Operation Technology CyberSecurity Specialist


Offre publiée le 2024-03-27


Operation Technology CyberSecurity Specialist


CPKC is the first and only single-line rail network connecting North America.

View company page

Support enterprise security related objectives in the operational technology space, including tactical (threat detection and incident response) and governance aspects.

Member of a diverse team of enterprise security experts that works to protect the confidentiality, integrity, and availability of information systems.


  • Coordinate with stakeholders such as Internal Controls, Internal Audit etc. for compliance (e.g. SOX) related tasks
  • Assist in managing and improving the security awareness program
  • Work with IT, business, and third-party vendors to perform security risk assessments on new and existing systems, processes, and technologies (including cloud solutions) to identify any security risks and coordinate with stakeholders to mitigate the risk;

improve the efficiency of the assessment process.

  • Develop, implement. and maintain cybersecurity policies, standards, directives, and processes. Raise awareness about these amongst the end-users
  • Provide guidance / consultation to the project teams / application teams / business to implement security best practices
  • Manage and lead the improvement initiatives for the existing security risk management tools including improving the process / workflows, designing, and implementing new workflows, updating manuals, raising awareness about the tools, and maintaining the security risk register by documenting and monitoring risks as required
  • Lead initiatives to improve the maturity of the security risk management program by working towards the alignment with NIST framework;

conduct gap assessments, and assign and coordinate for the follow-up tasks with different teams, etc.

Monitor, analyze, and interpret security / system logs for events, operational irregularities, and potential incidents;

respond to alarms and incidents, follow response playbooks

  • Administer, maintain, and support various systems including vulnerability management, email hygiene, and multifactor authentication
  • Perform vulnerability scans, analysis, validation, and remediation activities; classify and prioritize the risk of new vulnerabilities;

provide IT and business teams with information security advice and guidance on vulnerability remediation

Develop, implement, and maintain cybersecurity procedures and configurations; research and assess emerging security threats and vulnerabilities and provide position papers;

assist with the execution of CPKC's information security strategy and roadmap


  • 5+ years in information technology security, operational technology, information technology, or a similar field
  • Experience in an IT / cyber risk management or security risk assessment role
  • Security or technical experience in operation technology environments


Flexible and competitive benefits package

As an employer with North American presence, the possibility does exist that the location of your position may be changed based on organizational requirements.

The successful candidate will need to successfully complete the following clearances :

  • Criminal history check
  • Reference check

Management Conductor Program :

Becoming a qualified conductor or locomotive engineer is the single best way for a management employee to learn the business at CPKC.

You may be required to obtain a certification or to maintain your current certification / qualification as a conductor or locomotive engineer.

CPKC is an employment equity employer committed to the principles of employment equity and inclusion. We encourage all qualified candidates to apply including women, Black, Indigenous, People of Colour (BIPOC), members of the LGBTQ+ community, and people with disabilities.

Accommodations for the job application process can be provided, as appropriate, upon request. All applicant information will be managed in accordance with the federal Personal Information Protection and Electronic Documents Act (PIPEDA).

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.


30+ days ago