Security Architect

Metrolinx

2d•Onsite

About The Position

Metrolinx is connecting communities across the Greater Golden Horseshoe. Metrolinx operates GO Transit and UP Express, as well as the PRESTO fare payment system. We are also building new and improved rapid transit, including GO Expansion, Light Rail Transit routes, and major expansions to Toronto’s subway system, to get people where they need to go, better, faster and easier. Metrolinx is an agency of the Government of Ontario. At Metrolinx, equity, diversity and inclusion are essential to living our values of serving with passion, thinking forward and playing as a team. Metrolinx's Innovation and Information Technology group supports female team members via "Go Tech Women" an affinity group for women in Information Technology, led by our Chief Information Officer. If you enjoy technology and innovation, value diversity, appreciate work/balance and are looking for an opportunity to make a better world via public service, Metrolinx would like to hear from you! The OT Security Architect is responsible for designing, assessing, and governing cybersecurity architecture for OT specifically in railway operational technology environments. This role ensures that rail systems such as signaling, SCADA, wayside assets, onboard systems, communications networks, maintenance systems, and dispatch platforms are secure, resilient, and aligned with standards including IEC 62443, NIST CSF, NIST SP 800-82, TS 50701, APTA guidance, and applicable rail safety/security regulations.

Requirements

Bachelor’s degree in Cybersecurity, Electrical Engineering, Computer Engineering, Systems Engineering, or related field.
Demonstratedyears in cybersecurity, with significant experience in OT/ICS security architecture experience in rail, transit, transportation, or other critical infrastructure environments is preferred
Experience with standards/frameworks IEC 62443, NIST CSF, NIST SP 800-82, TS 50701 and ISO 27001 and APTA and transport-sector cybersecurity guidance
Experience with IEC 62443 2-3 risk assessment methodology
Good technical understanding of common OT systems such as PCS, SCADA, PLCs, RTUs, HMIs, CNC, etc.
IEC 62443 related certifications
Ability to work independently on initiatives with little oversight.

Nice To Haves

TOGAF Certification is an asset.
Enhanced reliability security clearance or equivalent is an asset.
For projects involving classified information/assets, Enterprise Security Architects may require enhanced reliability clearances or equivalent.

Responsibilities

Review system designs, interface control documents, network diagrams, and procurement specifications and define cybersecurity requirements for rail projects, upgrades, and tenders.
Collaborates with business leaders, developers, engineers enterprise architecture and other stakeholders to identify future needs to streamline the security strategies, define security standards and reference security architecture.
Assists with translating security architecture roadmaps into a portfolio of programs, projects, enhancement, and other initiatives to define the journey map from current state to the future state.
Contribute to policy, standards, and technical baselines for OT security and in rail OT.
Conduct cyber security risk assessments for new and existing rail OT systems against standards and frameworks including one or more of the following: IEC-62243/ISA-99, APTA, CLC/TS 50701, OWASP, CVE, WASC, NIST 800-82 methodologies.
Ability to conduct technical risk assessments and mitigation on AI, Machine learning technologies and platforms
Recommend remediation roadmaps balancing security, safety, availability, and operational constraints.
Work with signaling, communications, rolling stock, infrastructure, operations, safety, and enterprise IT teams for secure integration into rail environments
Engage with OEMs, integrators, assessors, and project managers.
Provide technical leadership to engineers and project teams on OT security architecture decisions.
Broad understanding of applications and infrastructure data flow to build threat models
Strong communication skills, and the ability to understand and translate cyber security threats from a technical perspective to business-line, ability to communicate risks and propose counter measures to senior technology executives.