PRIMARY PURPOSE
In collaboration with the Systems Manager, provides comprehensive guidance and expertise to BCRTC in cybersecurity governance and planning to enhance the maturity of the security program and safeguard BCRTC's operational systems against evolving threats. Works with senior stakeholders and consultants to address critical issues, ensuring the confidentiality, integrity, and availability of the OT environment to maintain a safe, secure, and reliable revenue service.
KEY ACCOUNTABILITIES
Manages vulnerability assessments and penetration testing on Operational Technology systems to identify potential security risks and provides direction for remediation. Manages and executes BCRTC's Incident Response Plan for cyber-attacks in the role of Cyber Security Incident Manager.
Collaborates with internal and external stakeholders regarding OT cyber incident responses, determining appropriate courses of action and ensuring thorough investigation of OT security breaches and incidents to identify root causes, sources, methods, and resulting damage. Reviews security event reports, determines the need for further investigation, and escalates to the relevant authority. Leads any necessary full reviews and reporting for BCRTC.
Manages the Operational user security awareness campaign strategy and framework in alignment with BCRTC security policies, standards, and best practices.
Supports the development of cyber threat modeling and business impact analysis to ensure the environment is adequately protected with appropriate cybersecurity measures, tools, and controls.
Supports the Systems Manager in developing Key Performance Indicators (KPIs), Key Risk Indicators (KRIs), and Cyber Risk dashboards to continually monitor, report on, improve, and mature BCRTC's OT security posture.
Supports and leads as required, the development and implementation of processes to assess and monitor the effectiveness of OT Security, Risk, and Control procedures, ensuring adherence to standards and policies as appropriate.
Ensures compliance with government and rail industry regulatory OT/IT security requirements, BCRTC OT security policies and standards, programs, and activities. Oversees BCRTC OT risk management, maintaining risk registries, and implementing controls to mitigate identified risks.
Represents BCRTC OT security programs in internal and external interactions with diverse constituencies, including project teams, market participants/customers, regulators, public/private sector security specialists, auditors, and law enforcement.
Maintains up-to-date knowledge of industry best practices, new security threats, and emerging technologies to ensure the effectiveness and currency of cybersecurity measures.
Advocates and actively promotes a culture of OT Cybersecurity best practices and awareness throughout BCRTC's maintenance and operations divisions. Establishes strong partnerships with maintenance and operations teams to promote good security practices across corporate OT infrastructure and platforms. Enhances OT security awareness throughout BCRTC.
Provides expert advice and makes final decisions on the acquisition and implementation of new OT security technologies, vendors, and services. Plans and manages the budget for OT security technologies, projects, and activities.
Works with the cyber security team in TransLink to ensure alignment with enterprise objectives.
Manages a wide-ranging set of strategic relationships with vendors and consultants to enhance BCRTC's OT Cybersecurity posture.
Manages Systems Security staff; provides mentorship, coaching, and leadership and overseeing recruitment, selection, development, coaching, performance, and other people management practices.