**A workplace powered by you**

At BC Hydro, we’re working towards creating a cleaner and more sustainable future for all British Columbians and need
people like you to help us. A career at BC Hydro is meaningful and provides you the opportunity to be part of a talented,
inclusive, and diverse team. We offer a healthy work-life balance, competitive wages, a comprehensive benefits package,
and training opportunities to support you in your career growth. We're proud to be ranked as one of B.C.'s Top Employers
and one of Canada's Best Diversity Employers.

**IT Advisor - Cybersecurity Risk and Compliance (FTR)**

Number of positions: 1 Job Location: Dunsmuir 08

Employment type: Permanent Region: Lower Mainland

Hours of work: Full-time (37.5 hrs/wk) Flexible Work Role: Hybrid

Annual salary: $ 107,000.00 - 135,300.00

**What you'll do**
- Reporting to the Technology Cybersecurity Risk and IT Compliance Manager, the IT Advisor leads and provides oversight

for cybersecurity compliance sustainment activities (e.g. NERC CIP) within the Technology KBU.
- Lead the development, review and improvements of Technology cybersecurity compliance processes (e.g. NERC CIP)

and procedures to align with corporate-level policies, programs, and processes.
- Lead the team and develop action plans to improve internal compliance processes to reduce non-compliance risks via

continuous improvement.
- Work closely with Reliability Compliance team, Compliance Program Office, and various internal and external parties to

perform compliance incident investigations and mitigation plan development.
- Participate as Technology Compliance SME on projects or initiatives to evaluate/implement new cybersecurity compliance

standards (e.g. NERC CIP).
- Participate or coordinate response to various internal and external cybersecurity audits when required.
- Identify the cybersecurity compliance and risk impacts for Technology projects or other corporate initiatives with potential

impacts and risk mitigations. Provide security control guidance to the implementation teams to ensure both compliance and
security requirements are followed.
- Lead supply chain cybersecurity risk assessment process and support mitigation actions.

**What you bring**
- University degree or experience in relevant discipline or equivalent combination of education and experience.
- Ability to obtain security clearance for a Security Sensitive Position classification.
- A minimum of 7 years of experience in Technology regulatory compliance/audit, with a strong focus in cybersecurity.
- Knowledge and experience on audit related activities.
- Experience on project management and task coordination.
- Experience on internal control process improvement.
- Experience on investment planning including developing business cases and facilitating approvals.
- Experience on assessing cybersecurity risk and implementing security controls.
- Knowledge or experience in NERC CIP standards and requirements.
- Knowledge or experience in multiple of these areas: Active Directory, Log management, Strong Authentication, Identity

and Access Management (IAM) solutions, Access Management, Access Review.
- Knowledge of industry standards such as ISO 270001/2, NIST, COBIT etc.
- Knowledge and experience on incident investigation process.
- Ability to translate technical risks, controls, vulnerabilities and issues into clear, actionable business language.
- Persuasive, proven negotiating capability that can bring competing objectives together in a way that provides the sense of

“win-win”.
- Excellent presentation skills including the ability to explain technical matters to a non-technical audience.
- Strong interpersonal skills and documentation skills. Ability to develop written communications that are persuasive, and

business focused.
- Team player, good time-management and organizational skills and ability to work autonomously in a dynamic

environment.
- Flexibility to adjust quickly to multiple demands, shifting priorities, ambiguity, and rapid change.

**What we offer**
- A comprehensive benefits package
- A minimum of 15 paid vacation days
- A lifetime pension
- Flexible work model, depending on your role type
- Training and development courses

PN 2027554
Location: Vancouver, BC, Canada V6B 5R3
**What else you should know**
- Cybersecurity certification (e.g. CISSP, GSEC, GCIA, GCWN, CISA, CISM, CCNA, GPEN) would be considered an asset.
- Implementation experience with NIST CSF, NIST Risk Management framework and cybersecurity controls would be

considered as asset.
- Experience of managing a team including contractors and employees would be considered as asset.
- Experience in Industrial Control Systems (ICS) including SCADA and other Operational Technology (OT) used in the

Energy sector would be considered an asset.
- Applicants who do not meet the full qualifications or those with lesser work experience may be considered with a

combination of education and demonstrated related exp