- Work with the Service Providers/System Administrators to ensure the compliance sustainment
activities are completed
- Conduct audit review on the compliance evidence documents
- Conduct compliance impact assessment on the IT projects, and provide guidance on the
implementation action items to meet compliance requirements
- Coordinate with the Project Managers to ensure the projects are implemented under compliance
standards and cybersecurity best practice
- Conduct and prepare detailed reports on various scheduled (annual, quarterly etc.,) internal
audits, including the collection of evidence to support audits
- Coordinate with CIP Policy Subject Matter Experts (SMEs), Cybersecurity team and Safety,
Security & Emergency Management team, to monitor and assure the development, revisions, and
updating of compliance policies, processes, and procedures
- Coordinate with committees of BC Hydro internal teams and stakeholders to identify potential
- Conduct security threat and risk assessments of IT and OT, providing guidance and
recommendations for technical security controls
- Identify and track the remediation of security risks and vulnerabilities in software and systems;
confirming the impact, mitigation and remediation options
- A Bachelor s degree in Computer Science, Information Security or equivalent
- It is desirable to have a CISSP certification and/or one of these certifications (e.g. GSEC, GCIA,
GCWN, CISA, CISM, CCNA, GPEN)
- Ability to obtain a security clearance for a Security Sensitive Position classification
- A minimum of 7 years of experience in Information Technology, with at least 5 years in
- Experience in several of: Active Directory, Intrusion Prevention/Detection (Network, Host,
Wireless), Security Information Event Management (SIEM), log management, VPN, Firewalls, NG-
FWs, Wireless Intrusion Prevention (WIDS), Web Content Filtering, Internet Policy Enforcement,
Strong Authentication, Web Application Firewall (WAF), Database Activity Monitoring (DAM),
Public Key Infrastructure (PKI), Data Loss Prevention (DLP), Identity and Access Management
(IAM) solutions, Encryption
- Experience completing vulnerability assessments or penetration testing
- Experience with industry standards such as ISO 270001/2, NIST, COBIT etc.
- Strong working knowledge on security technologies and practices in multiple domains of
cybersecurity, and evaluating risks, vulnerabilities and issues as part of the project assessment
- Good understanding of Internet protocols, network architecture, and security technologies
including encryption and authentication (e.g. SSL, PKI, IPSec, Single Sign On, etc.) and OWASP
Top Ten security risks
- Good knowledge of security technologies, cloud technology components, with an ability to
provide recommendations for best practices and common security tools used for vulnerability
scanning, auditing, configuration management, asset management, continuous monitoring,
- Ability to translate technical risks, controls, vulnerabilities and issues into clear, actionable
- Persuasive, proven negotiating capability that can bring competing objectives together in a way
that provides the sense of win-win
- Excellent presentation skills including the ability to explain technical matters to a non-technical
- Strong interpersonal skills and documentation skills. Ability to develop written communications
that are persuasive and business focused
- Team player, good time-management and organizational skills and ability to work autonomously
in a dynamic environment
Please note that the following will be considered assets:
- Flexibility to adjust quickly to multiple demands, shifting priorities, ambiguity and rapid change
- Knowledge of NERC CIP Reliability Standards
- Experience in Industrial Control Systems (ICS) including SCADA and other Operational
Technology (OT) used in the Energy sector
- Experience with Physical Security related project/implementation
- Experience with IT audits
- Experience on project management and coordination
- Experience with NERC CIP standards
We're always looking for exceptional people to bring new ideas, fresh thinking and the motivation
to help shape the electricity system in B.C. It's an exciting time to be a part of our team as we
invest in our system and prepare to meet the challenges of tomorrow.
Our values guide our work. Want to join us?
We are safe.
We are here for our customers.
We are one team.
We act with integrity.
We respect our province.
We are forward thinking.
BC Hydro is an equal opportunity employer.
HOW TO APPLY
Don't forget to update your Candidate Profile with your current resume and copies of your
certifications. If applicable, include your Trades Qualification. This will ensure we have all the
necessary information to assess your application without any delays.
Click on the Apply button in order to complete the steps to apply for this job.
2018-07-06 Closing Date: 2018-07-24