populate Risk Register with ongoing risks to the organization, develop, enhance and communicate security governance frameworks policies, standards and procedures across the TTC, define and operationalize data classification standard to classify and label data and files and define security controls baseline for classified data, and esign and document technical, administrative, and physical controls to ensure the business demonstrates compliance, ensuring that the TTC meets both the requirements and intent of its regulatory and compliance obligations.

You will also be responsible for Third Party Supplier and Vendor Risk Management where you will perform 3rd party / vendor risk assessments to ensure supply chain risk is managed throughout the supplier's lifecycle, 3rd party due diligence (initial risk assessment before commencement of services and on-going risk-based monitoring) for adherence to TTC security standards and articulate results of the final assessments to business stakeholders, project sponsors, program managers, and other internal parties.

In addition to the above work collaboratively with cross-functional teams, including IT, OT, legal, compliance, and business units, to ensure effective risk management and security governance, support, develop, and administer GRC systems for Information Security and responsible for treating passengers and/or employees with respect and dignity and ensuring the needs of passengers or employees with disabilities are accommodated and/or addressed (if applicable and within their area of responsibility) in accordance with the Ontario Human Rights Code and Related Orders so that they can fully benefit from the TTC as a service-provider and an employer and perform related duties as assigned.

What Qualifications Do You Bring?

University degree in Computer Science, Information Security, Cybersecurity, or a related field as well as several years of Cybersecurity risk management experience or the equivalent combination of education and experience.
Several years of relevant Cybersecurity experience in Governance, Risk and Compliance
Several years of Information Technology experience in Microsoft and Linux platforms
Experience with security frameworks (su