IT Advisor

IT Advisor - Cybersecurity Risk and Compliance (FTR)

BC Hydro

Job Overview

Powered by water... and by people like you. Providing clean electricity to 4 million customers takes a diverse workforce and that's where you come in. We need your talent to help us build major projects to meet growing demand. To help our customers find clean energy solutions for their homes and businesses and to be ready to respond during storms and outages to keep our system reliable.

Working for BC Hydro is meaningful. And now, the stakes have been raised as we work towards a solution to climate change while safely providing clean, affordable electricity to our customers.

We offer a healthy work-life balance, training opportunities, and career progression. We're proud to be ranked as one of B.C.'s Top Employers and one of Canada's Best Diversity Employers. Join us as we build an even cleaner B.C.

Duties:

1. Reporting to the Technology Cybersecurity Risk and IT Compliance Manager, the IT Advisor leads and provides oversight for cybersecurity compliance sustainment activities (e.g. NERC CIP) within the Technology KBU.
2. Lead the development, review, and improvements of Technology cybersecurity compliance processes (e.g. NERC CIP) and procedures to align with corporate-level policies, programs, and processes.
3. Lead the team and develop action plans to improve internal compliance processes to reduce non-compliance risks via continuous improvement.
4. Work closely with Reliability Compliance team, Compliance Program Office, and various internal and external parties to perform compliance incident investigations and mitigation plan development.
5. Participate as Technology Compliance SME on projects or initiatives to evaluate/implement new cybersecurity compliance standards (e.g. NERC CIP).
6. Participate or coordinate response to various internal and external cybersecurity audits when required.
7. Identify the cybersecurity compliance and risk impacts for Technology projects or other corporate initiatives with potential impacts and risk mitigations. Provide security control guidance to the implementation teams to ensure both compliance and security requirements are followed.
8. Lead supply chain cybersecurity risk assessment process and support mitigation actions.

Qualifications:

1. University degree or experience in relevant discipline or equivalent combination of education and experience.
2. Ability to obtain security clearance for a Security Sensitive Position classification.
3. A minimum of 7 years of experience in Technology regulatory compliance/audit, with a strong focus in cybersecurity.
4. Knowledge and experience on audit-related activities.
5. Experience on project management and task coordination.
6. Experience on internal control process improvement.
7. Experience on investment planning including developing business cases and facilitating approvals.
8. Experience on assessing cybersecurity risk and implementing security controls.
9. Knowledge or experience in NERC CIP standards and requirements.
10. Knowledge or experience in multiple of these areas: Active Directory, Log management, Strong Authentication, Identity and Access Management (IAM) solutions, Access Management, Access Review.
11. Knowledge of industry standards such as ISO 270001/2, NIST, COBIT etc.
12. Knowledge and experience on incident investigation process.
13. Ability to translate technical risks, controls, vulnerabilities, and issues into clear, actionable business language.
14. Persuasive, proven negotiating capability that can bring competing objectives together in a way that provides the sense of "win-win".
15. Excellent presentation skills including the ability to explain technical matters to a non-technical audience.
16. Strong interpersonal skills and documentation skills. Ability to develop written communications that are persuasive and business-focused.
17. Team player, good time-management and organizational skills and ability to work autonomously in a dynamic environment.
18. Flexibility to adjust quickly to multiple demands, shifting priorities, ambiguity, and rapid change.

ADDITIONAL INFORMATION

- A minimum of 15 paid vacation days
- Flexible work model, depending on your role type
- Training and development courses

For more information on the benefits we offer, visit bchydro.com/benefits.

We're always looking for exceptional people to bring new ideas, fresh thinking, and the motivation to help shape the electricity system in B.C. It's an exciting time to be a part of our team as we invest in our system and prepare to meet the challenges of tomorrow.

Our values guide our work. Want to join us?

We are safe.
We are here for our customers.
We are one team.
We act with integrity and respect.
We are forward-thinking.

BC Hydro is an equal opportunity employer. We include everyone. We welcome applications from anyone, including members of visible minorities, women, Indigenous peoples, persons with disabilities, persons of minority sexual orientations and gender identities, and others with the skills and knowledge to productively engage with diverse communities.

We are also happy to provide reasonable accommodations throughout the selection process and while working at BC Hydro. If you require support applying online because you are a person with a disability, please contact us at Recruitmenthelp@BCHydro.com.

#J-18808-Ljbffr

---