IT Advisor
5 days ago
Powered by water... and by people like you
Providing clean electricity to 4 million customers takes a diverse workforce and that’s where you come
in. We need your talent to help us build major projects to meet growing demand. To help our
customers find clean energy solutions for their homes and businesses and to be ready to respond
during storms and outages to keep our system reliable.
Working for BC Hydro is meaningful. And now, the stakes have been raised as we work towards a
solution to climate change while safely providing clean, affordable electricity to our customers.
We offer a healthy work life balance, training opportunities and career progression. We're proud to be
ranked as one of B.C.'s Top Employers and one of Canada's Best Diversity Employers. Join us as we
build an even cleaner B.C.
**JOB DESCRIPTION**
**Duties**:
- IT Advisor - Cybersecurity Awareness Program will be reporting to the Cybersecurity
Governance and Performance Lead, this position is accountable for developing and implementing
corporate-wide cybersecurity awareness and training initiatives aimed to effectively motivate
desired behavioral changes and foster a culture towards secure use and handling of BC Hydro
information and information systems.
Responsibilities include:
- Plan, develop and implement cybersecurity training & awareness events and initiatives including
simulation phishing exercises and follow-up activities, cybersecurity related communications and
articles and cybersecurity training.
- Identify the top human risks at BC Hydro, the behaviors that need to be changed to mitigate the
risks and prioritization.
- Engage with stakeholders across the company to ensure the cybersecurity training and
awareness program meets business needs.
Physical Security, etc.).
- Work collaboratively with stakeholders and vendors in planning, preparing and performing tasks
and activities for the program.
- Participate in the courseware development process and ensure appropriate contents, quality,
and timely delivery of the courses.
- Raise situational awareness through reinforcement of education with a focus on high-risk human
behaviors and vulnerabilities.- Identify optimal techniques (e.g., courses, job aids, updates to existing business procedures,
etc.) to drive desired compliance performance behaviour.- Create policy, process, plan and program documentation related to cybersecurity training,
education and awareness.- Conduct simulated phishing exercises on a regular basis and take proper follow-up actions for
managing clickers and repeat clickers.- Communicate security training and awareness related articles and issues corporate-wide by
- posters, etc.).- Ensure security awareness information and documentation are updated on a regular basis and
reflect the latest security trends and threats as well as compliance requirements.- Report results, metrics and measurements as related to the awareness program.
- Assess effectiveness of the existing security awareness program and make recommendations
for continuous improvements.- Participates in incident investigations for potential compliance violations to identify the cause and
adjust applicable program, policies or training.- Assist in supporting other tasks and activities required by security awareness program
**Qualifications**:
***
- Bachelor’s degree in Computer Science, Information Security or equivalent, or a combination of
relevant education and experience.- Seven (7) years of experience in Information Technology with a focus in Cybersecurity.
- Three (3) years of experience in developing cybersecurity awareness program.
- The following certificates would be considered an asset: CISSP, CISA, CRISC, CISM, Security+
or equivalent.- Knowledge and experience about information security standards, best practices, and
regulations, such as ISO 27001/2, NIST CSF/RMF, NERC CIP, CIS, SANS, COBIT, BC FIPPA,
- etc.- Good technical knowledge and working experience in the following areas:
- IT policies, standards, processes and procedures
- Network architecture
- Identity and access management
- Vulnerability management
- Penetration testing
- Data encryption
- Configuration management
- Physical security
- Ability to incorporate cybersecurity and compliance requirements into courseware modules and
curricula and tailor contents appropriate for employees and contractors.
- Knowledge of phishing and cyber security training software and vendors.
- Demonstrated knowledge and experience in techniques and principles of education to drive
human behaviour.
- Demonstrated experience in change management, project management and communication
strategies.
- Ability to develop collaborative relationships and to reach consensus.
- Ability to translate technical terms to a non-technical audience.
- Excellent ability to develop well written communications and training material.
- Ability to lead a team.
- Excellent presentation and inter-personnel skills.
**ADDITIONAL INFORMATI
