Expert, Information Security Third Party Risk
6 months ago
At CN, we work together to move our company—and North America—forward. Be part of our Information & Technology (I&T) team, a critical piece of the engine that keeps us in motion. From enterprise architecture to operational technology, our teams use the agile methodology to automate and digitize our railroad ensuring our operations run optimally and safely and our employees can focus on value-added tasks. You will be able to develop your skills and career in our close-knit, safety-focused culture working together as ONE TEAM. The careers we offer are meaningful because the work we do matters. Join us
Job Summary
The purpose of this role is to maintain and grow an industry leading Information Security Third Party Risk Management (TPRM) practice to support the mission of empowering the business by building resilience against evolving cyber threats. This will include program governance, policy and guideline development, risk assessments, information protection contract clauses, continuous monitoring, compliance assessments, regulatory compliance assurance, due diligence and selection processes, technology and tool development and maintenance, cloud transformation, and stakeholder awareness and communication.
Main Responsibilities
Practice Development and Planning
- Align third party information security with organizational business goals
- Oversee a broad range of Information Security activities related to third party suppliers, solutions, subsidiaries and customers, including large outsourcing initiatives (e.g. I&T infrastructure and help desk managed services)
- Develop and maintain a set of policies & guidelines specific to protecting CN's assets where they are accessed or managed by third parties
- Create and maintain a TPRM practice, including a framework for evaluating and managing third party risk
- Ensure information security requirements are integrated with procurement processes
- Proactively monitor emerging trends and evolving threat landscapes to identify innovative ideas that would position CN to be an industry leader
Operation and Execution
- Identify, assess, and report critical and high risks involving third parties
- Manage and escalate incidents such as a material control weaknesses and security breaches and working with the Security Operations Centre (SOC) as required
- Report critical non-compliances and high risks to the appropriate business stakeholders
- Write and negotiate contractual terms internally and with external partners and suppliers to ensure CN's business goals are met relating to information security
- Ensure CN's Information Security policies & guidelines related to third parties meet regulatory requirements for security and privacy protection (e.g. TSA directives, CCSPA requirements, privacy bills, etc.)
- Enhance existing processes through innovation and continuous improvement
- Subject Matter Expertise
- Drive action across various internal and external stakeholders by communicating technical and process requirements
- Provide leadership and expertise on matters relating to third party information security to various internal stakeholders, including I&T, Procurement, Internal Audit, Legal, Facilities Management, and Insurance teams
- Discover and bring to light innovation opportunities and influence other groups to support and implement changes that will generate business value
- Mentor resources, provide knowledge transfer, and delegate support tasks
Organizational Impact
Decision Making & Impacts
The Expert, Information Security Third Party Risk Management implements the governance, risk, and compliance capabilities required to bring Information Security risks involving third party suppliers, solutions, subsidiaries, and customers to acceptable levels required to enable to enable the organization to achieve its business objectives.
To achieve this they conduct strategic planning, create and maintain processes and tools, and coordinate activities between various internal teams and external organizations.
Level of Interaction/Influence
The Expert, Information Security Third Party Risk Management influences and drives action among various areas within the organization, including Legal, Procurement, Internal Audit, Facilities Management, Insurance, and different areas within I&T. They also drive action within external subsidiaries, suppliers, and customers.
This would include incorporating Information Security requirements into procurement processes, ensuring I&T asset inventory systems include relevant data, influencing behaviours of Solution Architects to identify and mitigate high risks, negotiating contractual terms with Legal and Facilities Management, providing expertise to Internal Audit and Insurance teams, issuing Cybersecurity Policies and conducting compliance monitoring activities on subsidiaries, influencing external agencies and service providers to better align to CN's needs, working with customers on Information Security requirements and post
-
Information Security Third Party Risk Management
6 months ago
Montréal, Canada Société Générale Full time**Responsibilities**: **ABOUT THE JOB**: **What will be your DAY-TO-DAY?** - Develop and manage TPRM Info Sec Day to Day team both offshore and onshore - Develop TPRM strategy for Americas region and be responsible for delivery of action plans ensuring conformity with third party risk management compliance (e.g. regulator, auditor, policy, etc.) requires and...
-
Head of Information Security
7 months ago
Montréal, Canada WSP Full time**Position Summary** WSP’s Information Security Office (ISO) is responsible for the deployment of the information security framework in to both the IT organization and wider business community. This includes the Governance mechanisms, policies and processes, tools and technologies, and employee training required to protect WSP information and that of our...
-
Business Information Security Officer
7 months ago
Montréal, Canada WSP Full time**Position Summary** WSP’s Information Security Office (ISO) is responsible for the deployment of the information security framework in to both the IT organization and wider business community. This includes the Governance mechanisms, policies and processes, tools and technologies, and employee training required to protect WSP information and that of our...
-
Analyst, Cybersecurity
2 weeks ago
Montréal, QC, Canada QUANTEAM (Groupe RAINBOW PARTNERS) Full timeAs the founding entity of RAINBOW PARTNERS, Quanteam is a consulting firm specializing in Banking, Finance, and Financial Services. Guided by our core values of closeness, teamwork, diversity, and excellence, our team of 1,000 expert consultants, representing 35 different nationalities, collaborates across 10 international offices: We are looking for a...
-
Cyber Supply Chain Risk Manager
3 months ago
Montréal, QC, Canada Intact Full timeOur employees are at the heart of what we do best: helping people, businesses and society prosper in good times and be resilient in bad times. When you join our team, you’re bringing this purpose to life alongside a passionate community of experts. Feel empowered to learn and grow while being valued for who you are - here, diversity is a strength. You...
-
IT Specialist, Security
8 months ago
Montréal, Canada Saputo Inc. Full timeAt Saputo, our best comes from our people. We’re a talented and caring team with a longstanding history of excellence. Since our first days delivering cheese on a bicycle, we’ve grown into a leading global dairy processor by staying true to the culture that defines us. Each of our employees is committed to uphold our tradition of care, quality, and...
-
Troisième Clé
6 months ago
Montréal, Canada Party Expert Full time_Le genre masculin est utilisé sans aucune discrimination et dans le seul but d'alléger le texte._ Vous aimeriez travailler dans un environnement des plus excitants! Vous êtes passionné et inspirant? Party Expert est une entreprise Québécoise, reconnue pour sa vaste sélection de produits reliés aux fêtes et célébrations de tous genres. Chef de...
-
Assistant(E) Gérant(E) Du Magasin
6 months ago
Montréal, Canada Party Expert Full time_Le genre masculin est utilisé sans aucune discrimination et dans le seul but d'alléger le texte._ Vous aimeriez travailler dans un environnement des plus excitants! Vous êtes passionné et inspirant? Party Expert est une entreprise Québécoise, reconnue pour sa vaste sélection de produits reliés aux fêtes et célébrations de tous genres. Chef de...
-
Cyber Security and Information Technology Risk
6 months ago
Montréal, Canada Business Development Bank of Canada Full timeWe are banking at another level. Choosing BDC as your employer means working in a healthy, inclusive, and skilled workplace that puts forward the best conditions to bring together unique teams where employees are empowered to act. It also means being at the centre of ambitious economic and financial projects to see further and to do things differently, to...
-
Conseiller(ère) Aux Ventes
6 months ago
Montréal, Canada Party Expert Full time_Le genre masculin est utilisé sans aucune discrimination et dans le seul but d'alléger le texte._ Vous aimeriez travailler dans un environnement des plus excitants! Vous êtes passionné et inspirant? Party Expert est une entreprise Québécoise, reconnue pour sa vaste sélection de produits reliés aux fêtes et célébrations de tous genres. Chef de...
-
Assistant(E) Gérant(E) Du Magasin
7 months ago
Montréal, Canada Party Expert Full time_Le genre masculin est utilisé sans aucune discrimination et dans le seul but d'alléger le texte._ Vous aimeriez travailler dans un environnement des plus excitants! Vous êtes passionné et inspirant? Party Expert est une entreprise Québécoise, reconnue pour sa vaste sélection de produits reliés aux fêtes et célébrations de tous genres. Chef de...
-
Cyber Security and Information Technology Risk Lead
6 months ago
Montréal, Canada Business Development Bank of Canada Full timeWe are banking at another level. Choosing BDC as your employer means working in a healthy, inclusive, and skilled workplace that puts forward the best conditions to bring together unique teams where employees are empowered to act. It also means being at the centre of ambitious economic and financial projects to see further and to do things differently, to...
-
Conseiller(ère) Aux Ventes
4 months ago
Montréal, QC, Canada Party Expert Full time_Le genre masculin est utilisé sans aucune discrimination et dans le seul but d'alléger le texte._ Vous aimeriez travailler dans un environnement des plus excitants! Vous êtes passionné et inspirant? Party Expert est une entreprise Québécoise, reconnue pour sa vaste sélection de produits reliés aux fêtes et célébrations de tous genres. Chef de...
-
Compliance Analyst, Financial Services
2 weeks ago
Montréal, QC, Canada QUANTEAM (Groupe RAINBOW PARTNERS) Full timeAs the founding entity of RAINBOW PARTNERS, Quanteam is a consulting firm specializing in Banking, Finance, and Financial Services. Guided by our core values of closeness, teamwork, diversity, and excellence, our team of 1,000 expert consultants, representing 35 different nationalities, collaborates across 10 international offices: We are looking for a...
-
Security Compliance Expert
2 weeks ago
Montréal, QC, Canada Mindsec Full timeJob Description: Security compliance expert At Mindsec, we’re committed to simplifying every stage of our customers' security compliance and risk management journey, from the beginning to compliance readiness and certification (SOC 2, ISO 27001, GDPR, CCPA, HIPPA, PCI-DSS, NIST, Law 25, etc.). With compliance automation software and dedicated...
-
Security Compliance Expert
2 weeks ago
Montréal, QC, Canada Mindsec Full timeJob Description: Security compliance expert At Mindsec, we’re committed to simplifying every stage of our customers' security compliance and risk management journey, from the beginning to compliance readiness and certification (SOC 2, ISO 27001, GDPR, CCPA, HIPPA, PCI-DSS, NIST, Law 25, etc.). With compliance automation software and dedicated experts...
-
Cyber Security Expert
6 months ago
Montréal, Canada Equans Full time**Requisition ID**: 53969 **Domain**: Digital and IT/Cybersecurity **Contract type**: Permanent **Schedule**: Full-Time **_Equans is looking for a cybersecurity Expert!_** The Equans group is a world leader in the energy and services industry. The Group operates in 20 countries, with 90,000 employees working on 5 continents. Equans is a Bouygues group...
-
Supply Chain Analyst
1 month ago
Montréal, QC, Canada Pharmascience Inc. Full time**Job Summary** Reporting directly to the Senior Manager, Supply Chain Management, the main role of the Supply Chain Analyst, Third-Party is to define and execute the supply strategy to ensure the continuity of the supply chain in the short and long term for the molecules in their portfolio for the Canadian and international markets; under a framework of...
-
Expert, Security Operation Center
6 months ago
Montréal, Canada Canadian National Railway Full timeAt CN, we work together to move our company—and North America—forward. Be part of our Information & Technology (I&T) team, a critical piece of the engine that keeps us in motion. From enterprise architecture to operational technology, our teams use the agile methodology to automate and digitize our railroad ensuring our operations run optimally and...
-
Expert Security Operation Center
8 months ago
Montréal, Canada Canadian National Railway Full timeAt CN, we work together to move our company—and North America—forward. Be part of our Information & Technology (I&T) team, a critical piece of the engine that keeps us in motion. From enterprise architecture to operational technology, our teams use the agile methodology to automate and digitize our railroad ensuring our operations run optimally and...
