IT Advisor

Powered by water... and by people like you. Providing clean electricity to 4 million customers takes a diverse workforce, which is where you come in. We need your talent to help us build major projects to meet growing demand, find clean energy solutions for homes and businesses, and be ready to respond during storms and outages to keep our system reliable.

Working for BC Hydro is meaningful. With climate change at the forefront, we're working towards a solution while safely providing clean, affordable electricity to our customers.

We offer a healthy work-life balance, training opportunities, and career progression. We're proud to be ranked as one of B.C.'s Top Employers and one of Canada's Best Diversity Employers.

1. Reporting to the Technology Cybersecurity Risk and IT Compliance Manager, the IT Advisor leads and provides oversight for cybersecurity compliance sustainment activities (e.g. NERC CIP) within the Technology KBU.
2. Lead the development, review, and improvements of Technology cybersecurity compliance processes (e.g. NERC CIP) and procedures to align with corporate-level policies, programs, and processes.
3. Lead the team and develop action plans to improve internal compliance processes to reduce non-compliance risks via continuous improvement.
4. Work closely with Reliability Compliance team, Compliance Program Office, and various internal and external parties to perform compliance incident investigations and mitigation plan development.
5. Participate as Technology Compliance SME on projects or initiatives to evaluate/implement new cybersecurity compliance standards (e.g. NERC CIP).
6. Participate or coordinate response to various internal and external cybersecurity audits when required.
7. Identify the cybersecurity compliance and risk impacts for Technology projects or other corporate initiatives with potential impacts and risk mitigations. Provide security control guidance to the implementation teams to ensure both compliance and security requirements are followed.
8. Lead supply chain cybersecurity risk assessment process and support mitigation actions.

1. University degree or experience in relevant discipline or equivalent combination of education and experience.
2. Ability to obtain security clearance for a Security Sensitive Position classification.
3. A minimum of 7 years of experience in Technology regulatory compliance/audit, with a strong focus in cybersecurity.
4. Knowledge and experience on audit related activities.
5. Experience on project management and task coordination.
6. Experience on internal control process improvement.
7. Experience on investment planning including developing business cases and facilitating approvals.
8. Experience on assessing cybersecurity risk and implementing security controls.
9. Knowledge or experience in NERC CIP standards and requirements.
10. Knowledge or experience in multiple of these areas: Active Directory, Log management, Strong Authentication, Identity and Access Management (IAM) solutions, Access Management, Access Review.
11. Knowledge of industry standards such as ISO 270001/2, NIST, COBIT etc.
12. Knowledge and experience on incident investigation process.
13. Ability to translate technical risks, controls, vulnerabilities, and issues into clear, actionable business language.
14. Persuasive, proven negotiating capability that can bring competing objectives together in a way that provides the sense of 'win-win'.
15. Excellent presentation skills including the ability to explain technical matters to a non-technical audience.
16. Strong interpersonal skills and documentation skills. Ability to develop written communications that are persuasive and business-focused.
17. Team player, good time-management and organizational skills and ability to work autonomously in a dynamic environment.
18. Flexibility to adjust quickly to multiple demands, shifting priorities, ambiguity, and rapid change.

1. A minimum of 15 paid vacation days.
2. Flexible work model, depending on your role type.
3. Training and development courses.

For more information on the benefits we offer, visit bchydro.com/benefits.

1. Cybersecurity certification (e.g., CISSP, GSEC, GCIA, GCWN, CISA, CISM, CCNA, GPEN) would be considered an asset.
2. Implementation experience with NIST CSF, NIST Risk Management framework, and cybersecurity controls would be considered an asset.
3. Experience of managing a team including contractors and employees would be considered an asset.
4. Experience in Industrial Control Systems (ICS) including SCADA and other Operational Technology (OT) used in the Energy sector would be considered an asset.
5. This position is a FTT opportunity until May 2026. Applicants who do not meet the full qualifications or those with lesser work experience may be considered with a combination of education and demonstrated related experience and strong business acumen in Cybersecurity Compliance.