Cybersecurity Coordinator

Reports to: System Security Officer

Position Summary

The Cybersecurity Coordinator will lead the definition, development, and coordination of cybersecurity measures for the PTUS (Pape Tunnel and Underground Stations) project scope, in accordance with the NIST Framework for Improving Critical Infrastructure Cybersecurity and other applicable standards. The Coordinator will ensure all project cybersecurity deliverables are prepared, implemented, and maintained to protect the Ontario Line Subway System’s infrastructure throughout the lifecycle of the project. This role includes managing threat and risk assessments, drafting detailed cybersecurity plans, and ensuring compliance with statutory and contractual cybersecurity obligations. The Cyber Security Coordinator will work closely with the PTUS System Security Officer, RSSOM Project Co, Contracting Authority, and relevant third parties.

Key Responsibilities

• Cybersecurity Documentation & Compliance
• Lead the development and submission of all required NIST Framework-based cybersecurity documents, including but not limited to:
• Cybersecurity Management Plan (including statutory references, system boundaries, patch/change/configuration management, org charts, and policies)
• Cybersecurity Risk Assessment
• Cybersecurity Architecture and Design
• Cybersecurity Configuration Verification Plan and Report
• Penetration Testing Plan and Report
• Operational and Maintenance Procedures
• Ensure conformity with:
• NIST SP800-series standards (SP800-18, SP800-30, SP800-53, SP800-82)
• APTA cybersecurity standards (Parts I–IIIb, and ECS RP-001-14)
• ISO/IEC 27000 series and IEC 62443 requirements
• OWASP MASVS-L2+R for mobile application security
• Cybersecurity Risk Management
• Perform detailed risk assessments for all IT/OT systems (e.g., SCADA, signalling, access control, telecom, and communication networks).
• Identify vulnerabilities, determine likelihood and impact, and recommend mitigation strategies in alignment with contractual Tier 4 adaptive maturity requirements.
• Maintain a dynamic risk register and update it through the project lifecycle.
• Cybersecurity Integration & Oversight
• Work with engineering, design, construction, and commissioning teams to embed security requirements in all phases.
• Coordinate with RSSOM Project Co to assess the impacts of their cybersecurity framework and IEC 62443-based assessments on Project Co Infrastructure.
• Ensure secure system integration with third-party and Contracting Authority systems.
• Testing and Validation
• Coordinate black-box and white-box penetration tests and support validation efforts prior to trial running and deployment.
• Oversee remediation of vulnerabilities identified through scans and assessments.
• Security Architecture and Operations
• Define and review security architecture, including:
• Firewall zoning and segregation
• Network/host intrusion prevention/detection systems (IPS/IDS)
• Identity management and access control
• Data encryption, wire protection, antivirus, and endpoint security
• SIEM and event monitoring
• Support deployment documentation to demonstrate conformity with cybersecurity frameworks.
• Vendor & Contractual Alignment
• Support the evaluation of vendor cybersecurity capabilities and deliverables.
• Ensure subcontractor compliance with applicable cybersecurity terms and standards.
• Awareness & Reporting
• Deliver cybersecurity awareness sessions and participate in training and simulation exercises.
• Prepare reports and documentation for submission to senior management and the contracting authority.
  

Education & Qualifications

• Bachelor’s degree in Cybersecurity, Information Security, Computer Science, Systems Engineering, or related field (Master’s preferred).
• Minimum 3+ years of experience in cybersecurity roles, preferably in infrastructure projects, ICS/SCADA environments, or transportation sectors.
• Experience with NIST Cybersecurity Framework, ISO 27001/27002/27005, and IEC 62443.
• Familiarity with APTA and Canadian Centre for Cyber Security (CCCS) guidelines and best practices.
• Strong technical knowledge of OT security, industrial protocols, and IT network security.
• Excellent communication, documentation, and collaboration skills.
  
  

Job Requirements

• Understanding of secure-by-design principles, defence-in-depth strategies, and system security engineering in large infrastructure projects.
• Proficient in using tools for vulnerability scanning, SIEM, configuration management, and change control.
• Demonstrated ability to manage complex cybersecurity deliverables and engage across multidisciplinary project teams.
• Ability to travel to project sites as required and work under tight deadlines in a dynamic environment.
  
  

WORK ENVIRONMENT

FCC Canada is committed to cultivating a diverse and inclusive culture which promotes gender equity and the recruitment of all under-represented groups in all levels of its workforce. As an equal opportunity employer, we are committed to ensuring that all aspects of our recruitment and selection processes are accessible to individuals with disabilities. We offer reasonable accommodation upon request to support applicants throughout their journey with us. If you require accommodation during the hiring process, please send us an email at “[email protected]”. Feedback about the accommodation process is welcome at “[email protected]”. This commitment is in accordance with the Accessibility for Ontarians with Disabilities Act (AODA) and Ontario’s Human Rights Code, affirming our ongoing efforts to provide a supportive and equitable environment for all.