IT Compliance Analyst

**A workplace powered by you**

At BC Hydro, we’re working towards creating a cleaner and more sustainable future for all British Columbians and need
people like you to help us. A career at BC Hydro is meaningful and provides you the opportunity to be part of a talented,
inclusive, and diverse team. We offer a healthy work-life balance, competitive wages, a comprehensive benefits package,
and training opportunities to support you in your career growth. We're proud to be ranked as one of B.C.'s Top Employers
and one of Canada's Best Diversity Employers.

**IT Compliance Analyst**

Number of positions: 1 Job Location: Dunsmuir 09

Employment type: Temporary Region: Lower Mainland

Hours of work: Full-time (37.5 hrs/wk) Flexible Work Role: Hybrid

Annual salary: $ 68,700.00 - 74,000.00

**What you'll do**
- Oversees the review of compliance workflows (such as Critical Infrastructure Protection (CIP) change requests, patch

management and vulnerability assessments) in the compliance management system to ensure adherence to timelines and
established procedures. Identifies compliance issues with documentation and reviews with internal teams or external
service providers to negotiate solutions and provide recommendations for next steps. Approves or declines compliance
workflows for accuracy and completeness for next steps in the process.
- Identifies, develops and implements new or revised compliance processes/procedures (such as access management,

Transient Cyber Assets (TCA)). Solicits feedback from applicable stakeholders. Recommends process/procedural
improvements to address concerns and gaps. Develops and maintains documentation in knowledge management
repositories. Reviews and publishes knowledge articles to business-facing knowledge bases.
- Coordinates the access management review process by: preparing quarterly and annual access review reports; verifying

the business justification to maintain access for access holders with BC Hydro managers; reviewing access revocation
records from various systems; and preparing compliance documentation as required.
- Coordinates the external vendor TCA authorization process for usage and security controls of devices by: reviewing

authorization requests for quality and accuracy; approving or declining authorization requests; conducting random audits on
the security controls of TCA devices to ensure compliance with policies and procedures; following-up with external vendors
to resolve compliance issues; and rejecting devices and removing users from access groups for non-compliance with BC
Hydro’s security control and compliance requirements.
- Coordinates the collection of compliance documentation for the annual certification process or audits. Monitors progress of

completing the Reliability Standard Audit Worksheets (RSAW). Populates or reviews RSAW and related compliance
documentation and narratives for accuracy and completeness. Follows-up with internal teams and external service
providers on areas requiring clarification or action.
- Recommends minor enhancements to enterprise compliance access management systems to IT Compliance Analyst

Work Leader. Under guidance of IT Compliance Analyst Work Leader, works with IT System Developers to implement
minor enhancements. Carries out user acceptance testing to ensure minor enhancements meet functional and operational
efficiency and effectiveness requirements.
- Prepares training materials and conducts formal/informal training sessions and presentations on compliance programs,

compliance processes and procedures to internal teams, co-op students and external service providers.
- Assists management with NERC CIP incident investigations by: preparing the documentation related to incident; carrying

out root cause mapping analysis of incident under management’s direction and guidance; maintaining evidence
documentation upon completion of investigation; recommending process improvements to stakeholders as part of mitigation
solutions; and advising of risks with meeting deadlines.
- Prepares status reports of completed and outstanding compliance documentation reviews.
- Performs duties of a minor nature related to the above duties that do not affect the rating of the job.

**What you bring**
- Degree in Information Technology, Engineering, Business Administration or related fields; plus two (2) years of experience

in IT audit related activities (e.g. gathering, developing and reviewing audit evidence documents) or cybersecurity related
activities.
OR
- Diploma in Information Technology, Engineering, Business Administration or related fields; plus four (4) years of

experience in IT audit related activities (e.g. gathering, developing and reviewing audit evidence documents) or
cybersecurity related activities.
- Demonstrated experience developing and maintaining business processes and procedures.
- Requires in-house NERC CIP training to be completed within the first week of starting in the job.
- Security related certi