At CN, we work together to move our company—and North America—forward. Be part of our Information & Technology (I&T) team, a critical piece of the engine that keeps us in motion. From enterprise architecture to operational technology, our teams use the agile methodology to automate and digitize our railroad ensuring our operations run optimally and safely and our employees can focus on value-added tasks. You will be able to develop your skills and career in our close-knit, safety-focused culture working together as ONE TEAM. The careers we offer are meaningful because the work we do matters. Join us!
Job Summary
The purpose of this role is to maintain and grow an industry leading Information Security Third Party Risk Management (TPRM) practice to support the mission of empowering the business by building resilience against evolving cyber threats. This will include program governance, policy and guideline development, risk assessments, information protection contract clauses, continuous monitoring, compliance assessments, regulatory compliance assurance, due diligence and selection processes, technology and tool development and maintenance, cloud transformation, and stakeholder awareness and communication.
This role oversees the development and operations of the third-party security function within CN's Chief Information Security Office (CISO). It interfaces with a variety of senior stakeholders within I&T and the business in order to develop and influence the required changes for the management of third-party security risks originating from suppliers, customers, subsidiaries, and cloud-based technology tools and platforms, to a level that is manageable and aligned to CN's business risk tolerance. They are a senior resource with an understanding of how to apply deep technical knowledge while coordinating activities between multiple internal groups and third-party organizations to enable business objectives by ultimately managing risk to a level that is acceptable for the organization.
Main Responsibilities
Practice Development and Planning
Operation and Execution
Organizational Impact
Decision Making & Impacts
The Expert, Information Security Third Party Risk Management implements the governance, risk, and compliance capabilities required to bring Information Security risks involving third party suppliers, solutions, subsidiaries, and customers to acceptable levels required to enable to enable the organization to achieve its business objectives.
To achieve this they conduct strategic planning, create and maintain processes and tools, and coordinate activities between various internal teams and external organizations.
Level of Interaction / Influence
The Expert, Information Security Third Party Risk Management influences and drives action among various areas within the organization, including Legal, Procurement, Internal Audit, Facilities Management, Insurance, and different areas within I&T. They also drive action within external subsidiaries, suppliers, and customers.
This would include incorporating Information Security requirements into procurement processes, ensuring I&T asset inventory systems include relevant data, influencing behaviours of Solution Architects to identify and mitigate high risks, negotiating contractual terms with Legal and Facilities Management, providing expertise to Internal Audit and Insurance teams, issuing Cybersecurity Policies and conducting compliance monitoring activities on subsidiaries, influencing external agencies and service providers to better align to CN's needs, working with customers on Information Security requirements and posture, and many other interactions with various internal and external stakeholders.
Requirements
Education / Certification / Designation
Skills / Knowledge
Specific skills per speciality
Experience
Working Conditions
Occasional business travel (Canada and US) in accordance with CN policy
This position is posted as a grade LEVEL 7. For internal candidates, note that the grade level of the position may adjust based on the employee's experience.
About CN
CN is a world-class transportation leader and trade-enabler. Essential to the economy, to the customers, and to the communities it serves, CN safely transports more than 300 million tons of natural resources, manufactured products, and finished goods throughout North America every year. As the only railroad connecting Canada's Eastern and Western coasts with the Southern tip of the U.S. through a 19,500 mile rail network, CN and its affiliates have been contributing to community prosperity and sustainable trade since 1919. CN is committed to programs supporting social responsibility and environmental stewardship. At CN, we work as ONE TEAM, focused on safety, sustainability and our customers, providing operational and supply chain excellence to deliver results.
For internal candidates, note that the grade level of the position will depend on the employee's experience.
CN requires that all employees be fully vaccinated against COVID-19 and provide proof thereof as a condition of employment. The Company's vaccination mandate extends to employees of our wholly owned subsidiaries as well as CN's contractors, consultants, agents and suppliers and anyone who accesses CN properties in Canada.
CN is an employment equity employer and we encourage all qualified candidates to apply. We thank all applicants for their interest, however, only candidates under consideration will be contacted. Please monitor your email on a regular basis, as communication is primarily made through email.