Chief Cybersecurity Officer

Join to apply for the  Chief Cybersecurity Officer  role at  Amico Affiliates

At Amico, we are a leading, Canadian-owned and operated construction company specializing in large-scale infrastructure projects. With a strong track record in general contracting, civil engineering and road building, we deliver complex infrastructure solutions that shape the communities of Ontario. Our expertise spans major infrastructure projects, including highways, bridges, and critical public works that require meticulous planning, innovative engineering, and precise execution.

At Amico, we believe in fostering collaboration and empowering our team to tackle ambitious challenges head‑on. By leveraging cutting‑edge technology and proven project management practices, we consistently deliver high‑quality infrastructure projects, regardless of their scale or complexity.

If you’re ready to be part of a team that plays a pivotal role in Ontario’s most impactful infrastructure developments, while gaining hands‑on experience with industry‑leading projects, we invite you to join us.

About the Project
The Eglinton Crosstown West Extension will bring the Eglinton Crosstown LRT another 9.2 kilometres farther west, creating a continuous rapid transit line from the east end of Toronto into Mississauga. The Stations, Rail, and Systems (SRS) package encompasses the design, construction, integration, and commissioning of key project components.

Position Overview
The Chief Cybersecurity Officer (CCSO) is responsible for the overall cybersecurity governance, risk management, and assurance of the Project across all Systems and Subsystems, including command, control, communications, signalling, power, OT/ICS, and supporting IT environments. This role serves as Project Co’s designated authority and primary point of contact for all cybersecurity matters with the Contracting Authority, Independent Safety Assessor (ISA), system security officers, and relevant stakeholders.

The CCSO ensures that cybersecurity is embedded by design, aligned with Schedule 29 requirements, and implemented in accordance with recognised rail, OT, and industrial cybersecurity standards throughout the Project lifecycle.

Key Responsibilities
1. Cybersecurity Governance & Accountability

Act as Project Co’s Chief Cybersecurity Officer as defined under Schedule 29, with accountability for all cybersecurity obligations across the Project.

Establish and maintain the cybersecurity governance framework, including roles, responsibilities, accountability, escalation paths, and decision authority.

Lead cybersecurity participation in system integration governance, interface management, and assurance forums.

2. Cybersecurity Program & Risk Management

Develop, maintain, and oversee the Cybersecurity Risk Management Program, aligned with IEC 62443, NIST, and other applicable standards.

Direct cybersecurity threat and vulnerability risk assessments (TVRA) for Systems Under Consideration (SUCs), including zones, conduits, interfaces, and data flows.

Define, track, and report risk‑based KPIs, residual risk positions, and remediation actions.

3. Security‑by‑Design & Systems Assurance

Ensure cybersecurity controls are designed, implemented, and verified across all Systems and Subsystems, based on system criticality and network zone classification.

Oversee the development of defensible architectures, secure remote access models, segmentation strategies, and zero‑trust principles where applicable.

Confirm alignment between ECWE cybersecurity design and ECLRT operational cybersecurity, identifying and resolving exposure points created through system integration.

4. Standards Compliance & Assurance

Ensure compliance with applicable cybersecurity standards and guidance, including:

IEC 62443 series

CLC/TS 50701

NIST SP 800‑series

ISO/IEC 27001/27002

APTA cybersecurity standards

Coordinate cybersecurity inputs to System Security Submissions, assurance documentation, and ISA reviews.

Support Contracting Authority and ISA verification and validation activities, including audits, testing, and assessments.

Establish and maintain incident response, contingency, and recovery plans, and lead tabletop exercises and…