Expert, Information Security Third Party Risk
2 weeks ago
At CN, we work together to move our company—and North America—forward. Be part of our Information & Technology (I&T) team, a critical piece of the engine that keeps us in motion. From enterprise architecture to operational technology, our teams use the agile methodology to automate and digitize our railroad ensuring our operations run optimally and safely and our employees can focus on value-added tasks. You will be able to develop your skills and career in our close-knit, safety-focused culture working together as ONE TEAM. The careers we offer are meaningful because the work we do matters. Join us
**Job Summary**
The purpose of this role is to maintain and grow an industry leading Information Security Third Party Risk Management (TPRM) practice to support the mission of empowering the business by building resilience against evolving cyber threats. This will include program governance, policy and guideline development, risk assessments, information protection contract clauses, continuous monitoring, compliance assessments, regulatory compliance assurance, due diligence and selection processes, technology and tool development and maintenance, cloud transformation, and stakeholder awareness and communication.
**Main Responsibilities**
**Practice Development and Planning**
- Align third party information security with organizational business goals
- Oversee a broad range of Information Security activities related to third party suppliers, solutions, subsidiaries and customers, including large outsourcing initiatives (e.g. I&T infrastructure and help desk managed services)
- Develop and maintain a set of policies & guidelines specific to protecting CN's assets where they are accessed or managed by third parties
- Create and maintain a TPRM practice, including a framework for evaluating and managing third party risk
- Ensure information security requirements are integrated with procurement processes
- Proactively monitor emerging trends and evolving threat landscapes to identify innovative ideas that would position CN to be an industry leader
**Operation and Execution**
- Identify, assess, and report critical and high risks involving third parties
- Manage and escalate incidents such as a material control weaknesses and security breaches and working with the Security Operations Centre (SOC) as required
- Report critical non-compliances and high risks to the appropriate business stakeholders
- Write and negotiate contractual terms internally and with external partners and suppliers to ensure CN’s business goals are met relating to information security
- Ensure CN's Information Security policies & guidelines related to third parties meet regulatory requirements for security and privacy protection (e.g. TSA directives, CCSPA requirements, privacy bills, etc.)
- Enhance existing processes through innovation and continuous improvement
- Subject Matter Expertise
- Drive action across various internal and external stakeholders by communicating technical and process requirements
- Provide leadership and expertise on matters relating to third party information security to various internal stakeholders, including I&T, Procurement, Internal Audit, Legal, Facilities Management, and Insurance teams
- Discover and bring to light innovation opportunities and influence other groups to support and implement changes that will generate business value
- Mentor resources, provide knowledge transfer, and delegate support tasks
**Organizational Impact**
**Decision Making & Impacts**
The Expert, Information Security Third Party Risk Management implements the governance, risk, and compliance capabilities required to bring Information Security risks involving third party suppliers, solutions, subsidiaries, and customers to acceptable levels required to enable to enable the organization to achieve its business objectives.
To achieve this they conduct strategic planning, create and maintain processes and tools, and coordinate activities between various internal teams and external organizations.
**Level of Interaction/Influence**
The Expert, Information Security Third Party Risk Management influences and drives action among various areas within the organization, including Legal, Procurement, Internal Audit, Facilities Management, Insurance, and different areas within I&T. They also drive action within external subsidiaries, suppliers, and customers.
This would include incorporating Information Security requirements into procurement processes, ensuring I&T asset inventory systems include relevant data, influencing behaviours of Solution Architects to identify and mitigate high risks, negotiating contractual terms with Legal and Facilities Management, providing expertise to Internal Audit and Insurance teams, issuing Cybersecurity Policies and conducting compliance monitoring activities on subsidiaries, influencing external agencies and service providers to better align to CN’s needs, working with customers on Informatio
-
Toronto, Canada Canadian National Railway Full timeAt CN, we work together to move our company-and North America-forward. Be part of our Information & Technology (I&T) team, a critical piece of the engine that keeps us in motion. From enterprise architecture to operational technology, our teams use the agile methodology to automate and digitize our railroad ensuring our operations run optimally and safely...
-
Toronto, Canada Canadian National Railway Full timeAt CN, we work together to move our company-and North America-forward. Be part of our Information & Technology (I&T) team, a critical piece of the engine that keeps us in motion. From enterprise architecture to operational technology, our teams use the agile methodology to automate and digitize our railroad ensuring our operations run optimally and safely...
-
Toronto, Canada Canadian National Railway Full timeAt CN, we work together to move our company—and North America—forward. Be part of our Information & Technology (I&T) team, a critical piece of the engine that keeps us in motion. From enterprise architecture to operational technology, our teams use the agile methodology to automate and digitize our railroad ensuring our operations run optimally and...
-
Toronto, Ontario, Canada Canadian National Railway Full timeAt CN, we work together to move our company-and North America-forward. Be part of our Information & Technology (I&T) team, a critical piece of the engine that keeps us in motion. From enterprise architecture to operational technology, our teams use the agile methodology to automate and digitize our railroad ensuring our operations run optimally and safely...
-
Toronto, Canada Canadian National Railway Full timeAt CN, we work together to move our company—and North America—forward. Be part of our Information & Technology (I&T) team, a critical piece of the engine that keeps us in motion. From enterprise architecture to operational technology, our teams use the agile methodology to automate and digitize our railroad ensuring our operations run optimally and...
-
Toronto, Canada Canadian National Railway Full timeAt CN, we work together to move our company—and North America—forward. Be part of our Information & Technology (I&T) team, a critical piece of the engine that keeps us in motion. From enterprise architecture to operational technology, our teams use the agile methodology to automate and digitize our railroad ensuring our operations run optimally and...
-
Toronto, Canada Canadian National Railway Full timeAt CN, we work together to move our company—and North America—forward. Be part of our Information & Technology (I&T) team, a critical piece of the engine that keeps us in motion. From enterprise architecture to operational technology, our teams use the agile methodology to automate and digitize our railroad ensuring our operations run optimally and...
-
Toronto, Canada Canadian National Railway Full timeAt CN, we work together to move our company-and North America-forward. Be part of our Information & Technology (I&T) team, a critical piece of the engine that keeps us in motion. From enterprise architecture to operational technology, our teams use the agile methodology to automate and digitize our railroad ensuring our operations run optimally and safely...
-
Toronto, ON, Canada Canadian National Railway Full timeAt CN, we work together to move our company—and North America—forward. Be part of our Information & Technology (I&T) team, a critical piece of the engine that keeps us in motion. From enterprise architecture to operational technology, our teams use the agile methodology to automate and digitize our railroad ensuring our operations run optimally and...
-
Toronto, ON, Canada Canadian National Railway Full timeAt CN, we work together to move our company—and North America—forward. Be part of our Information & Technology (I&T) team, a critical piece of the engine that keeps us in motion. From enterprise architecture to operational technology, our teams use the agile methodology to automate and digitize our railroad ensuring our operations run optimally and...
-
Toronto, ON, Canada Canadian National Railway Full timeAt CN, we work together to move our company—and North America—forward. Be part of our Information & Technology (I&T) team, a critical piece of the engine that keeps us in motion. From enterprise architecture to operational technology, our teams use the agile methodology to automate and digitize our railroad ensuring our operations run optimally and...
-
Old Toronto, Canada Canadian National Railway Full timeAt CN, we work together to move our company-and North America-forward. Be part of our Information & Technology (I&T) team, a critical piece of the engine that keeps us in motion. From enterprise architecture to operational technology, our teams use the agile methodology to automate and digitize our railroad ensuring our operations run optimally and safely...
-
Old Toronto, Canada Canadian National Railway Full timeAt CN, we work together to move our company-and North America-forward. Be part of our Information & Technology (I&T) team, a critical piece of the engine that keeps us in motion. From enterprise architecture to operational technology, our teams use the agile methodology to automate and digitize our railroad ensuring our operations run optimally and safely...
-
Old Toronto, Canada Canadian National Railway Full timeAt CN, we work together to move our company-and North America-forward. Be part of our Information & Technology (I&T) team, a critical piece of the engine that keeps us in motion. From enterprise architecture to operational technology, our teams use the agile methodology to automate and digitize our railroad ensuring our operations run optimally and safely...
-
Toronto, ON, Canada Canadian National Railway Full timeAt CN, we work together to move our company—and North America—forward. Be part of our Information & Technology (I&T) team, a critical piece of the engine that keeps us in motion. From enterprise architecture to operational technology, our teams use the agile methodology to automate and digitize our railroad ensuring our operations run optimally and...
-
Toronto, ON, Canada Canadian National Railway Full timeAt CN, we work together to move our company-and North America-forward. Be part of our Information & Technology (I&T) team, a critical piece of the engine that keeps us in motion. From enterprise architecture to operational technology, our teams use the agile methodology to automate and digitize our railroad ensuring our operations run optimally and safely...
-
Third Party Risk Analyst
5 days ago
Toronto, ON, Canada Quantum Technology Recruiting Inc. Full timePosition: Third Party Risk Analyst Location: Toronto / Remote Job Type: 6+ months contract, full-time Our Toronto-based client, consistently ranked as one of Canada’s top employers, is looking for a Third Party Risk Analyst , who has done full-cycle 3rd party vendor risk assessments to support their Information Security Risk Management and...
-
Third Party Risk Analyst
5 days ago
Old Toronto, Canada Quantum Technology Recruiting Inc. Full timePosition: Third Party Risk Analyst Location: Toronto / RemoteJob Type: 6+ months contract, full-timeOur Toronto-based client, consistently ranked as one of Canada’s top employers, is looking for a Third Party Risk Analyst, who has done full-cycle 3rd party vendor risk assessments to support their Information Security Risk Management and Governance...
-
Third Party Risk Analyst
5 days ago
Old Toronto, Canada Quantum Technology Recruiting Inc. Full timePosition: Third Party Risk Analyst Location: Toronto / RemoteJob Type: 6+ months contract, full-timeOur Toronto-based client, consistently ranked as one of Canada’s top employers, is looking for a Third Party Risk Analyst, who has done full-cycle 3rd party vendor risk assessments to support their Information Security Risk Management and Governance...
-
Third Party Risk Analyst
5 days ago
Old Toronto, Canada Quantum Technology Recruiting Inc. Full timePosition: Third Party Risk Analyst Location: Toronto / RemoteJob Type: 6+ months contract, full-timeOur Toronto-based client, consistently ranked as one of Canada’s top employers, is looking for a Third Party Risk Analyst, who has done full-cycle 3rd party vendor risk assessments to support their Information Security Risk Management and Governance...
