Expert OT Security Architecture

At CN, we work together to move our company-and North America-forward. Be part of our Information & Technology (I&T) team, a critical piece of the engine that keeps us in motion. From enterprise architecture to operational technology, our teams use the agile methodology to automate and digitize our railroad ensuring our operations run optimally and safely and our employees can focus on value-added tasks. You will be able to develop your skills and career in our close-knit, safety-focused culture working together as ONE TEAM. The careers we offer are meaningful because the work we do matters. Join us!

Job Summary

The purpose of this role is to evaluate Operational Technology (OT) solutions, configurations, and designs against security requirements, and define cybersecurity reference architectures and standards for all OT environments at CN.

Main Responsibilities

OT Security Architecture Practice

• Put in place the proper sets of OT security architecture controls to ensure authenticity, non-repudiation, and least privilege commensurate with risk requirements.

• Ensure the OT security architecture is maintainable, sustainable and properly documented.

• Maintain and build relevant, current, valid and reliable team knowledge related to OT and Security Architecture to leverage existing cybersecurity infrastructure and process, where appropriate, while supporting Transportation, Mechanical and Network Ops functions in enacting risk-based security controls as part of a broader OT environment.

• Facilitate key decisions involving OT architecture and technologies.

• Advance security team accomplishments and competence by planning delivery of solutions; answering technical and procedural questions for less experienced team members; teaching improved processes; mentoring team members.

• Ensure the full documentation of security designs, as built architectures and operational processes through clear diagrams and well-written documents.

OT Security Roadmap and Strategy

• Collaborate with the CISO, Sr Mgr OT Security Architecture, cybersecurity team, portfolio managers, other architects, and I&T leadership to understand the business direction and consequent impact on the security posture.

• Define the proper course of action and investment strategy by building business cases and security roadmaps.

• Engage the OT vendor ecosystem to understand capabilities and limitations to drive improvements in the security posture of current products, and assist in the selection of the right partners.

• Continuously monitor and evaluate the environment through self-assessments and independent security reviews. Enable management to identify deficiencies and inefficiencies and to initiate improvement actions though security roadmap and strategies.

Requirements

Education/Certification/Designation

• Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering, System Analysis or other relevant field

• At least one recognized security certification: e.g. Certified Information Systems Security Professional (CISSP), Global Industrial Cyber Security Professional (GICSP), ISA/IEC 62443 Cybersecurity Expert, etc.

• Architecture related certifications (TOGAF, Zachman, CISSP-ISSAP, etc.) preferred

Skills/Knowledge

• Ability to define and organise an architecture security apparatus in reusable building blocks: patterns, services, components, capability models, etc;

• Demonstrated capability to understand the security implications of complex business operations and how they are linked to technological solutions that provide practical risk mitigation and business enablement;

• Strong knowledge of the processes, methodologies, tools and techniques, used for building large information technology systems;

• Proven experience in applying a structured approach to problem resolution in large, geographically dispersed organizations with 24/7 operations;

• Strong knowledge of the technologies and architecture principles required to build complex operational technology systems such as: Programmable Logic Controllers (PLCs); Supervisory Control and Data Acquisition (SCADA); Distributed Control Systems (DCS); Human Machine Interface (HMI); Industrial network ports and protocols (such as TCP/IP, UDP, DNP3, Modbus, IEC 61850, PROFINET, OPC, LonWorks, DALI, BACnet, KNX, EnOcean, etc.); etc;

• Deep understanding of ICS design considerations with emphasis on human safety and the availability/security of operating environment as well as threats, vulnerabilities, and exploits in ICS environments and appropriate mitigation techniques.

• Ability to derive security requirements from vaguely formulated business needs;

• Ability to interact with a broad cross-section of personnel to explain and enforce security measures

• Excellent written and verbal communication skills;

• Detail-oriented self-starter with a high level of commitment and personal motivation;

• Knack for prioritizing tasks and working in a fast-paced environment;

• Knowledge of standards, regulations and legislation governing Information Security, e.g. NIST, ISO 27001, OWASP, ISA 62443;

Experience

• Minimum 12 years overall IT work experience

• Minimum 8 years OT experience

• Minimum 5 years experience in OT security architecture experience

Assets (if applicable)

• Software development experience

• Experience with Agile and DevOps methodologies

• Knowledge of general IT security architecture and technologies including: service-oriented-architectures, mobile technologies including Mobile Device Management (MDM), data-centric design, advanced analytics, AI, Identity and Access Management (IAM) lifecycles, Digital Forensics, End Point Encryption, Encryption Key Management, Database Security, Enterprise Directory Services, IDS, IPS, Next Generation Firewall, Application Firewall, Enterprise Password Vaults , Cloud SaaS /PaaS/IaaS Security, SIEM, etc.

• Deep knowledge of security foundations: cryptography, Root of Trust, security models, etc.

• Experience with NGFW, VPN, IPS/BDS, vulnerability management, access management, SIEM, and endpoint security in OT environments

• Railroad, transportation, or Global industrial experience is a significant plus

Working Conditions

Occasional business travel (Canada and US) in accordance with CN policy.

This position is posted as a grade LEVEL 7. For internal candidates, note that the grade level of the position may adjust based on the employee's experience.

About CN

CN is a world-class transportation leader and trade-enabler. Essential to the economy, to the customers, and to the communities it serves, CN safely transports more than 300 million tons of natural resources, manufactured products, and finished goods throughout North America every year. As the only railroad connecting Canada's Eastern and Western coasts with the Southern tip of the U.S. through a 19,500 mile rail network, CN and its affiliates have been contributing to community prosperity and sustainable trade since 1919. CN is committed to programs supporting social responsibility and environmental stewardship. At CN, we work as ONE TEAM, focused on safety, sustainability and our customers, providing operational and supply chain excellence to deliver results.

CN requires that all employees be fully vaccinated against COVID-19 and provide proof thereof as a condition of employment. The Company's vaccination mandate extends to employees of our wholly owned subsidiaries as well as CN's contractors, consultants, agents and suppliers and anyone who accesses CN properties in Canada.

CN is an employment equity employer and we encourage all qualified candidates to apply. We thank all applicants for their interest, however, only candidates under consideration will be contacted. Please monitor your email on a regular basis, as communication is primarily made through email.