Job Description: Reporting to the IS Compliance & Governance Manager, the specialist will primarily be responsible for supporting the governance and compliance management activities relating to cybersecurity and the Information Security program. The specialist will act as subject matter expert for information security subjects including, but not limited to: understanding information security regulatory frameworks such as Sarbanes Oxley (SOX), Payment Card Industry (PCI), Transportation Security Association (TSA), and others; compiling and reporting associated metrics and compliance evidence; project support and GRC processes consulting; owning, managing, reporting, and auditing compliance against information security controls. Job Responsibilities: Communicate, oversee, and support security recommendations to meet business objectives in a proactive and pragmatic manner, ensuring an appropriate level of engagement with clients to ensure success. Provide guidance during the assessment and/or review of new IT solution and/or new and existing technology to maintain compliance with regulatory (g., Sarbanes Oxley, PCI, SWIFT, etc.) and security requirements. Ensure that adequate and effective information security controls are documented and followed. Provide primary leadership on maintaining, supporting, and operating the CN Information Security GRC framework, including ensuring regulatory compliance within the I&T business unit, management of security related policies, and constant evolution to adapt to business requirements. Collaborate with the GRC Risk area to ensure that any identified risks are appropriately logged and managed. Interact with other cybersecurity teams and various I&T entities as necessary to understand, apply, and enforce security requirements. Assess and challenge the effectiveness of information security requirements and controls by working collaboratively with system owners and other stakeholders. Report on information security governance and compliance, and their relationship with business impacts. Job Requirements: Knowledge and general understanding of IT and OT security controls and control models. Flexible in order to effectively manage multiple assignments and adapt to changing priorities Broad knowledge of information security processes and functions including risk management, vulnerability management, access management, and secure development Effective communication and interaction with others Strong knowledge and practical experience applying standards, frameworks, regulations, and legislation governing information security and privacy, e.g. NIST, ISO 27001, COBIT, SOX, PIPEDA Knowledge and practical experience developing, managing, and updating information security policies, standards, procedures, and other documentation Teamwork & collaboration in order to achieve common goals Integrity with high ethical standards Qualification & Experience: Previous experience in ensuring compliance with IT controls is an asset Experience with GRC tools, ServiceNow, and/or Power BI is a plus Professional Designation in Information Security compliance or Security such as Certified Information Systems Auditor (CISA), Certified in the Governance of Enterprise IT (CGEIT), and/or other related designations. 5+ years of experience in an information security / cybersecurity / compliance / IT Audit role Practical experience tracking and reporting KPIs/KRIs Possess a Bachelor’s Degree in an IT discipline or a related field -or- equivalent work experience. Job Details: Company: CN Rail Vacancy Type: Full Time Job Location: Calgary, AB, CA Application Deadline: N/A Apply Here careers-trivia.net
Careers Trivia – Latest Jobs 2025