Junior Cybersecurity Analyst - Toronto, Canada - Toronto Transit Commission

Toronto Transit Commission

Verified Company

Toronto, Canada

2 weeks ago

Posted by:

Sophia Lee

beBee Recruiter

Description

JOB INFORMATION

Requisition ID: 9115

Number of Vacancies: 1

Department:
Information Technology Services

Salary Information:
$70,725 - $88,415.60

Pay Scale Group: 07SA

Employment Type:
Regular

Weekly Hours: 35,
Off Days: Saturday and Sunday
Shift: Day

Posted On:
February 14, 2024

Last Day to Apply:
March 3, 2024

The Toronto Transit Commission (TTC) is North America's third largest transit system and has been recognized as one of the top places to work in the GTA.

Guided by a forward-thinking strategic plan, the TTC's vision is to be a transit system that makes Toronto proud.

The TTC's recruitment efforts are directly aligned to its mission of providing "a reliable, efficient, and integrated bus, streetcar and subway system that draws its high standards of customer care from our rich traditions of safety, service and courtesy.

"

Information Technology Services (ITS)

New Grad Opportunity:
Junior Cybersecurity Analyst**
General Accountability

Key Job Functions

Duties include:

Contribute to comprehensive security risk assessments of new and existing information systems, networks and infrastructure to identify potential vulnerabilities, threats, and risks;
Contribute to evaluation and benchmarking of TTC's cybersecurity capabilities in line with NIST Cybersecurity Framework and develop plans to prioritize actions and investments required to improve capabilities to industry best practices;
Recommend controls to mitigate security risks identified through the risk assessment process and communicate risk findings that are clear and actionable by relevant stakeholders;
Contribute to development and implementation of cybersecurity training programs that align with TTC's cybersecurity policies, standards and procedures;
Create and manage metrics framework that effectively measures employee compliance with information security policies, maintain minimum agreed security awareness training completion rates;
Ensure security awareness trainings, communications, and marketing are engaging and are aligned to the leading practices in cyber security;
Conduct cybersecurity training sessions for new hires and ongoing training for existing employees;
Conduct research and factfinding exercises for maintaining and revising related technologies, policies, guidelines, processes, procedures and standards;
Ensure security awareness information and documentation are timely updated, reflecting the latest security trends and threats as well as compliance requirements;
Assess effectiveness of cybersecurity awareness program and the existing practices and make recommendations for continuous improvement;
Prepare and present various reports relating to areas of responsibility;
Collaborate with internal and external auditors to facilitate security audits and assessments;
Perform periodic gap assessments of the information security program to validate compliance on an ongoing basis, facilitate remediation of control gaps and escalates critical issues to leadership;
Perform 3rd party due diligence (initial risk assessment before commencement of services and ongoing riskbased monitoring) for adherence to TTC security standards;
Review of information security sections of procurement documents (e.g. RFI/RFP, MPSA, Contracts, and POs) identify gaps, and recommend security and data privacy content to close gaps.
Maintain inventory of relevant suppliers/vendors, controls, and risks for ongoing vendor risk management activities
Work collaboratively with stakeholders and vendors, as well as crossfunctional teams, including information technology (IT), operational technology (OT), legal, compliance, and business units, to ensure effective risk management and security governance
Participate in incident investigations for potential compliance violations to identify the cause and adjust applicable program, policies or training
Provide support for various Cybersecurity program initiatives as required
Participate in disaster recovery and business continuity planning
Assist in supporting other tasks and activities required by the Information Security team

- promotes a respectful work and service environment that supports diversity, inclusion, and is free from harassment and discrimination. Provides leadership in the development and implementation of inclusive and accessible policies, programs and/or services for employees and customers in accordance with TTC's commitments and obligations under the Ontario Human Rights Code (OHRC) and Related Orders, the Accessibility for Ontarians with Disabilities Act (AODA), and TTC's policies.
- performs related duties as assigned.

Skills