IT Advisor

BC Hydro

Job Overview

Powered by water... and by people like you. Providing clean electricity to 4 million customers takes a diverse workforce and that's where you come in. We need your talent to help us build major projects to meet growing demand. To help our customers find clean energy solutions for their homes and businesses and to be ready to respond during storms and outages to keep our system reliable.

Working for BC Hydro is meaningful. And now, the stakes have been raised as we work towards a solution to climate change while safely providing clean, affordable electricity to our customers.

We offer a healthy work-life balance, training opportunities, and career progression. We're proud to be ranked as one of B.C.'s Top Employers and one of Canada's Best Diversity Employers. Join us as we build an even cleaner B.C.

JOB DESCRIPTION

Duties:

1. Reporting to the Technology Cybersecurity Manager, the IT Advisor will conduct cybersecurity security reviews, risk, and compliance activities within the Technology KBU.
2. Perform security and compliance impact assessments for technology or corporate initiatives. This includes documenting threats, identifying risks, and recommending controls as required to the business on how to manage risk by leveraging best security practices.
3. Conduct a security analysis of internal and external security measures in place for any information system(s) by identifying risks together with any potential weaknesses and vulnerabilities.
4. Ensure that risk assessments, vulnerability assessments, and threat analyses are conducted periodically and consistently to identify cybersecurity risk to the organization's information.
5. Determine appropriate risk treatment options to manage risk to acceptable levels.
6. Maintain knowledge of current cyber threats and internal applicable policies and procedures.
7. Lead and coordinate the 3rd party penetration testing activities.
8. Lead and conduct internal penetration testing by utilizing various security tools.
9. Conduct vulnerability assessment reviews, and if required, perform vulnerability scans.
10. Lead and coordinate the 3rd party vendor risk assessment by assessing their security posture and ensuring they meet both the security and regulatory standards by evaluating SOC 2 Type 2 or similar reports, attestation forms, and document it accordingly.
11. Monitor existing risk to ensure that changes are identified and managed appropriately.
12. Analyze to assess the security controls when reviewing Privacy Impact Assessments (PIAs).
13. Improve regulatory compliance by consulting with appropriate regulatory SMEs when required.
14. Participate as Technology security SME on projects or initiatives to improve BC Hydro's cybersecurity posture, especially focused on cybersecurity risk management.
15. Participate or coordinate response to various internal and external cybersecurity audits when required.

Qualifications:

1. University degree or experience in a relevant discipline or equivalent combination of education and experience may be considered.
2. Ability to obtain security clearance for a Security Sensitive Position classification.
3. Minimum of 7 years of experience in, or equivalent combination, of IT/OT technology, cybersecurity, and or audit-related work.
4. Work experience in various domains, including system security, application security, network security, risk management, and IT security monitoring.
5. Knowledge of industry standards such as ISO 270001/2, NIST, COBIT5 etc.
6. Experience in project management and task coordination.
7. Experience in internal control process improvement.
8. Knowledge or experience in NERC CIP standards and requirements would be considered an asset.
9. Ability to translate technical risks, controls, vulnerabilities, and issues into clear, actionable business language.
10. Persuasive, proven negotiating capability that can bring competing objectives together in a way that provides the sense of "win-win".
11. Excellent presentation skills including the ability to explain technical matters to a non-technical audience.
12. Strong interpersonal skills and documentation skills. Ability to develop written communications that are persuasive and business-focused.
13. Team player, good time-management and organizational skills, and ability to work autonomously in a dynamic environment.
14. Flexibility to adjust quickly to multiple demands, shifting priorities, ambiguity, and rapid change.

ADDITIONAL INFORMATION

• A minimum of 15 paid vacation days.
• Flexible work model, depending on your role type.
• Training and development courses.

For more information on the benefits we offer, visit bchydro.com/benefits.

PN 2010395

* Cybersecurity certification (e.g., CISSP, GSEC, GCIA, GCWN, CISA, CISM, CCNA, GPEN) would be considered an asset.

* Experience in Industrial Control Systems (ICS) including SCADA and other Operational Technology (OT) used in the Energy sector would be considered an asset.

* Please note this is a hybrid position with expectations to work in our office in Vancouver, BC for a minimum of 2 days per week.

BC Hydro is an equal opportunity employer. We include everyone. We welcome applications from anyone, including members of visible minorities, women, Indigenous peoples, persons with disabilities, persons of minority sexual orientations and gender identities, and others with the skills and knowledge to productively engage with diverse communities.

We are also happy to provide reasonable accommodations throughout the selection process and while working at BC Hydro. If you require support applying online because you are a person with a disability, please contact us at Recruitmenthelp@BCHydro.com.