Cloud Security & DevSecOps Architecture Practice
Put in place the proper sets of cloud security architecture controls to manage safety and security risk while enabling the business for technology systems such as: service-oriented-architectures; cloud technologies and containers; advanced analytics; AI; Industrial IoT; networking infrastructure; mobile technologies; etc.
Ensure the cloud security architecture is maintainable, sustainable, and properly documented
Maintain and build relevant, current, valid, and reliable team knowledge related to cloud security architecture to leverage existing cybersecurity infrastructure and process, where appropriate, and drive configuration standards while supporting digital transformation in the I&T environment
Facilitate key decisions involving cloud architecture and technologies
Advance security team accomplishments and competence by planning delivery of solutions; answering technical and procedural questions for less experienced team members; teaching improved processes; mentoring team members
Ensure the full documentation of security designs, as built architectures and operational processes through clear diagrams and well-written documents
Cloud Security Roadmap and Strategy
Collaborate with the CISO, Sr. Mgr. Cloud Security & DevSecOps Architecture, cybersecurity team, portfolio managers, other architects, and I&T leadership to understand the business direction and consequent impact on the security posture
Define the proper course of action and investment strategy by building business cases and security roadmaps
Engage the cloud vendor ecosystem to understand capabilities and limitations to drive improvements in the security posture of current products, and assist in the selection of the right partners
Engage the cybersecurity vendor ecosystem to understand capabilities, options for compensating controls and risk mitigations to facilitate the selection of partners that integrate with the overall architecture
Continuously monitor and evaluate the environment through self-assessments and independent security reviews. Enable management to identify deficiencies and inefficiencies and to initiate improvement actions though security roadmap and strategies
Working Conditions
Occasional business travel (Canada and US) in accordance with CN policy
Requirements
Experience
Minimum 12 years overall work experience
Minimum 8 years I&T experience
Minimum 5 years experience in cloud security architecture
Proven experience in applying a structured approach to problem resolution in large, geographically dispersed organizations with 24/7 operations
Multi-cloud experience including AWS, Azure, and Google Cloud Platform, an asset
Experience with Agile and DevOps methodologies, an asset
Railroad, transportation, or Global industrial experience is a significant asset
Education/Certification/Designation
Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering, System Analysis, or another relevant field
At least one recognized Cloud security certification: e.g. Certified Information Systems Security Professional (CISSP), Certificate of Cloud Security Knowledge (CCSK), Certified Cloud Security Professional (CCSP), GIAC Cloud Security Automation (GCSA) etc.
Architecture related certifications (TOGAF, Zachman, CISSP-ISSAP, etc.) asset
Competencies
Ability to define and organize an architecture security apparatus in reusable building blocks: patterns, services, components, capability models, etc.
Demonstrated capability to understand the security implications of complex business operations and how they are linked to technological solutions that provide practical risk mitigation and business enablement
Ability to derive security requirements from vaguely formulated business needs
Ability to interact with a broad cross-section of personnel to explain and enforce security measures
Excellent written and verbal communication skills
Detail-oriented self-starter with a high level of commitment and personal motivation
Knack for prioritizing tasks and working in a fast-paced environment
Technical Skills/Knowledge
Strong knowledge of the processes, methodologies, tools, and techniques, used for building large information technology systems in private and public clouds
Knowledge of standards, regulations and legislation governing Information Security, e.g. NIST, ISO 27001, OWASP
Knowledge of general IT security architecture and technologies including: service-oriented-architectures, mobile technologies including Mobile Device Management (MDM), data-centric design, advanced analytics, AI, Identity and Access Management (IAM) lifecycles, Digital Forensics, End Point Protection, Encryption, Encryption Key Management, Database Security, Enterprise Directory Services, IDS, IPS, Next Generation Firewalls, Application Firewalls, Enterprise Password Vaults, Cloud SaaS /PaaS/IaaS Security, SIEM, etc., an asset
Understanding of securing APIs, OpenID Connect, OAuth an asset
Understanding networking including SD-networks and service meshes, an asset
Knowledge of container security concerns, especially with Kubernetes, an asset
At CN, we are dedicated to building North America's safest, most inclusive and sustainable railroad, which includes reflecting the communities in which we operate. Research shows that candidates from underrepresented groups often don't apply unless they feel they fit the job posting at 100%. Even if you don't see yourself in every job requirement listed in a posting, we still encourage you to apply. If you require an accommodation for the recruitment process (including alternate formats of materials, accessible meeting rooms or other accommodations), please reach out to our team at cnrecruitment@cn.ca.
As an equal employment opportunity employer, all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, and other protected status as required by applicable law. We thank all applicants for their interest, however, only candidates under consideration will be contacted. Please monitor your email on a regular basis, as communication is primarily made through email.