- Coordinate with committees of BC Hydro internal teams and stakeholders to identify potential
- Conduct security threat and risk assessments of IT and OT, providing guidance and
recommendations for technical security controls
- Identify and track the remediation of security risks and vulnerabilities in software and systems;
confirming the impact, mitigation and remediation options
- Analyze security test results with applicability to target environments
- Develop technical expertise to assist operational roles when critical systems experience
breaches, outages, errors, or unexpected activities
- Coordinate with the Project Managers to ensure the projects are implemented under compliance
and cybersecurity best practice
- Conduct and prepare detailed reports on various scheduled (annual, quarterly... etc.,) internal
audits, including the collection of evidence to support audits
- Coordinate with CIP Policy Subject Matter Experts (SMEs), Cybersecurity team and Safety,
Security & Emergency Management team, to monitor and assure the development, revisions, and
updating of CIP compliance policies, processes, and procedures
- Working with the Service Providers/System Administrators to ensure the NERC CIP compliance
sustainment activities are completed and evidence of documents are reviewed
- Conduct NERC CIP impact assessment on the IT projects, and provide guidance on the
implementation action items to meet NERC CIP requirements
- A Bachelor's degree in Computer Science, Information Security or equivalent
- It is desirable to have a CISSP certification or one of these certifications (e.g. GSEC, GCIA,
GCWN, CISA, CISM, CCNA, GPEN)
- Ability to obtain a security clearance for a Security Sensitive Position classification
- A minimum of 7 years of experience in Information Technology, with at least 5 years in
- Experience in several of: Active Directory, Intrusion Prevention/Detection (Network, Host,
Wireless), Security Information Event Management (SIEM), log management, VPN, Firewalls, NG-
FWs, Wireless Intrusion Prevention (WIDS), Web Content Filtering, Internet Policy Enforcement,
Strong Authentication, Web Application Firewall (WAF), Database Activity Monitoring (DAM),
Public Key Infrastructure (PKI), Data Loss Prevention (DLP), Identity and Access Management
(IAM) solutions, Encryption
- Experience completing vulnerability assessments or penetration testing
- Experience with industry standards such as ISO 270001/2, NIST, COBIT etc.
- Strong working knowledge on security technologies and practices in multiple domains of
cybersecurity, and evaluating risks, vulnerabilities and issues as part of the project assessment
- Good understanding of Internet protocols, network architecture, and security technologies
including encryption and authentication (e.g. SSL, PKI, IPSec, Single Sign On, etc.) and OWASP
Top Ten security risks
- Good knowledge of security technologies, cloud technology components, with an ability to
provide recommendations for best practices and common security tools used for vulnerability
scanning, auditing, configuration management, asset management, continuous monitoring,
- Ability to translate technical risks, controls, vulnerabilities and issues into clear, actionable
- Persuasive, proven negotiating capability that can bring competing objectives together in a way
that provides the sense of "win-win"
- Excellent presentation skills including the ability to explain technical matters to a non-technical
- Strong interpersonal skills and documentation skills. Ability to develop written communications
that are persuasive and business focused
- Team player, good time-management and organizational skills and ability to work autonomously
in a dynamic environment
- Flexibility to adjust quickly to multiple demands, shifting priorities, ambiguity and rapid change
- Knowledge of NERC CIP Reliability Standards
- Experience in Industrial Control Systems (ICS) including SCADA and other Operational
Technology (OT) used in the Energy sector is an asset
- Experience with Physical Security related project/implementation is an asset
- Experience with IT audits is an asset
- Experience on project management and coordination is an asset
- Experience with NERC CIP standards is an asset
We're always looking for exceptional people to bring new ideas, fresh thinking and the motivation
to help shape the electricity system in B.C. It's an exciting time to be a part of our team as we
invest in our system and prepare to meet the challenges of tomorrow.
Our values guide our work. Want to join us?
We are safe.
We are here for our customers.
We are one team.
We act with integrity.
We respect our province.
We are forward thinking.
BC Hydro is an equal opportunity employer.
HOW TO APPLY
Don't forget to update your Candidate Profile with your current resume and copies of your
certifications. If applicable, include your Trades Qualification. This will ensure we have all the
necessary information to assess your application without any delays.
Click on the Apply button in order to complete the steps to apply for this job.
2018-08-16 Closing Date: 2018-09-09