- Align third party information security with organizational business goals
- Oversee a broad range of Information Security activities related to third party suppliers, solutions, subsidiaries and customers, including large outsourcing initiatives (e.g. I&T infrastructure and help desk managed services)
- Develop and maintain a set of policies & guidelines specific to protecting CN's assets where they are accessed or managed by third parties
- Create and maintain a TPRM practice, including a framework for evaluating and managing third party risk
- Ensure information security requirements are integrated with procurement processes
- Identify, assess, and report critical and high risks involving third parties
- Manage and escalate incidents such as a material control weaknesses and security breaches and working with the Security Operations Centre (SOC) as required
- Report critical non-compliances and high risks to the appropriate business stakeholders
- Write and negotiate contractual terms internally and with external partners and suppliers to ensure CN's business goals are met relating to information security
- Ensure CN's Information Security policies & guidelines related to third parties meet regulatory requirements for security and privacy protection (e.g. Drive action across various internal and external stakeholders by communicating technical and process requirements
- Provide leadership and expertise on matters relating to third party information security to various internal stakeholders, including I&T, Procurement, Internal Audit, Legal, Facilities Management, and Insurance teams
- The Expert, Information Security Third Party Risk Management implements the governance, risk, and compliance capabilities required to bring Information Security risks involving third party suppliers, solutions, subsidiaries, and customers to acceptable levels required to enable to enable the organization to achieve its business objectives.
- Demonstrated capability to understand the security implications of complex business operations and how they are linked to technological solutions that provide practical risk mitigation and business enablement
- Sufficient knowledge on matters relating to third party information security
- Able to lead initiatives to completion with minimal management oversight
- Experience with contract and supplier negotiations
- Able to multi-task and work effectively across multiple organizational units
- Strong understanding of regulatory requirements including SOX, PIPEDA, HIPAA and TSA
- Ability to translate complex technical topics into simple business language for business audiences
- Experience developing and delivering executive level presentations
- Relationship management skills
- Minimum 5 years experience in Information Security
- 10-15 years overall work experience
- Assets
- Occasional business travel (Canada and US) in accordance with CN policy
-
Air Expert
1 hour ago
Travel Edge Toronto, Canada**Travel Edge** is the largest luxury-focused travel agency in North America with over 750 advisors, planners and travel experts specializing in Leisure, Corporate & Events travel. At Travel Edge we believe in the power of travel, our people, the technology they use, and giving b ...
-
Iam Expert
5 days ago
Sopra Steria I2S Toronto, CanadaWe are seeking a highly experienced IAM expert to join our team of cybersecurity architects and business analysts. You will act as an technical advisor in a team responsible for conducting IAM assessments and developing IAM and zero-trust roadmaps. · You should possess an extensi ...
-
Travel Expert
3 days ago
Sunwing Travel Group Toronto, Canada**Join us in making vacation dreams come true** · **** · **The Opportunity**** · Are you searching for a fun, passionate travel loving team? -Sunwing has the EPIC work culture you have been searching for_. We are_ currently_ _looking _for a _**Travel Expert** **_to join us in mak ...
-
Styling Expert
3 days ago
Dyson Ontario, Canada**Summary**: · **Salary**: · Competitive · Team: · Retail · **Location**: · Canada - Ontario Remote · WHO ARE WE? · Dyson is a global technology enterprise. We're growing fast and our ambition is huge - more categories, more locations, and more people. · Dyson launched in Canada ...
-
Media Experts
5 days ago
IPG Mediabrands Toronto, CanadaLocation: Canada · | · Office: Toronto · | · Agency: Media Experts - Canada · | · Ref#: 7238 · **Position Summary** · The Investment department is responsible for flawless digital execution, buying and negotiating rates and value of digital media. The role of the coordinator, Inv ...
-
Media Experts
1 day ago
IPG Mediabrands Toronto, CanadaGeneral information · **Agency**:Media Experts · **Job Function**:Social · **Location**:Toronto, Canada · **Job Ref#**:14792 · - Description & Requirements · **Position Summary** · We are actively seeking for dynamic, best-in-class talent to join the HALO by Matterkind team as a ...
-
Dynatrace Expert
6 days ago
Q1 Technologies, Inc. Toronto, Canada"Skills Required: · - 5+ years of industry experience on Application Performance Monitoring setup and Support · - Dynatrace server and agent administration/configuration/implementation · - Have hands on knowledge of alerting, incidents creation and dashboard creations · - Experie ...
-
Retail Expert
1 day ago
Dyson Toronto, Canada**Summary**: · **Salary**: · Competitive · Team: · Retail · **Location**: · Canada - Toronto Yorkdale Mall Demo Store · About Us · Dyson is a global technology enterprise. We're growing fast and our ambition is huge - more categories, more locations and more people. · Dyson launc ...
-
Delivery Expert
1 week ago
Mondelēz International Toronto, Canada**Are You Ready to Make It Happen at Mondelēz International?** · **Join our Mission to Lead the Future of Snacking. Make It Matter.** · You manage the in-house operations in the Mondelēz International Digital Services Center to ensure impeccable service delivery that satisfies se ...
-
Media Experts
5 days ago
IPG Mediabrands Toronto, CanadaLocation: Canada · | · Office: Toronto · | · Agency: Media Experts - Canada · | · Ref#: 7323 · **Position Summary**: · The role of Planning Account Coordinator is to support the team with the preparation of media plans, recommendations, and analysis. · This role requires you to w ...
-
Technical Expert
22 hours ago
Bombardier Toronto, Canada**Technical Expert - Technical Integration** · **-** · **TOR05692** · **Description** · **BOMBARDIER** · Bombardier is a global leader, creating innovative and game-changing planes. Our products and services provide world-class transportation experiences that set new standards in ...
-
Media Experts
22 hours ago
IPG Mediabrands Toronto, CanadaGeneral information · **Agency**:Media Experts · **Function**:Finance and Accounting · **Location**:Toronto, Canada · **Job Ref#**:16442 · - Description & Requirements · **Position Summary** · **Key Responsibilities** · - Involved in revenue/cost reporting cycle. · - Involved in ...
-
IT Security Expert
5 days ago
Toronto Public Library Toronto, CanadaThe IT Security Expert is responsible for the continuous improvement of TPL's information security · practice, which includes three core functions - performing threat risk assessments, continuous · improvement of the IT security governance practices, and resolving cybersecurity i ...
-
Equipment Expert
1 day ago
Cognizant Technology Solutions Toronto, Canada**Why Choose Cognizant?** · It takes a lot to succeed in today's fast-paced market, and Cognizant Technology Solutions has become a leader in the industry. We love big ideas and even bigger dreams. We stand out because we put human experiences at the core. · Our associates enjoy ...
-
Product Expert
1 day ago
Personify Toronto, Canada**WHO WE ARE** · Are you looking for an inclusive environment, a remote-first opportunity and an employee experience that's engaging, exciting and meaningful? At Personify, our mission is to provide purpose-driven software that anticipates our clients' needs, service that empower ...
-
Retail Expert
3 days ago
Dyson Toronto, Canada**Summary**: · **Salary**: · Competitive · Team: · Retail · **Location**: · Canada - Toronto Yorkdale Mall Demo Store · About Us: · Dyson is a global technology enterprise. We're growing fast and our ambition is huge - more categories, more locations and more people. · Dyson laun ...
-
Media Experts
6 days ago
IPG Mediabrands Toronto, CanadaGeneral information · **Agency**:Media Experts · **Job Function**:Planning · **Location**:Toronto, Canada · **Job Ref#**:14247 · - Description & Requirements · **Position Summary** · The role of a Media Planning Manager is to supervise and manage our integrated media planning pro ...
-
Ai Expert
5 days ago
Isheva Inc Toronto, CanadaI am looking for an AI expert · - 0- 4 years of experience in any Domain · - 5+ Years of experience in health, Finance, Insurance, travel · Job: Remote · Package: We can discuss this after receiving the resume · Language: English · **Benefits**: · - Dental care · - Extended healt ...
-
Product Expert
1 week ago
Personify Toronto, Canada**WHO WE ARE** · At Personify, we build strong connections with our clients so they can build strong connections with their communities. One of the most diversified and fastest-growing technology providers of integrated software solutions, we are innovative leaders in the industr ...
-
Retail Expert
6 days ago
Dyson Toronto, Canada**Summary**: · **Salary**: · Competitive · Team: · Retail · **Location**: · Canada - Toronto Yorkdale Mall Demo Store · **About Us**: · Dyson is a global technology enterprise. We're growing fast and our ambition is huge - more categories, more locations and more people. · Dyson ...
Expert(e) SI - Toronto, ON, Canada - Canadian National Railway
Description
Be part of our Information & Technology (I&T) team, a critical piece of the engine that keeps us in motion.
From enterprise architecture to operational technology, our teams use the agile methodology to automate and digitize our railroad ensuring our operations run optimally and safely and our employees can focus on value-added tasks.
The purpose of this role is to maintain and grow an industry leading Information Security Third Party Risk Management (TPRM) practice to support the mission of empowering the business by building resilience against evolving cyber threats.
This will include program governance, policy and guideline development, risk assessments, information protection contract clauses, continuous monitoring, compliance assessments, regulatory compliance assurance, due diligence and selection processes, technology and tool development and maintenance, cloud transformation, and stakeholder awareness and communication.
This role oversees the development and operations of the third-party security function within CN's Chief Information Security Office (CISO).
It interfaces with a variety of senior stakeholders within I&T and the business in order to develop and influence the required changes for the management of third-party security risks originating from suppliers, customers, subsidiaries, and cloud-based technology tools and platforms, to a level that is manageable and aligned to CN's business risk tolerance.
They are a senior resource with an understanding of how to apply deep technical knowledge while coordinating activities between multiple internal groups and third-party organizations to enable business objectives by ultimately managing risk to a level that is acceptable for the organization.
Practice Development and PlanningTo achieve this they conduct strategic planning, create and maintain processes and tools, and coordinate activities between various internal teams and external organizations.
The Expert, Information Security Third Party Risk Management influences and drives action among various areas within the organization, including Legal, Procurement, Internal Audit, Facilities Management, Insurance, and different areas within I&T.
This would include incorporating Information Security requirements into procurement processes, ensuring I&T asset inventory systems include relevant data, influencing behaviours of Solution Architects to identify and mitigate high risks, negotiating contractual terms with Legal and Facilities Management, providing expertise to Internal Audit and Insurance teams, issuing Cybersecurity Policies and conducting compliance monitoring activities on subsidiaries, influencing external agencies and service providers to better align to CN's needs, working with customers on Information Security requirements and posture, and many other interactions with various internal and external stakeholders.
S. degree in Computer Science, Information Systems or other related field, or equivalent work experienceBroad skillset and depth of expertise in technical areas of information security and how they impact business objectives
Essential to the economy, to the customers, and to the communities it serves, CN safely transports more than 300 million tons of natural resources, manufactured products, and finished goods throughout North America every year.
S.through a 19,500 mile rail network, CN and its affiliates have been contributing to community prosperity and sustainable trade since 1919.
CN is committed to programs supporting social responsibility and environmental stewardship. CN requires that all employees be fully vaccinated against COVID-19 and provide proof thereof as a condition of employment.The Company's vaccination mandate extends to employees of our wholly owned subsidiaries as well as CN's contractors, consultants, agents and suppliers and anyone who accesses CN properties in Canada.