Apply now »

Specialist, Security Governance

  • Req ID: 86012
  • Department: Information Services
  • Job Type: Full-Time
  • Position Type: Non-Union
  • Location: Calgary, Alberta
  • Country: Canada
  • % of Travel: 0-10%
  • # of Positions: 1
  • Job Grade: Level 3
  • Job Available to: Internal & External
  • Deadline to apply: 08/07/2021


Canadian Pacific is a transcontinental railway in Canada and the United States with direct links to major ports on the west and east coasts, providing North American customers a competitive rail service with access to key markets in every corner of the globe. CP is growing with its customers, offering a suite of freight transportation services, logistics solutions and supply chain expertise. Visit to see the rail advantages of CP.


Job Description:

Canadian Pacific’s Enterprise Security team is seeking a passionate security governance, risk and compliance professional to help us manage cybersecurity risks. You will be responsible for working with IT teams to effectively manage risks and protect the company’s information, information systems and customer data.


Position Accountabilities:

The successful candidate will perform the following activities:

  • Assess, identify and document cybersecurity risks that may exist in various IT solutions in a manner that highlights the business impact and risk;
  • Provide appropriate risk treatment options for identified risks;
  • Work with IT teams to develop solutions that address cybersecurity risks and concerns;
  • Lead the interaction with project stakeholders around the management of cybersecurity risks;
  • Work with 3rd party vendors (including cloud-based vendors) to assess their cybersecurity and technology risks;
  • Provide cybersecurity advice and guidance to IT and project teams;
  • Develop, implement and maintain cybersecurity policies, standards, directives and processes;
  • Manage a security framework and controls tailored around NIST Cybersecurity Framework and ISO 27001;
  • Educate, evangelize and promote cybersecurity policies, standards and processes across the IS department;
  • Conduct research to maintain and expand knowledge on the latest cybersecurity technologies and standards;
  • Various other duties as required.


Position Requirements:

  • Strong knowledge and experience with information technology and cybersecurity;
  • University degree or college diploma in an IT or Engineering related field;
  • 5+ years of IT experience with a diverse technology background;
  • 3+ years of experience specifically in an IT risk management, compliance or security assessment role;
  • Knowledge of  ISO 27001 and 27002 and NIST Cybersecurity Framework;
  • Familiarization with cloud provider security frameworks and controls;
  • Experience with or extensive familiarity with information security concepts such as:
    • Access control models, authentication, authorization, etc.
    • Cloud
    • Defense in depth principles
    • Linux / Windows security
    • Network architecture and secure network design
  • IT industry security certification (CISA, CISSP, CRISC or GIAC) or equivalent working experience is desirable (but not mandatory);
  • Previous consulting experience with one of the large professional services firms is desirable (but not mandatory).


About You:

  • Strong communication abilities with technical and non-technical audiences;
  • Strong analytical, investigative and problem solving mindset;
  • Must be team oriented and at the same able to work with limited supervision;
  • Communicate exceptionally well with management, peers, and customers;
  • Have high attention to detail and commitment to quality;
  • Ability to work effectively in a fast-paced, changing environment;
  • Excellent time management skills;
  • Desire for continuous improvement and a commitment to best practices.




Apply now »