Lead, Cybersecurity Programs

Job Summary

Reporting directly to the Director, Cybersecurity, the Lead, Cybersecurity Programs at Porter is tasked with validating and implementing the controls used to secure the company's digital frontier. This role encompasses working within and enforcing a comprehensive cybersecurity strategy, anchored in the rigorous standards set by the NIST Cybersecurity Framework and NIST 800-53 guidelines. A critical component of this strategy is the maintaining of a 24/7 cybersecurity operation to ensure Porter's preparedness against cyber threats with optimized response times. Additionally, the Program Lead is responsible for validating and remediating robust data security and privacy protocols to safeguard Porter’s sensitive information, incorporating data classification, encryption, and compliance with data protection laws. The Program Lead is expected to review and deliver on projects with the goal of improving upon Porter’s cybersecurity posture. Additional scope of this role includes reporting on the enforcement of cybersecurity standards across IT and business sponsored projects, monitoring a proactive cyber defence infrastructure, monitoring organizational cybersecurity awareness and providing regular cybersecurity reports. The Lead, Cybersecurity Programs will work with third-party vendors to help bolster Porter's cybersecurity defences, ensuring adaptability and strength in the face of evolving cyber threats. The success of the role will be measured by their ability to assist to achieve targeted maturity levels within the NIST framework, contributing to significantly reduce incident response times, helping to decrease vulnerabilities and breaches, validating participation in cybersecurity awareness within the organization, working with third-party vendors collaboratively, and securing necessary industry or regulatory cybersecurity certifications. Duties & Responsibilities Cybersecurity Framework Implementation: Implementation of Porter’s cybersecurity strategy, guided by the NIST Cybersecurity Framework and NIST 800-53 guidelines, to ensure a robust cybersecurity posture. Embed Cyber Principles in Design: Review the design of business sponsored projects to ensure adherence to controls, standards and policies. Enhance Cybersecurity Posture: Deliver projects in a timely manner with this goal in mind. Participate in 24/7 Cybersecurity Monitoring: Participate in a 24/7 cybersecurity monitoring, detection, and response operation, equipped with advanced technologies such as Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR), and Endpoint Detection and Response (EDR), aiming to optimize incident response times (Mean Time to Detect - MTTD and Mean Time to Respond - MTTR), ensuring Porter's readiness to rapidly address and neutralize threats. Data Security and Privacy: Participate in the implementation of comprehensive data security and privacy measures, ensuring the protection and confidentiality of Porter's sensitive information. This includes implementing data classification, encryption strategies, and access controls, as well as ensuring compliance with relevant data protection regulations. Work with Cybersecurity Standards: Work within the cybersecurity standards for IT projects to ensure compliance, aligning project objectives with Porter’s cybersecurity strategy and minimizing risks. Defend all assets: Participate in providing a comprehensive cyber defence function that includes vulnerability management and ethical hacking to proactively secure Porter’s IT and OT systems against potential breaches. Ensure Organizational Cybersecurity Awareness: Ensire ongoing cybersecurity awareness training participation, help organize regular phishing simulations, and participate in tabletop exercises to bolster organizational resilience against cyber threats. Develop Third-Party Vendor Relationships: Build collaborations and participate with third-party vendors to supplement and enhance Porter’s cybersecurity capabilities, ensuring alignment with our strategic defence objectives. This includes managing external engagements for penetration testing of internal and external applications and networks. Monitor Success and Compliance: Develop reports on key performance indicators related to cybersecurity readiness, incident response times, compliance rates with cybersecurity standards, and effectiveness of cybersecurity awareness programs. Foster a Culture of Continuous Improvement: Encourage an environment of continuous learning and development within the cybersecurity team, promoting innovation and proactive approaches to cybersecurity challenges. Lead by Example: Model leadership that prioritizes security, demonstrating commitment to protecting Porter’s assets and data through actions, collaboration and a hands-on approach to cybersecurity management. Actively participates in Porter’s Safety Management System (SMS) including, reporting hazards and incidents encountered in daily operations; understand, comply and promote the Company Safety Policy. Other Duties as Assigned Behavioural Competencies Concern for Safety: Identifying hazardous or potentially hazardous situations and taking appropriate action to maintain a safe environment for self and others. Teamwork: Working collaboratively with others to achieve organizational goals. Passenger/Customer Service: Providing service excellence to internal and/or external customers (passengers). Initiative: Dealing with situations and issues proactively and persistently, seizing opportunities that arise. Results Focus: Focusing efforts on achieving high quality results consistent with the organization’s standards. Fostering Communication: Listening and communicating openly, honestly, and respectfully with different audiences, promoting dialogue and building consensus. Qualifications Bachelor’s degree in Computer Science, Information Security, Engineering, Business Administration, or a closely related field. Cybersecurity certifications (SANS, CEH, ISACA, OffSec, CompTIA as examples) Proven experience in IT and cybersecurity, including 24/7 operations and familiarity with NIST frameworks. Cybersecurity related project delivery and project analysis experience Proven experience in cybersecurity programs, operational leadership, and fostering a culture of cybersecurity awareness and resilience. Demonstrable expertise in penetration tests, vulnerability assessment, and security monitoring Experience with cloud and local network infrastructure and security tools. Collaborative skills for working across teams and with external partners to enhance cybersecurity defences.