Cip Compliance Lead

Powered by water... and by people like you

Providing clean electricity to 4 million customers takes a diverse workforce and that’s where you come
in. We need your talent to help us build major projects to meet growing demand. To help our
customers find clean energy solutions for their homes and businesses and to be ready to respond
during storms and outages to keep our system reliable.

Working for BC Hydro is meaningful. And now, the stakes have been raised as we work towards a
solution to climate change while safely providing clean, affordable electricity to our customers.

We offer a healthy work life balance, training opportunities and career progression. We're proud to be
ranked as one of B.C.'s Top Employers and one of Canada's Best Diversity Employers. Join us as we
build an even cleaner B.C.

**JOB DESCRIPTION**
**Duties**:

- One of BC Hydro’s key business priorities is to ensure compliance with the North American

Electric Reliability Corporation (NERC) Mandatory Reliability Standards (MRS) in order to support
the reliability of the bulk electric system. Critical Infrastructure Protection (CIP) is primarily
cybersecurity focused NERC MRS Standard and is a major component of the NERC MRS
program.
- Aligned with this, BC Hydro is also strengthening is cybersecurity posture to ensure risk to its

operational infrastructure is appropriately mitigated through long and short-term planning and
operational activities.
- To continuing strengthen these areas, BC Hydro is looking for highly qualified, self-driven

individuals with highly developed analytical, collaboration and communications skills to contribute
to this important business objective.
- As an MRS and cybersecurity program lead embedded within the Integrated Planning, the

and maintains expertise and knowledge of the program’s methodologies, policies, and practices
published by BC Hydro, the BCUC, NERC and WECC.
- The role is responsible for executing the accountabilities and responsibilities for the assigned

Critical Infrastructure Protection (CIP) Standards and Requirements (the Assigned Standards)
within the respective business area. They do this by building Compliance practices, managing
and administering Compliance programs, verifying and communicating compliance and managing
investigations, mitigation plans and evidence.
- You will be part of a multidisciplinary team of 12+ Compliance Leads, Cybersecurity Planners

and Project Managers that interact with internal and external stakeholder resources in delivering a
number of projects or initiatives related to Mandatory Reliability Standards.
- Stakeholders include: The Reliability Standards and Assurance (RSA) team, Cybersecurity &
CIP Program Office, Engineering Design, Operation, CIPD, Finance, Regulatory, and Legal
- Counsel.
- Specific duties include:
- Support the Director IP (Integrated Planning) MRS, Execution Delegates, Governance Delegates

and Compliance Lead to executes the accountabilities, sustain and demonstrate CIP compliance.- Support and represent Integrated Planning in the identification, planning, justification and

development of cybersecurity plans and initiatives.- Developing, implementing and maintaining procedures, programs, processes, internal controls,

work instructions and reports, associated with the assigned CIP compliance standards as well as
- cybersecurity accountabilities.- Working collaboratively across the organization to ensure consistent practices and procedures

are being adhered to related CIP and operational cybersecurity.- Assessing the training, change management and engineering/field support requirements for

standards compliance and operational cybersecurity.- Maintaining knowledge and awareness of industry practices and trends associated with assigned

standards and operational cybersecurity.- Acting as technical and/or process lead for assigned standard(s).
- Assessing implications of new and revised standards, providing comments and developing

estimates of cost and resource requirements to ensure ongoing compliance and cybersecurity.- Verifying and Communicating Compliance:

- Promoting a culture of compliance, cybersecurity and encouraging continuous improvement of

our compliance programs- Participating in annual risk-based compliance assurance programs and audits
- Identifying and rectifying areas of compliance risk or potential violation
- Identifying and rectifying areas of cybersecurity risk
- Managing and leading compliance incidents, investigations and mitigations plans
- Communicating technical issues to diverse audiences including senior leaders and executives
- Leveraging and/or advocating for systems and tools the support more effective and efficient

compliance programs**Qualifications**:
***

P.Eng designation is highly desirable but not mandatory for this role.
- Cyber Security designation, such as CISSP or relevant courses in cybersecurity are considered

an asset.
- Minimum of 8 years of experience in areas including