A career at TransLink and our family of companies means working with people with a wide range of skills and perspectives, all teaming up towards a common goal: preserving and enhancing the region’s world-envied quality of life. Together, we connect the region and enhance its livability by providing a sustainable transit and transportation network, embraced by our communities and people.

At TransLink we are dedicated to building a workforce that reflects the diversity of the communities in which we live. We’re committed to fostering an inclusive, equitable and accessible workplace, recognizing the unique value and skills every individual brings.

Looking for a great place to work where your contributions are valued and you can make a difference in a vibrant city? At TransLink, one of BC’s Top Employers, you’ll help make Metro Vancouver a better place to live, built on transportation excellence. Put your future in motion!

PRIMARY PURPOSE

The Senior Cybersecurity Risk Management Specialist plays a critical role in protecting valuable information and maintaining the organization’s security posture through maintaining the Cybersecurity risk register in addition to providing consistent risk management activities and controls. The Senior Specialist the effective tracking of cyber risk mitigation efforts and risk communication strategies and provides a senior level of expertise to strengthen and maintain a robust and sustainable cybersecurity risk management practice.

KEY ACCOUNTABILITIES

Leads the planning and fortifying of the cybersecurity risk register, ensuring regular updates with accurate information, and collaborating with stakeholders to gather, assess and document cybersecurity risks.

Facilitates risk prioritization processes, and coordinates risk mitigation intakes.  Identifies risk owners, empowering them with data for decision making, to help the execution of risk action plans on all open and pending risks.

Maintains and enhances risk lifecycle management processes and keeps track of risk treatment progress and continuous reporting. Holds the accountability to maintain a comprehensive and up-to-date documentation of identified risks, assessment methodologies, and mitigation strategies.

Ensures alignment of security policy, standards, and controls with the enterprise security risk management framework to produce scalability and flexibility.

Works collaboratively with a variety of stakeholders, across business lines and functions to assess security related business impacting cybersecurity risks and their prioritization.

Provides expert advice on Cybersecurity risk register management, risk management activities, guiding teams in the identification, assessment, and prioritization of cyber risks, and collaborates to recommend and implement effective controls for risk mitigation.

Leads monitoring and tracking of the implementation and effectiveness of cybersecurity risk mitigation measures, collaborating cross-functionally to ensure timely and effective risk reduction efforts.

Develops and implements communication strategies for cybersecurity risk matters, ensuring clear and effective communication of cyber risk status, mitigation progress, and pertinent updates to stakeholders.

Provides technical expertise in cybersecurity and risk management and strong collaboration and communication skills to address cyber risks comprehensively and transparently within TransLink.

Assists in the development and reporting of KPI, KRI’s and other key metrics to ensure effectiveness, risk profile, and compliance, for strategic, operational, and executive reports and dashboards to ensure consolidated views of TransLink’s overall security posture and risk profile, enabling informed decision making.

Provides support and advisory to TransLink operating companies on risk management practice.

EDUCATION AND EXPERIENCE

The requirements of this role are typically acquired though completion of a university degree in Computer Science, Computer Engineering, Information Security, or equivalent plus (6) six years of related experience in Cybersecurity risk management.  Requires relevant certifications such as CISSP, CISM, or CRISC

KNOWLEDGE AND SKILL

Advanced understanding of cybersecurity principles and access control best practices.

Advanced understanding and experience with risk assessment process including identifying, evaluating, and prioritizing potential threats and vulnerabilities within an organization’s systems and networks.

Solid knowledge of risk prioritization based on criticality, resource availability, and business impact.

Solid knowledge with the evaluation, security posture and compliance of external vendors, partners, and supply chain risk.

In-depth knowledge of cybersecurity principles, risk management frameworks, and industry best practices.

Good understanding of threat models, attack vectors, risk assessment frameworks and drivers of offensive operations such as tactics, techniques, and procedures (TTPs) used by cyber adversaries.

Excellent leadership and communication skills for effective strategy implementation.

Ability to explain complex concepts to senior leadership non-technical stakeholders.

Ability to assess cybersecurity risks and devise effective mitigation strategies.

Ability to conceptualize, evaluate, and synthesize information to make unbiased judgments and relevant recommendations.

Ability to stay updated on emerging threats and risk assessment and management best practices.

OTHER REQUIREMENTS

Solid knowledge of security frameworks the National Institute of Standards and Technology (NIST) Cybersecurity Framework, ISACA’s Control Objectives for Information Related Technology (COBIT), and PCI DSS (Payment Card Industry Data Security Standard) and BC’s Freedom of Information and Protection of Privacy Act (FOIPPA).

Advanced interpersonal and communication skills to influence others and provide specialized guidance and expertise to all levels of stakeholders internally and externally, peers and vendors as required.

Demonstrated ability to build trusted and collaborative working relationships with business and cross functional teams.

Advanced analytical and critical thinking skills to manage conflict resolution, facilitating discussion, and alternatives of different approaches.

Advanced decision-making and problem-solving skills, with a proven ability to weigh the relative costs, risks, and benefits of potential solutions and make sound recommendations to senior leaders and peers.

Solid planning, organization, and time management skills with strong ability to organize competing priorities.

Proven experience in managing and implementing cybersecurity risk management strategies.

Strategic mindset with the ability to adapt practices to evolving security landscapes.

Proficient in developing and maintaining metrics, KPIs and KRIs.

High level of integrity and commitment to maintaining confidentiality in handling sensitive information

Recruitment Process: An applicant will be required to demonstrate their suitability for this position by meeting the minimum level of qualifications and experience in order to be invited into the selection process. A standard interview format will be used including general, scenario and behavioural descriptive interview questions.

37.5 hours per week.

Hybrid

This position offers the flexibility of working both on-site and remotely within B.C.

Salary $97,600 – $146,400 per annum (Actual salary offered will be commensurate with education, experience and internal parity).

The Total Compensation Package includes Extended Health, Dental, Transit Pass and enrollment in the Public Service Pension Plan. Focus on your development through tuition reimbursement, training, and mentorship programs. Enjoy a variety of health and wellness programs, including access to gym facilities. Speak to us to know more about what we offer.

Please click the ‘Apply’ button at the top right corner of the page or go to http://www.translink.ca/careers to apply for this position and view instructions on the process.

INSTRUCTIONS:  Please save your (1) cover letter, and your (2) resume as one pdf document prior to uploading your application on-line.

Apply