IT Advisor (Cybersecurity Compliance Advisor)

IT Advisor (Cybersecurity Compliance Advisor)

BC Hydro

Job Title: IT Advisor (Cybersecurity Compliance Advisor)

Source: BC Hydro

JOB DESCRIPTION

Duties:

1. Reporting to the Technology Cybersecurity Manager, the IT Advisor will conduct cybersecurity security reviews, risk, and compliance activities within the Technology KBU.
2. Perform security and compliance impact assessments for technology or corporate initiatives. This includes documenting threats, identify risks, and recommend controls as required to the business on how to manage risk by leveraging best security practices.
3. Conduct a security analysis of internal and external security measures in place for any information system(s) by identifying risks together with any potential weaknesses and vulnerabilities.
4. Ensure that risk assessments, vulnerability assessments and threat analyses are conducted periodically and consistently to identify cybersecurity risk to the organization's information.
5. Determine appropriate risk treatment options to manage risk to acceptable levels.
6. Maintain knowledge of current cyber threats and internal applicable policies and procedures.
7. Lead and coordinate the 3rd party penetration testing activities.
8. Lead and conduct internal penetration testing by utilizing various security tools.
9. Conduct vulnerability assessment reviews, and if required, perform vulnerability scans.
10. Lead and coordinate the 3rd party vendor risk assessment by assessing their security posture and ensuring they meet the both the security and regulatory standards by evaluating of SOC 2 Type 2 or similar reports, attestation forms, and document it accordingly.
11. Monitor existing risk to ensure that changes are identified and managed appropriately.
12. Analyze to assess the security controls when reviewing Privacy Impact Assessments (PIAs).
13. Improve regulatory compliance by consulting with appropriate regulatory SMEs when required.
14. Participate as Technology security SME on projects or initiatives to improve BC Hydro's cybersecurity posture, especially focused on the cybersecurity risk management, etc.
15. Participate or coordinate response to various internal and external cybersecurity audits when required.

Qualifications:

• University degree or experience in relevant discipline or equivalent combination of education and experience.
• Ability to obtain security clearance for a Security Sensitive Position classification.
• Minimum of 7 years of experience in technology and security-related work with some focus on risk management.
• Work experience in several of these areas: system security, application security, network security, risk analysis, and IT security monitoring.
• Knowledge of industry standards such as ISO 270001/2, NIST, COBIT5 etc.
• Experience on project management and task coordination.
• Experience on internal control process improvement.
• Knowledge or experience in NERC CIP standards and requirements would be considered an asset.
• Ability to translate technical risks, controls, vulnerabilities, and issues into clear, actionable business language.
• Persuasive, proven negotiating capability that can bring competing objectives together in a way that provides the sense of "win-win".
• Excellent presentation skills including the ability to explain technical matters to a non-technical audience.
• Strong interpersonal skills and documentation skills. Ability to develop written communications that are persuasive, and business focused.
• Team player, good time-management and organizational skills and ability to work autonomously in a dynamic
• Flexibility to adjust quickly to multiple demands, shifting priorities, ambiguity, and rapid change.

ADDITIONAL INFORMATION:

• A minimum of 15 paid vacation days.
• Flexible work model, depending on your role type.
• Training and development courses.

For more information on the benefits we offer, visit bchydro.com/benefits.

PN 2010395

What else you should know:

• Cybersecurity certification (e.g. CISSP, GSEC, GCIA, GCWN, CISA, CISM, CCNA, GPEN) would be considered an asset.
• Experience in Industrial Control Systems (ICS) including SCADA and other Operational Technology (OT) used in the Energy sector would be considered an asset.

On the BC Hydro Careers site, click on the Apply button in order to complete the steps to apply for this job. Please be sure to update your Candidate Profile with your current resume and include copies of your certifications, if applicable.

We're always looking for exceptional people to bring new ideas, fresh thinking and the motivation to help shape the electricity system in B.C. It's an exciting time to be a part of our team as we invest in our system and prepare to meet the challenges of tomorrow.

Our values guide our work. Want to join us?

• We are safe.
• We are here for our customers.
• We are one team.
• We act with integrity and respect.
• We are forward thinking.

BC Hydro is an equal opportunity employer.

We include everyone. We welcome applications from anyone, including members of visible minorities, women, Indigenous peoples, persons with disabilities, persons of minority sexual orientations and gender identities, and others with the skills and knowledge to productively engage with diverse communities.

We are also happy to provide reasonable accommodations throughout the selection process and while working at BC Hydro. If you require support applying online because you are a person with a disability, please contact us at Recruitmenthelp@BCHydro.com

Our four role types identify the degree of flexibility an employee could have to work from home based on the type of work they do. The flexibility for an individual job is up to the manager for each position and the operational requirements. Employees also have the right to work full-time from the office if they prefer. All of our roles require at least some in-person time.

• IBEW/Field - No option to work from home
• Resident - Works primarily (4+ days per week) in the office.
• Hybrid - May be able to work from home up to 3 days per week.
• Remote - Works from home 4+ days per week

To apply for this position, please click the appropriate "Apply" button (or follow the application instructions listed in the Job Description above). If more than one Apply button appears below, please select the option you prefer.