Apply now »

Specialist, Security Governance

  • Req ID: 86012
  • Department: Information Services
  • Job Type: Full-Time
  • Position Type: Non-Union
  • Location: Calgary, Alberta
  • Country: Canada
  • % of Travel: 0-10%
  • # of Positions: 1
  • Job Available to: Internal & External
  • Deadline to apply: 10/18/2021


Canadian Pacific is a transcontinental railway in Canada and the United States with direct links to major ports on the west and east coasts, providing North American customers a competitive rail service with access to key markets in every corner of the globe. CP is growing with its customers, offering a suite of freight transportation services, logistics solutions and supply chain expertise. Visit to see the rail advantages of CP.


Job Description:

Canadian Pacific’s Enterprise Security team is seeking a passionate security governance, risk and compliance professional to help us with cybersecurity risk management. You will be responsible for working with IT teams to effectively identify and manage risks in order to protect the company’s information, information systems and customer data.


Position Accountabilities:

The successful candidate will perform the following activities:

  • Assess, identify and document cybersecurity risks that may exist in various IT solutions in a manner that highlights the business impact and risk;
  • Provide appropriate risk treatment options for identified risks;
  • Work with IT teams to develop solutions that address cybersecurity risks and concerns;
  • Lead the interaction with project stakeholders around the management of cybersecurity risks;
  • Work with 3rd party vendors (including cloud-based vendors) to assess their cybersecurity and technology risks;
  • Provide cybersecurity advice and guidance to IT and project teams;
  • Develop, implement and maintain cybersecurity policies, standards, directives and processes;
  • Manage a security framework and controls tailored around NIST Cybersecurity Framework and ISO 27001;
  • Educate, evangelize and promote cybersecurity policies, standards and processes across the IS department;
  • Conduct research to maintain and expand knowledge on the latest cybersecurity technologies and standards;
  • Various other duties as required.


Position Requirements:

  • Strong knowledge and experience with information technology and cybersecurity;
  • University degree or college diploma in an IT or Engineering related field;
  • 5+ years of IT experience with a diverse technology background;
  • 3+ years of experience specifically in an IT/ Cyber risk management or security risk assessment role;
  • Knowledge of  ISO 27001, 27002 and NIST Cybersecurity Framework;
  • Familiarization with Amazon Web Services (AWS) and Azure security model and controls;
  • Experience with or extensive familiarity with information security concepts such as:
    • Access control models, authentication, authorization, etc.
    • Cloud Security
    • Defense in depth principles
    • Linux / Windows security
    • Network architecture and secure network design
  • Previous experience of working with any risk management tool
  • IT industry security certification (CISSP, CRISC, CCSP or CISA ) or equivalent working experience is desirable (but not mandatory);
  • Previous consulting experience with one of the large professional services firms is desirable (but not mandatory).


About You:

  • Good written and verbal communication abilities with technical and non-technical audiences;
  • Good analytical, investigative and problem solving mindset;
  • Must be team oriented and at the same able to work with limited supervision;
  • Communicate exceptionally well with management, peers, and customers;
  • Have high attention to detail and commitment to quality;
  • Ability to work effectively in a fast-paced, changing environment;
  • Excellent time management skills;
  • Desire for continuous improvement and a commitment to best practices.

Apply now »