Core Job Responsibilities:

• Provide Cybersecurity Controls Assessment / Monitoring support for the BTS IT organization.
• Evaluate scope of planned testing activities for assigned assessments and align with integrated controls framework.
• Support all phases of controls assessments of IT systems from preparation to discussion of any identified deficiencies and remediation monitoring support.
• Develop and support programs such as Continous Controls Monitoring (CCM), Online Commerce Assessment, IT Controls Remediation Monitoring.
• Establish and maintain productive relationships with all Cybersecurity and IT stakeholders including external partners.
• Champion change, innovation, and process thinking.
• Identify and execute on need for update and/or improvement to the integrated controls framework based on monitoring trends and/or control environment changes Risk Evaluation and Remediation.
• Evaluate and prioritize remediation activities and execute risk acceptance process where appropriate - Practices appropriate risk-based root cause analysis methodology that considers the organization s strategic direction and priorities.
• Advise on rollout and management of Cybersecurity Controls Assessment initiatives and support associate strategy in enterprise initiatives as a representative of Enterprise Cybersecurity Group.

Position Accountability/Scope:

The position is responsible for providing guidance and support for Cybersecurity Controls Management to both business and IT control owners.

Minimum Education:

Bachelors Degree (preferably in Computer Science or Information Technology) or equivalent plus 4+ years of related work experience with IT general controls, data privacy and audit support, or an equivalent combination of education and work experience.

Minimum Experience/Training Required:

• Strong analytical skills and the ability to organize work in a logical, thorough and succinct manner.
• Highly self-motivated, goal orientated, and self-directed
• Good understanding of Cybersecurity Standards, SOX, General IT Controls, PCIDSS, Operations Technology and Data Privacy Regulations. Previous auditor experience preferred.
• Familiarity with GRC Tools such as Archer will be preferred.
• CISSP / CISA or similar certification preferred but not essential.
• Good understanding of IT systems and controls including: ERPs, Web systems, e-commerce, data centres, network infrastructure, patching, access controls, databases, CRM, cloud systems etc.
• Familiarity with risk management principles, regulatory requirements and, industry best practices.
• Flexibility to adapt to changing assignments and ability to effectively prioritize
• Excellent ability to communicate effectively, both verbally and in writing to all levels of management
• Ability to express a point of view, and advise on risk and control considerations

The base pay for this position is

In specific locations, the pay range may vary from the range posted.

Employement Category: