Expert, Information Security Third Party Risk
5 months ago
At CN, we work together to move our company—and North America—forward. Be part of our Information & Technology (I&T) team, a critical piece of the engine that keeps us in motion. From enterprise architecture to operational technology, our teams use the agile methodology to automate and digitize our railroad ensuring our operations run optimally and safely and our employees can focus on value-added tasks. You will be able to develop your skills and career in our close-knit, safety-focused culture working together as ONE TEAM. The careers we offer are meaningful because the work we do matters. Join us
Job Summary
The purpose of this role is to maintain and grow an industry leading Information Security Third Party Risk Management (TPRM) practice to support the mission of empowering the business by building resilience against evolving cyber threats. This will include program governance, policy and guideline development, risk assessments, information protection contract clauses, continuous monitoring, compliance assessments, regulatory compliance assurance, due diligence and selection processes, technology and tool development and maintenance, cloud transformation, and stakeholder awareness and communication.
Main Responsibilities
Practice Development and Planning
- Align third party information security with organizational business goals
- Oversee a broad range of Information Security activities related to third party suppliers, solutions, subsidiaries and customers, including large outsourcing initiatives (e.g. I&T infrastructure and help desk managed services)
- Develop and maintain a set of policies & guidelines specific to protecting CN's assets where they are accessed or managed by third parties
- Create and maintain a TPRM practice, including a framework for evaluating and managing third party risk
- Ensure information security requirements are integrated with procurement processes
- Proactively monitor emerging trends and evolving threat landscapes to identify innovative ideas that would position CN to be an industry leader
Operation and Execution
- Identify, assess, and report critical and high risks involving third parties
- Manage and escalate incidents such as a material control weaknesses and security breaches and working with the Security Operations Centre (SOC) as required
- Report critical non-compliances and high risks to the appropriate business stakeholders
- Write and negotiate contractual terms internally and with external partners and suppliers to ensure CN's business goals are met relating to information security
- Ensure CN's Information Security policies & guidelines related to third parties meet regulatory requirements for security and privacy protection (e.g. TSA directives, CCSPA requirements, privacy bills, etc.)
- Enhance existing processes through innovation and continuous improvement
- Subject Matter Expertise
- Drive action across various internal and external stakeholders by communicating technical and process requirements
- Provide leadership and expertise on matters relating to third party information security to various internal stakeholders, including I&T, Procurement, Internal Audit, Legal, Facilities Management, and Insurance teams
- Discover and bring to light innovation opportunities and influence other groups to support and implement changes that will generate business value
- Mentor resources, provide knowledge transfer, and delegate support tasks
Organizational Impact
Decision Making & Impacts
The Expert, Information Security Third Party Risk Management implements the governance, risk, and compliance capabilities required to bring Information Security risks involving third party suppliers, solutions, subsidiaries, and customers to acceptable levels required to enable to enable the organization to achieve its business objectives.
To achieve this they conduct strategic planning, create and maintain processes and tools, and coordinate activities between various internal teams and external organizations.
Level of Interaction/Influence
The Expert, Information Security Third Party Risk Management influences and drives action among various areas within the organization, including Legal, Procurement, Internal Audit, Facilities Management, Insurance, and different areas within I&T. They also drive action within external subsidiaries, suppliers, and customers.
This would include incorporating Information Security requirements into procurement processes, ensuring I&T asset inventory systems include relevant data, influencing behaviours of Solution Architects to identify and mitigate high risks, negotiating contractual terms with Legal and Facilities Management, providing expertise to Internal Audit and Insurance teams, issuing Cybersecurity Policies and conducting compliance monitoring activities on subsidiaries, influencing external agencies and service providers to better align to CN's needs, working with customers on Information Security requirements and post
-
Information Security Third Party Risk Management
5 months ago
Montréal, Canada Société Générale Full time**Responsibilities**: **ABOUT THE JOB**: **What will be your DAY-TO-DAY?** - Develop and manage TPRM Info Sec Day to Day team both offshore and onshore - Develop TPRM strategy for Americas region and be responsible for delivery of action plans ensuring conformity with third party risk management compliance (e.g. regulator, auditor, policy, etc.) requires and...
-
Head of Information Security
6 months ago
Montréal, Canada WSP Full time**Position Summary** WSP’s Information Security Office (ISO) is responsible for the deployment of the information security framework in to both the IT organization and wider business community. This includes the Governance mechanisms, policies and processes, tools and technologies, and employee training required to protect WSP information and that of our...
-
Business Information Security Officer
6 months ago
Montréal, Canada WSP Full time**Position Summary** WSP’s Information Security Office (ISO) is responsible for the deployment of the information security framework in to both the IT organization and wider business community. This includes the Governance mechanisms, policies and processes, tools and technologies, and employee training required to protect WSP information and that of our...
-
Cyber Supply Chain Risk Manager
2 months ago
Montréal, QC, Canada Intact Full timeOur employees are at the heart of what we do best: helping people, businesses and society prosper in good times and be resilient in bad times. When you join our team, you’re bringing this purpose to life alongside a passionate community of experts. Feel empowered to learn and grow while being valued for who you are - here, diversity is a strength. You...
-
IT Specialist, Security
7 months ago
Montréal, Canada Saputo Inc. Full timeAt Saputo, our best comes from our people. We’re a talented and caring team with a longstanding history of excellence. Since our first days delivering cheese on a bicycle, we’ve grown into a leading global dairy processor by staying true to the culture that defines us. Each of our employees is committed to uphold our tradition of care, quality, and...
-
Troisième Clé
5 months ago
Montréal, Canada Party Expert Full time_Le genre masculin est utilisé sans aucune discrimination et dans le seul but d'alléger le texte._ Vous aimeriez travailler dans un environnement des plus excitants! Vous êtes passionné et inspirant? Party Expert est une entreprise Québécoise, reconnue pour sa vaste sélection de produits reliés aux fêtes et célébrations de tous genres. Chef de...
-
Assistant(E) Gérant(E) Du Magasin
5 months ago
Montréal, Canada Party Expert Full time_Le genre masculin est utilisé sans aucune discrimination et dans le seul but d'alléger le texte._ Vous aimeriez travailler dans un environnement des plus excitants! Vous êtes passionné et inspirant? Party Expert est une entreprise Québécoise, reconnue pour sa vaste sélection de produits reliés aux fêtes et célébrations de tous genres. Chef de...
-
Cyber Security and Information Technology Risk
5 months ago
Montréal, Canada Business Development Bank of Canada Full timeWe are banking at another level. Choosing BDC as your employer means working in a healthy, inclusive, and skilled workplace that puts forward the best conditions to bring together unique teams where employees are empowered to act. It also means being at the centre of ambitious economic and financial projects to see further and to do things differently, to...
-
Conseiller(ère) Aux Ventes
5 months ago
Montréal, Canada Party Expert Full time_Le genre masculin est utilisé sans aucune discrimination et dans le seul but d'alléger le texte._ Vous aimeriez travailler dans un environnement des plus excitants! Vous êtes passionné et inspirant? Party Expert est une entreprise Québécoise, reconnue pour sa vaste sélection de produits reliés aux fêtes et célébrations de tous genres. Chef de...
-
Assistant(E) Gérant(E) Du Magasin
6 months ago
Montréal, Canada Party Expert Full time_Le genre masculin est utilisé sans aucune discrimination et dans le seul but d'alléger le texte._ Vous aimeriez travailler dans un environnement des plus excitants! Vous êtes passionné et inspirant? Party Expert est une entreprise Québécoise, reconnue pour sa vaste sélection de produits reliés aux fêtes et célébrations de tous genres. Chef de...
-
Conseiller(ère) Aux Ventes
3 months ago
Montréal, QC, Canada Party Expert Full time_Le genre masculin est utilisé sans aucune discrimination et dans le seul but d'alléger le texte._ Vous aimeriez travailler dans un environnement des plus excitants! Vous êtes passionné et inspirant? Party Expert est une entreprise Québécoise, reconnue pour sa vaste sélection de produits reliés aux fêtes et célébrations de tous genres. Chef de...
-
Cyber Security and Information Technology Risk Lead
5 months ago
Montréal, Canada Business Development Bank of Canada Full timeWe are banking at another level. Choosing BDC as your employer means working in a healthy, inclusive, and skilled workplace that puts forward the best conditions to bring together unique teams where employees are empowered to act. It also means being at the centre of ambitious economic and financial projects to see further and to do things differently, to...
-
Cyber Security Expert
5 months ago
Montréal, Canada Equans Full time**Requisition ID**: 53969 **Domain**: Digital and IT/Cybersecurity **Contract type**: Permanent **Schedule**: Full-Time **_Equans is looking for a cybersecurity Expert!_** The Equans group is a world leader in the energy and services industry. The Group operates in 20 countries, with 90,000 employees working on 5 continents. Equans is a Bouygues group...
-
Expert, Security Operation Center
5 months ago
Montréal, Canada Canadian National Railway Full timeAt CN, we work together to move our company—and North America—forward. Be part of our Information & Technology (I&T) team, a critical piece of the engine that keeps us in motion. From enterprise architecture to operational technology, our teams use the agile methodology to automate and digitize our railroad ensuring our operations run optimally and...
-
Supply Chain Analyst
5 days ago
Montréal, QC, Canada Pharmascience Inc. Full time**Job Summary** Reporting directly to the Senior Manager, Supply Chain Management, the main role of the Supply Chain Analyst, Third-Party is to define and execute the supply strategy to ensure the continuity of the supply chain in the short and long term for the molecules in their portfolio for the Canadian and international markets; under a framework of...
-
Expert Security Operation Center
7 months ago
Montréal, Canada Canadian National Railway Full timeAt CN, we work together to move our company—and North America—forward. Be part of our Information & Technology (I&T) team, a critical piece of the engine that keeps us in motion. From enterprise architecture to operational technology, our teams use the agile methodology to automate and digitize our railroad ensuring our operations run optimally and...
-
Mortgage Funder, Third Party Residential
2 months ago
Montréal, QC, Canada First National Financial Full timeFirst National is proud to be an equal opportunity employer and is committed to diversity and inclusion regardless of race, color, religion, national origin, age, gender identity, physical or mental disability, sexual orientation and any other category protected by law. We are hiring a Mortgage Funder, Third Party Residential Underwriting! **Reporting To**:...
-
Montréal-Est, Quebec, Canada American Iron and Metal Full timeJoin a dynamic team at American Iron and Metal where you can leverage your expertise to drive our organization's cybersecurity efforts forward. This exciting opportunity allows you to make a significant impact on safeguarding our digital assets and ensuring the confidentiality, integrity, and availability of critical information and systems.About the RoleWe...
-
Functional Analyst
5 months ago
Montréal, Canada CTConsultants Full time**CTC007536 - Functional analyst (SAP Ariba expert)**: **Secteur industriel: Bancaire/Banking**: **Type d'emploi: Contract**: **Durée: Six months**: **Mode de travail: Remote**: **Description**: - Open hourly rate 6-month renewable contract 100% telecommuting Description: We need a consultant who knows the ARIBA tool like the back of his/her...
-
Information Security Risk Assessment Analyst
3 weeks ago
Montréal, QC, Canada NTT DATA Full timeWe are currently seeking a **Information Security Risk Assessment Analyst** to join our team in Montreal, Quebec (CA-QC), Canada (CA). **Job Responsibilities Include**: - Conducting remote/in-person interviews with system owners/vendors to get all the required information for assessment and to identify any gaps. - Reviewing system-related material...
