Senior Expert, Security Architecture

At CN, we work together to move our company-and North America-forward. Be part of our Information & Technology (I&T) team, a critical piece of the engine that keeps us in motion. From enterprise architecture to operational technology, our teams use the agile methodology to automate and digitize our railroad ensuring our operations run optimally and safely and our employees can focus on value-added tasks. You will be able to develop your skills and career in our close-knit, safety-focused culture working together as ONE TEAM. The careers we offer are meaningful because the work we do matters. Join us!

Job Summary

The Senior Expert, Security Architecture is responsible for overseeing the technical aspects of the architects responsible for translating business direction into a fit-for-purpose security strategy defining the building blocks that ensure the safety of computing operation and business initiative enablement. The role is accountable for defining, maintaining, and supporting the information security architecture framework and related processes to ensure alignment of other architecture groups to the governance framework and related risk management processes. The incumbent is a senior resource supporting others with deep technical challenges and enables other groups to support the security posture. The role develops and maintains the architectural apparatus required to drive the delivery and maintenance of CNs security capabilities and guide of other architecture practice.

Main Responsibilities

Build Security Architectures 

•                     Act as a thought leader for security architecture and provide knowledge and coaching to stakeholders and peer architects.

•                     Introduce and lead security transformation through enterprise architecture efforts and artifact documentation.

•                     Define the security transformation journey by developing the security vision, patterns, use cases, principles, strategy, operating model, and architecture.

•                     Understand CN’s business and information technology to translate it into a Security target architecture to rapidly integrate new technologies to fuel CN’s digital transformation.

•                     Apply automation to generate information, make decisions, and execute process activities.

•                     Focus on the architecture while peer architects deal with its individual parts.

•                     Put in place best-in-class security architecture processes for designing large-scale and sophisticated technology systems.

•                     Work with peer architects, to produce and maintain appropriate relationships between business, information, application, technology, and solution architects to build consistent security architecture artifacts.

•                     Ensure alignment with corporate information standards and policies, as well as all areas of enterprise architecture.

Technical Leadership 

•                     Look for and evaluate new practices and technology disruptors which may impact the security architecture.

•                     Incorporate new best practices into the security architecture practice.

•                     Provide key input on technologies at CN to drive security transformation.

•                     Position the use of new technology within the security architecture .

•                     Provide practical advice about security architecture and security automation.

•                     Work with peer architects to provide guidance on a comprehensive governance model to ensure solutions are developed according to the defined security architecture.

Manage Relationships 

•                     Educate and explain how security architecture aids in achieving CN’s business strategy and delivery of the expected business outcomes.

•                     Educate and explain the purpose, value, and use of the various security architecture models.

•                     Educate and influence Information and Technology (I&T) so everyone understands security architecture strategy and outcomes.

•                     Communicate deliverables with stakeholders in Architecture, Integration, Operation, Supply Management, Legal and various business lines.

Working Conditions

The role has standard working conditions in an office environment with a regular workweek from Monday to Friday. Due to the nature of the role, the incumbent must be able to meet tight deadlines, handle pressure, and stress. The role requires occasional travel (10%) within Canada and the United States (U.S.) in accordance with CN policy for meetings with ecosystem partners or to attend industry events or conferences.

Requirements

Experience

Architecture and Security Transformation

•                     Minimum 15 years of experience in various architecture roles, with recent experience in security transformation

§  In-depth experience developing a security vision, principles, strategy, operating model, and architecture.

§  Significant experience in applying a structured approach to problem resolution.

Education/Certification/Designation

•                     Bachelor's Degree in Computer Science, Information Systems, a related field, or equivalent related project experience.

•                     Certified Information Systems Security Professional (CISSP)

•                     Certifications in Offensive Security (e.g., Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP))*

*Any designation for these above would be considered as an asset

Competencies

•                     Applies critical thinking.

•                     Knows the business and stays current on industry needs.

•                     Demonstrates agility and drives change.

•                     Collaborates with others and shares information.

•                     Communicates with impact.

•                     Identifies needs and finds solutions to create value for all stakeholders.

•                     Identifies potential safety and security risks.

•                     Leads by example for the safety and security of all.

Technical Skills/Knowledge

•                     Ability to define and organize an architecture security apparatus in reusable building blocks.

•                     Knowledge of the security implications of complex business operations and how they are linked to technological solutions that provide practical risk mitigation and business enablement.

•                     Knowledge of the processes, methodologies, tools, and techniques, used for building large information technology system.

•                     Good knowledge of the technologies and architecture principles required to build complex information technology system.

•                     Knowledge of standards, regulations and legislation governing Information Security (e.g., PCI DSS, ISO 27001, Open Web Application Security Project (OWASP))

•                     Familiarity with Architecture framework (Togaf, Zachman)*.

•                     Familiarity with Security frame works (e.g., Center for Internet Security (CIS), National Institute of Standards and Technology (NIST), Massachusetts Institute of Technology Research and Engineering (MITRE))*.

•                     Knowledge of Rail, Transportation, or Logistics industry*.

•                     *Any knowledge for any of the above would be considered as an asset.

This position is posted as a grade LEVEL 5. For internal candidates, note that the grade level of the position may adjust based on the employee's experience.

About CN

CN is a world-class transportation leader and trade-enabler. Essential to the economy, to the customers, and to the communities it serves, CN safely transports more than 300 million tons of natural resources, manufactured products, and finished goods throughout North America every year. As the only railroad connecting Canada’s Eastern and Western coasts with the Southern tip of the U.S. through a 19,500 mile rail network, CN and its affiliates have been contributing to community prosperity and sustainable trade since 1919. CN is committed to programs supporting social responsibility and environmental stewardship. At CN, we work as ONE TEAM, focused on safety, sustainability and our customers, providing operational and supply chain excellence to deliver results.