Reports to: System Security Officer

Position Summary

The Cybersecurity and System Assurance Coordinator is responsible for managing both cybersecurity and system assurance aspects of the project. This includes implementing actions in alignment with recognized standards such as NIST and APTA guidelines. The role also oversees overall system safety for the Works, ensuring the clear definition and management of safety-related responsibilities, accountabilities, and authorities for each Project Co Party involved in safety tasks.

Key Responsibilities

• Cybersecurity Documentation & Compliance
• Lead the development and submission of all required NIST Framework-based cybersecurity documents, including but not limited to:
• Cybersecurity Management Plan (including statutory references, system boundaries, patch/change/configuration management, org charts, and policies)
• Cybersecurity Risk Assessment
• Cybersecurity Architecture and Design
• Cybersecurity Configuration Verification Plan and Report
• Penetration Testing Plan and Report
• Operational and Maintenance Procedures
• Ensure conformity with:
• NIST SP800-series standards (SP800-18, SP800-30, SP800-53, SP800-82)
• APTA cybersecurity standards (Parts I–IIIb, and ECS RP-001-14)
• ISO/IEC 27000 series and IEC 62443 requirements
• OWASP MASVS-L2+R for mobile application security
• Cybersecurity Risk Management
• Perform detailed risk assessments for all IT/OT systems (e.g., SCADA, signalling, access control, telecom, and communication networks).
• Identify vulnerabilities, determine likelihood and impact, and recommend mitigation strategies in alignment with contractual Tier 4 adaptive maturity requirements.
• Maintain a dynamic risk register and update it through the project lifecycle.
• Cybersecurity Integration & Oversight
• Work with engineering, design, construction, and commissioning teams to embed security requirements in all phases.
• Coordinate with RSSOM Project Co to assess the impacts of their cybersecurity framework and IEC 62443-based assessments on Project Co Infrastructure.
• Ensure secure system integration with third-party and Contracting Authority systems.
• Testing and Validation
• Coordinate black-box and white-box penetration tests and support validation efforts prior to trial running and deployment.
• Oversee remediation of vulnerabilities identified through scans and assessments.
• Security Architecture and Operations
• Define and review security architecture, including:
• Firewall zoning and segregation
• Network/host intrusion prevention/detection systems (IPS/IDS)
• Identity management and access control
• Data encryption, wire protection, antivirus, and endpoint security
• SIEM and event monitoring
• Support deployment documentation to demonstrate conformity with cybersecurity frameworks.
• Vendor & Contractual Alignment
• Support the evaluation of vendor cybersecurity capabilities and deliverables.
• Ensure subcontractor compliance with applicable cybersecurity terms and standards.
• Awareness & Reporting
• Deliver cybersecurity awareness sessions and participate in training and simulation exercises.
• Prepare reports and documentation for submission to senior management and the contracting authority.

Education & Qualifications

• Bachelor’s degree in Cybersecurity, Information Security, Computer Science, Systems Engineering, or related field (Master’s preferred)
• Minimum 2+ years of experience in cybersecurity roles and/or System safety Roles, preferably in infrastructure projects or transportation sectors.
• Experience with NIST Cybersecurity Framework, ISO 27001/27002/27005, and IEC 62443.
• Familiarity with CENELEC EN 50126
• Excellent communication, documentation, and collaboration skills.

Job Requirements

• Understanding of secure-by-design principles, defense-in-depth strategies, and system security engineering in large infrastructure projects.
• Proficient in using tools for vulnerability scanning, SIEM and Requirement management.
• Demonstrated ability to manage complex cybersecurity deliverables and engage across multidisciplinary project teams.
• Demonstrated ability to understand and manage the Verification and Validation cycle process of complex projects and engage across multidisciplinary project teams.
• Ability to travel to project sites as required and work under tight deadlines in a dynamic environment.

WORK ENVIRONMENT

FCC Canada is committed to cultivating a diverse and inclusive culture which promotes gender equity and the recruitment of all under-represented groups in all levels of its workforce. As an equal opportunity employer, we are committed to ensuring that all aspects of our recruitment and selection processes are accessible to individuals with disabilities. We offer reasonable accommodation upon request to support applicants throughout their journey with us. If you require accommodation during the hiring process, please send us an email at “TACanada@fccco.com”. Feedback about the accommodation process is welcome at “TACanada@fccco.com”. This commitment is in accordance with the Accessibility for Ontarians with Disabilities Act (AODA) and Ontario’s Human Rights Code, affirming our ongoing efforts to provide a supportive and equitable environment for all.