Job Title

Skills Required : Security designation, Information Security Risk Assessment, Network Security Management, Incident Response Planning, Security Auditing, Compliance Standards (e.g., ISO 27001, NIST, PCI-DSS), Cloud Security, Penetration Testing HM Note: This hybrid contract role requires three (3) days in the office. Candidates must include their first and last name in their resume. Description We are seeking a consultant with a strong background in OT/IT governance and compliance to support the development of a solid foundation for both IT and OT governance. This includes designing a roadmap, establishing an operating model, and enhancing IT compliance frameworks such as PCI and OT compliance. The consultant will play a key role in developing robust security policies, standards, procedures, risk management strategies, and compliance frameworks that effectively manage third-party risks, ensuring alignment with overall business objectives. REQUIRED EXPERIENCE/SKILLS: Minimum of seven (7+) years of experience in information security, including large security projects. Experience in OT environments and understanding the unique governance, risks, and compliance requirements of OT systems and operations. Strong understanding of cybersecurity, governance, risk, and compliance (GRC) frameworks and regulatory requirements (PCI-DSS, NIST, ISO 27001). Excellent communication, interpersonal, and presentation skills for engaging with diverse stakeholders. Expertise in security governance, risk management, and compliance, including developing roadmaps, policies, standards, procedures, and processes. Proven experience in contractual security requirements and third-party risk management through RFP processes and vendor evaluations. Ability to work in cross-functional teams, communicating complex technical information to all organizational levels, including leadership. Proficient in cybersecurity risk management and third-party risk management tools (e.g., ServiceNow, One Trust, Audit Board). Experience in developing security processes, procedures, and standards documentation. Strong time management skills and the ability to prioritize projects and responsibilities. Strong reporting and presentation skills to communicate security risks and compliance status to executives and stakeholders. Self-motivated with the ability to work independently in a fast-paced environment. Proficiency with Microsoft Office tools such as Word, Excel, PowerPoint, PowerBI, Visio, and O365 SharePoint. Lead efforts to expand and improve cybersecurity governance and compliance in both IT and OT environments, ensuring alignment with Metrolinxs cybersecurity strategy, policies, and risk management. Support annual PCI assessments by collaborating with QSAs, internal security teams, and business units to validate compliance and address findings. Develop and update governance documents such as security policies, standards, and procedures for IT and OT, aligned with industry standards and regulations (e.g., PCI-DSS, ISO 27001, NIST, ISA/IEC 62443, CIS controls). Lead creation, review, and approval of cybersecurity policies and standards, ensuring they are comprehensive and applicable across environments. Manage security documentation and audit artifacts to maintain accuracy and controlled access. Collaborate with IT, business teams, vendors, and audit committees to align security strategies and remediate risks. Assist GRC team in designing security-compliant solutions and providing expert consultation on threats and controls. Foster collaboration by effectively communicating complex security concepts and ensuring policy adherence. Work with project teams as a cybersecurity SME to recommend and implement controls addressing risks. Engage in ongoing compliance activities related to regulatory requirements and Metrolinx standards. Develop security processes, procedures, governance artifacts, and controls within Cybersecurity Risk Management and Governance/Compliance Programs. Assist with security audits and risk assessments, ensuring compliance and remediation of exposures. Maintain regular communication with cybersecurity teams, stakeholders, and project teams, escalating matters as needed. Participate in cybersecurity awareness programs to educate staff on best practices and compliance. Collaborate with teams to tailor security awareness materials to Metrolinxs risks and needs. Additional Terms A current security designation (CISSP, CISM, CCSP, or CISA). Familiarity with key OT governance frameworks and standards, such as NIST CSF, ISO/IEC 27001, ISA/IEC 62443. Must Haves: 7+ years experience in information security, including large security projects. 7+ years experience in OT environments with understanding of governance, risks, and compliance requirements. Expertise in security governance, risk management, and compliance, including policies, standards, and procedures development. Strong understanding of cybersecurity, GRC frameworks, and regulatory requirements. Didn't find the role you were looking for? Upload your resume now to be considered for future opportunities at Foilcon. #J-18808-Ljbffr