Senior Manager Cloud Security & DevSecOps Architecture

Canadian National Railway - Montréal, QC (6 months ago)

Apply Now

Job Summary

The purpose of this role is to establish a Cloud security and DevSecOps practice, develop & mentor a team, and define cybersecurity reference architectures and standards for all Cloud environments at CN, and define processes for ensuring security through DevOps activities.

Main Responsibilities
Leading Others
Partner with HR to bring new talent to the organization by determining which skills and roles will be required in the future and by making thoughtful hiring decisions
Provide a positive and welcoming onboarding experience to all new employees by ensuring they have access to the tools and resources needed to fulfill the requirements of their job
Recognize employee milestones (service awards, retirements, etc.) as well as significant contributions and enhanced responsibilities
Focus on communications and foster collaboration by regularly providing updates to teams about ongoing initiatives and encouraging teams to work together to accomplish common goals and learning
Manage employee performance by ensuring employees who are not meeting expectations are identified and supported through the performance improvement process
Create and enable a positive and engaging work environment by ensuring individual strengths are uncovered and leveraged through frequent and focused conversations - collaborate, coach and build connections with employees
Participate in succession planning by contributing to the yearly talent review cycle and identifying employees with the potential to move up the management and expertise paths
Support employee development by having regular career conversations with all employees (documented and tracked) and supporting them in reaching their career goals
Ensure knowledge is preserved through cross-training for key skill sets in the team (knowledge transfer)
Cloud Security & DevSecOps Architecture Practice Development
Direct and put in place the proper sets of cloud security architecture controls to manage safety and security risk while enabling the business for technology systems such as: service-oriented-architectures; cloud technologies and containers; advanced analytics; AI; Industrial IoT;, networking infrastructure; mobile technologies; etc.
Ensure the cloud security architecture is maintainable, sustainable and properly documented
Maintain and build relevant, current, valid and reliable team knowledge related to cloud security architecture to leverage existing cybersecurity infrastructure and process, where appropriate, and drive configuration standards while supporting digital transformation in the I&T environment
Drive key decisions involving cloud architecture and technologies
Advance security team accomplishments and competence by planning delivery of solutions; answering technical and procedural questions for less experienced team members; teaching improved processes; mentoring team members
Ensure the full documentation of security designs, as built architectures and operational processes through clear diagrams and well-written documents
Cloud Security Roadmap and Strategy
Collaborate with the CISO, cybersecurity team, portfolio managers, other architects, and I&T leadership to understand the business direction and consequent impact on the security posture
Define the proper course of action and investment strategy by building business cases and security roadmaps
Engage the cloud vendor ecosystem to understand capabilities and limitations to drive improvements in the security posture of current products, and assist in the selection of the right partners
Engage the cybersecurity vendor ecosystem to understand capabilities, options for compensating controls and risk mitigations to facilitate the selection of partners that integrate with the overall architecture
Continuously monitor and evaluate the environment through self-assessments and independent security reviews. Enable management to identify deficiencies and inefficiencies and to initiate improvement actions though security roadmap and strategies
Working Conditions

Occasional business travel (Canada and US) in accordance with CN policy

Requirements
Experience
Minimum 15 years overall IT experience, preferably in software development
Minimum 10 years experience in software development security
Minimum 5 years experience in cloud security architecture
Multi-cloud experience including AWS, Azure, and Google Cloud Platform (asset)
Experience with Agile and DevOps methodologies (asset)
Experience in securing RPA functions and leveraging RPA for security tasks (asset)
Experience supervising and mentoring others is highly preferred (asset)
Railroad, transportation, or Global industrial experience is a significant plus (asset)
Education/Certification/Designation
Bachelor’s degree in Computer Science, Computer Engineering, Electrical Engineering, System Analysis or other relevant field
Master’s degree in related field preferred
At least one recognized Cloud security certification: e.g. Certified Information Systems Security Professional (CISSP), Certificate of Cloud Security Knowledge (CCSK), Certified Cloud Security Professional (CCSP), GIAC Cloud Security Automation (GCSA) etc.
Architecture related certifications (TOGAF, Zachman, CISSP-ISSAP, etc.) preferred
Competencies
Ability to define and organise an architecture security apparatus in reusable building blocks: patterns, services, components, capability models, etc.
Demonstrated capability to understand the security implications of complex business operations and how they are linked to technological solutions that provide practical risk mitigation and business enablement
Significant and proven experience in applying a structured approach to problem resolution in large, geographically dispersed organizations with 24/7 operations
Ability to derive security requirements from vaguely formulated business needs
Ability to interact with a broad cross-section of personnel to explain and enforce security measures
Excellent written and verbal communication skills as well as business acumen
Detail-oriented self-starter with a high level of commitment and personal motivation
Knack for prioritizing tasks and working in a fast-paced environment
Technical Skills/Knowledge
Expert knowledge of the processes, methodologies, tools and techniques, used for building large information technology systems in private and public clouds
Knowledge of standards, regulations and legislation governing Information Security, e.g. NIST, ISO 27001, OWASP
Knowledge of general IT security architecture and technologies including: service-oriented-architectures, mobile technologies including Mobile Device Management (MDM), data-centric design, advanced analytics, AI, Identity and Access Management (IAM) lifecycles, Digital Forensics, End Point Encryption, Encryption Key Management, Database Security, Enterprise Directory Services, IDS, IPS, Next Generation Firewall, Application Firewall, Enterprise Password Vaults , Cloud SaaS /PaaS/IaaS Security, SIEM, etc. (asset)
In depth understanding of securing APIs (asset)
Deep knowledge of container security, especially Kubernetes (asset)

CN is an employment equity employer and we encourage all qualified candidates to apply. We thank all applicants for their interest, however, only candidates under consideration will be contacted. Please monitor your email on a regular basis, as communication is primarily made through email.