Analyst, Industrial Cybersecurity - Toronto, Canada - Toronto Transit Commission

Toronto Transit Commission

Verified Company

Toronto, Canada

1 week ago

Posted by:

Sophia Lee

beBee Recruiter

Description

JOB INFORMATION

Requisition ID: 9326

Number of Vacancies: 1

Department:
Information Technology Services Information Security Office

Salary Information:
$88, $110,401.20

Pay Scale Group:

Employment Type:
Regular

Weekly Hours: 35
Off Days: Saturday and Sunday
Shift:

Posted On:
April 8, 2024

Last Day to Apply:
April 21, 2024

Reports to:
Director, Industrial Cybersecurity

The Toronto Transit Commission (TTC) is North America's third largest transit system and has been recognized as one of the top places to work in the GTA.

Guided by a forward-thinking strategic plan, the TTC's vision is to be a transit system that makes Toronto proud.

The TTC's recruitment efforts are directly aligned to its mission of providing "a reliable, efficient, and integrated bus, streetcar and subway system that draws its high standards of customer care from our rich traditions of safety, service and courtesy.

"

Career Opportunity
A great opportunity within the Information Technology Services to work on Cybersecurity initiatives.

What You Will Do

General responsibilities of this position include OT security governance, providing budgetary estimates, conducting audits, providing visibility into OT risks, OT business continuity, conducting OT based cybersecurity maturity assessments and setting up cybersecurity standards and policies related to OT infrastructure and technologies.

Ensures compliance to standards throughout the organization and remaining up to date on all matters relevant to security technology issues.

Works with key internal OT groups and external security vendors to support the effective OT cybersecurity initiatives for the TTC.

The incumbent is also responsible for promoting a culture of cybersecurity throughout the TTC.

You will be responsible for OT Security Governance, Maturity Assessments, Audits, and Compliance and OT Risk management where you will contribute to OT maturity assessments based on industry leading frameworks such as NIST or IEC 62443 across people, process and technology domains, prepare the findings report, share the results and provide visibility to senior leadership across the organization, contribute to setting security standards and policies for OT aligned with IT, provide OT assets security requirements in the following areas - routers, firewalls, LANs, WANs, VPNs, PLCs, HMIs, SCADA, investigate alerts, triage, perform deep dive and come up with proper action items and remediation plans, support incident handling as defined in playbooks and standard operating procedures and follow-up on remediation actions and maintain knowledge of current cyber threat actor tools, techniques, and procedures (TTPs).

You will also be responsible for Vulnerability management and Patching Cadence and Incident Response where you will contribute to running scans across the network for various IT assets recommend patches needed to maintain the currency of the underlying systems, work closely with the OT teams to do deploy patches for vulnerabilities across all asset classes and generate reports for patching cadence, support cyber incident response actions to ensure proper assessment, containment, mitigation and documentation, participate as part of a larger incident response team, providing analysis and support to the incident commander for large investigations and take ownership of investigation, provide relevant analysis and reporting, and coordinate remediation for small security incidents and perform advanced network forensics, including, but not limited to, network logging, network anomaly and Packet Capture (PCAP) analysis.

In addition to the above you will be responsible for treating passengers and/or employees with respect and dignity and ensuring the needs of passengers or employees with disabilities are accommodated and/or addressed (if applicable and within their area of responsibility) in accordance with the Ontario Human Rights Code and Related Orders so that they can fully benefit from the TTC as a service-provider and an employer and perform related duties as assigned.

What Qualifications Do You Bring?

University Degree in Computer Science, Information Security, Cybersecurity, or a related field as well as several years of cybersecurity experience as well as experience in Microsoft and Linux platform environment or the equivalent combination of education and experience.
Demonstrate a current and working knowledge of Information Security bestpractices, methodologies, and techniques.
Experience dealing with security events related to malware, security log analysis (SIEM), EDR/MDR/NDR Tools, vulnerability and patch management, and the Incident Response (IR) process.
Experience with intelligence analysis processes and cyber investigation.
Indepth understanding of networking principles including TCP/IP, WANs, LANs, and commonly used Internet protocols such as SMTP, HTTP, FTP, POP and LD