Senior Manager OT Security Architecture | GPM-137

Senior Manager OT Security Architecture | GPM-137

09 Nov

09 Nov



At CN, we work together to move our company—and North America—forward. Be part of our Information & Technology (I&T;) team, a critical piece of the engine that keeps us in motion. From enterprise architecture to operational technology, our teams use the agile methodology to automate and digitize our railroad ensuring our operations run optimally and safely and our employees can focus on value-added tasks. You will be able to develop your skills and career in our close-knit, safety-focused culture working together as ONE TEAM. The careers we offer are meaningful because the work we do matters. Join us!

For internal candidates, note that the grade level of the position will depend on the employee's experience .

Job Summary

The purpose of this role is to establish an Operational Technology (OT) security practice, develop & mentor a team, and define cybersecurity reference architectures and standards for OT security at CN.

Main Responsibilities

Leading Others

- Partner with HR to bring new talent to the organization by determining which skills and roles will be required in the future and by making thoughtful hiring decisions

- Provide a positive and welcoming onboarding experience to all new employees by ensuring they have access to the tools and resources needed to fulfill the requirements of their job

- Recognize employee milestones (service awards, retirements, etc.) as well as significant contributions and enhanced responsibilities

- Focus on communications and foster collaboration by regularly providing updates to teams about ongoing initiatives and encouraging teams to work together to accomplish common goals and learning

- Manage employee performance by ensuring employees who are not meeting expectations are identified and supported through the performance improvement process

- Create and enable a positive and engaging work environment by ensuring individual strengths are uncovered and leveraged through frequent and focused conversations - collaborate, coach and build connections with employees

- Participate in succession planning by contributing to the yearly talent review cycle and identifying employees with the potential to move up the management and expertise paths

- Support employee development by having regular career conversations with all employees (documented and tracked) and supporting them in reaching their career goals

- Ensure knowledge is preserved through cross-training for key skill sets in the team (knowledge transfer)

OT Security Architecture Practice Development

- Direct and put in place the proper sets of OT security architecture controls to manage safety and security risk while enabling the business for technology systems such as: service-oriented-architectures; cloud technologies and containers; advanced analytics; AI; Industrial IoT; automation; networking infrastructure; mobile technologies; etc.

- Ensure the OT security architecture is maintainable, sustainable and properly documented

- Maintain and build relevant, current, valid and reliable team knowledge related to OT security architecture

- Drive key decisions involving OT security architecture and technologies

- Advance security team accomplishments and competence by planning delivery of solutions; answering technical and procedural questions for less experienced team members; teaching improved processes; mentoring team members

- Ensure the full documentation of security designs, as built architectures and operational processes through clear diagrams and well-written documents

OT Security Roadmap and Strategy

- Collaborate with the CISO, cybersecurity team, portfolio managers, other architects, OT and I&T; leadership to understand the business direction and consequent impact on the security posture

- Define the proper course of action and investment strategy by building business cases and security roadmaps

- Engage the OT security vendor ecosystem to understand capabilities, options for compensating controls and risk mitigations to facilitate the selection of partners that integrate with the overall architecture

- Continuously monitor and evaluate the environment through self-assessments and independent security reviews. Enable management to identify deficiencies and inefficiencies and to initiate improvement actions though security roadmap and strategies

Working Conditions

Occasional business travel (Canada and US) in accordance with CN policy



- Minimum 15 years overall IT, OT or Industrial Control System (ICS) experience

- Minimum 10 years experience in OT or ICS security

- Minimum 5 years experience in OT or ICS security architecture

- Virtual appliance configuration experience (asset)

- Experience with Agile methodology (asset)

- Experience supervising and mentoring others is highly preferred (asset)

- Railroad, transportation, or other global industrial experience


- Bachelor’s degree in Computer Science, Computer Engineering, Electrical Engineering, System Analysis or other relevant field

- Master’s degree in related field preferred

- At least one recognized OT security certification: e.g. Certified Information Systems Security Professional (CISSP), Global Industrial Cyber Security Professional (GICSP), ISA/IEC 62443 Cybersecurity Expert, etc.

- Architecture related certifications (TOGAF, Zachman, CISSP-ISSAP etc.) preferred


- Ability to define and organise an architecture security apparatus in reusable building blocks: patterns, services, components, capability models, etc.

- Demonstrated capability to understand the security implications of complex business operations and how they are linked to technological solutions that provide practical risk mitigation and business enablement

- Deep understanding of network protocols and standard approaches for network segmentation in OT or ICS environments

- Significant and proven experience in applying a structured approach to problem resolution in large, geographically dispersed organizations with 24/7 operations

- Ability to derive security requirements from vaguely formulated business needs

- Ability to interact with a broad cross-section of personnel to explain and enforce security measures

- Excellent written and verbal communication skills as well as business acumen

- Detail-oriented self-starter with a high level of commitment and personal motivation

- Knack for prioritizing tasks and working in a fast-paced environment

Technical Skills/Knowledge

- Expert knowledge of the processes, methodologies, tools and techniques, used for building large information technology system

- Expert knowledge of the technologies and architecture principles required to build complex operational technology systems such as: Programmable Logic Controllers (PLCs); Supervisory Control and Data Acquisition (SCADA); Distributed Control Systems (DCS); Human Machine Interface (HMI); Industrial network ports and protocols (such as TCP/IP, UDP, DNP3, Modbus, IEC 61850, PROFINET, OPC, LonWorks, DALI, BACnet, KNX, EnOcean, etc.); etc;

- Deep understanding of ICS design considerations with emphasis on human safety and the availability/security of operating environment as well as threats, vulnerabilities, and exploits in ICS environments and appropriate mitigation techniques.

- Knowledge of standards, regulations and legislation governing Information Security, e.g. NIST, ISO 27001, OWASP

- Knowledge of general IT security architecture and technologies including: service-oriented-architectures; mobile technologies; data-centric design; cloud technologies and containers; advanced analytics; AI; Identity and Access Management, Digital Forensics, End Point Encryption, Encryption Key Management, Database Security, Enterprise Directory Services, Application Firewall, Enterprise Password Vaults , Cloud SaaS /PaaS/IaaS Security, SIEM, etc. (asset)

- In depth understanding of infrastructure and network architecture and design, LAN/WAN implementation, and Windows/Linux environments (asset)

- Deep knowledge of security foundations: cryptography, Root of Trust, security models, etc. (asset)

CN is an employment equity employer and we encourage all qualified candidates to apply. We thank all applicants for their interest, however, only candidates under consideration will be contacted. Please monitor your email on a regular basis, as communication is primarily made through email.

The original job offer can be found in Kit Job:

Reply to this offer

Impress this employer describing Your skills and abilities, fill out the form below and leave Your personal touch in the presentation letter.

Subscribe to this job alert:
Enter Your E-mail address to receive the latest job offers for: senior manager ot security architecture | gpm-137
Publish a new Free Offer
Need to publish an offer? With more than 1 million unique users per month, you will find the ideal candidate for your company instantly, what are you waiting for!
Publish Now

Subscribe to this job alert