IT Advisor

**A workplace powered by you**

At BC Hydro, we’re working towards creating a cleaner and more sustainable future for all British Columbians and need
people like you to help us. A career at BC Hydro is meaningful and provides you the opportunity to be part of a talented,
inclusive, and diverse team. We offer a healthy work-life balance, competitive wages, a comprehensive benefits package,
and training opportunities to support you in your career growth. We're proud to be ranked as one of B.C.'s Top Employers
and one of Canada's Best Diversity Employers.

**IT Advisor (Cybersecurity Audit and OT Risk)**

Number of positions: 1 Job Location: Dunsmuir 08

Employment type: Permanent Region: Lower Mainland

Hours of work: Full-time (37.5 hrs/wk) Flexible Work Role: Hybrid

Annual salary: $ 107,000.00 - 135,300.00

**What you'll do**
- Reporting to the Technology Cybersecurity Manager, the IT Advisor will conduct cybersecurity security reviews, risk, and

compliance activities within the Technology KBU.
- Perform security and compliance impact assessments for technology or corporate initiatives. This includes documenting

threats, identify risks, and recommend controls as required to the business on how to manage risk by leveraging best
security practices.
- Conduct a security analysis of internal and external security measures in place for any information system(s) by identifying

risks together with any potential weaknesses and vulnerabilities.
- Ensure that risk assessments, vulnerability assessments and threat analyses are conducted periodically and consistently

to identify cybersecurity risk to the organization’s information.
- Determine appropriate risk treatment options to manage risk to acceptable levels.
- Maintain knowledge of current cyber threats and internal applicable policies and procedures.
- Lead and coordinate the 3rd party penetration testing activities.
- Lead and conduct internal penetration testing by utilizing various security tools.
- Conduct vulnerability assessment reviews, and if required, perform vulnerability scans.
- Lead and coordinate the 3rd party vendor risk assessment by assessing their security posture and ensuring they meet the

both the security and regulatory standards by evaluating of SOC 2 Type 2 or similar reports, attestation forms, and
document it accordingly.
- Monitor existing risk to ensure that changes are identified and managed appropriately.
- Analyze to assess the security controls when reviewing Privacy Impact Assessments (PIAs).
- Improve regulatory compliance by consulting with appropriate regulatory SMEs when required.
- Participate as Technology security SME on projects or initiatives to improve BC Hydro’s cybersecurity posture, especially

focused on the cybersecurity risk management, etc.
- Participate or coordinate response to various internal and external cybersecurity audits when required.

**What you bring**
- University degree or experience in relevant discipline or equivalent combination of education and experience may be
- considered.
- Ability to obtain security clearance for a Security Sensitive Position classification.
- Minimum of 7 years of experience in, or equivalent combination, of IT/OT technology, cybersecurity, and or audit-related

work.

and IT security monitoring.
- Knowledge of industry standards such as ISO 270001/2, NIST, COBIT5 etc.
- Experience on project management and task coordination.
- Experience on internal control process improvement.
- Knowledge or experience in NERC CIP standards and requirements would be considered an asset.
- Ability to translate technical risks, controls, vulnerabilities, and issues into clear, actionable business language.
- Persuasive, proven negotiating capability that can bring competing objectives together in a way that provides the sense of

“win-win”.
- Excellent presentation skills including the ability to explain technical matters to a non-technical audience.
- Strong interpersonal skills and documentation skills. Ability to develop written communications that are persuasive, and

business focused.
- Team player, good time-management and organizational skills and ability to work autonomously in a dynamic

environment.
- Flexibility to adjust quickly to multiple demands, shifting priorities, ambiguity, and rapid change.

**What we offer**
- A comprehensive benefits package
- A minimum of 15 paid vacation days
- A lifetime pension
- Flexible work model, depending on your role type
- Training and development courses

PN 2010395
Location: Vancouver, BC, V6B 5R3 Canada
** What else you should know**
- Cybersecurity certification (e.g. CISSP, GSEC, GCIA, GCWN, CISA, CISM, CCNA, GPEN) would be considered an asset.
- Experience in Industrial Control Systems (ICS) including SCADA and other Operational Technology (OT) used in the

Energy sector would be considered an asset.
- Please note this is a hybrid position wtih expectations to work in our office in Vancouver, BC for a minimum of 2 days