CYBER SECURITY SPECIALIST

Winnipeg, MB

Manitoba Hydro is consistently recognized as one of Manitoba's Top Employers!

Great Benefits

• Competitive salary and benefits package.
• Defined-benefit pension plan.
• Nine-day work cycle which normally results in every other Monday off, providing for a balanced approach to work, family life

nature of work, operational requirements and work location.

Manitoba Hydro is a leader among energy companies in North America, recognized for providing highly reliable service and
exceptional customer satisfaction. Join our team of Manitoba's best as we continue to build a company that supports innovation,
commitment and customer service.

Manitoba Hydro is looking for a highly motivated person to be part of a team that partners with stakeholders across Manitoba Hydro
to manage cyber security risk. The position will lead multiple security programs, conduct and review complex security risk
assessments, provide specialized security expertise across the enterprise, and be a driver of corporate security culture and
commitment.

Responsibilities:

• Maintain the integrity, confidentiality, and availability of Manitoba Hydro information and technology assets by designing,

implementing, monitoring, communicating, and enforcing overall Enterprise Technology Security policies, processes,
guidelines, and controls for all Manitoba Hydro technology environments and assets.

• Lead multiple enterprise Cyber Security programs, provide assistance and consultation on several others including (but not

limited) to threat intelligence, policy management, NERC CIP, Industrial Control System Cyber Security Risk Management,
incident response and disaster recovery, and application security.

• Support the design and execution of tabletop exercise scenarios, ensure Disaster Recovery planning and practices are in

accordance with cyber security guidelines, and assess all-source intelligence and recommend targets to support cyber
operation objectives.

• Conduct complex security risk assessments on applications to prevent vulnerabilities and entry points that attackers can

exploit.

• Provide specialized Cyber Security expertise and consulting services to ensure consistency of Cyber Security practices

across all technology and networks throughout Manitoba Hydro.

• Lead various Cyber Security Awareness Program campaigns and initiatives, including enterprise communications, awareness

training, phishing simulations, presentations, and other communications vehicles.

• Be a driver of corporate security culture and commitment through awareness campaigns, engagement on project teams, and

engagement on multiple security programs.

• Conduct Cyber risk management tasks such as security assessments, threat assessments, risk reviews, post-implementation

and in-production reviews, scenario-based Cyber assessments, and ICS risk assessments against systems, applications,
networks, cloud assets, processes, and controls.

• Lead or assist with the third-party Enterprise Technology Security Assessments and manage the resulting recommendations

and action plans.

• Establish and oversee monitoring, selection and termination for suppliers.
• Develop and maintain good working relationships with industry contacts for the purpose of information exchange and to keep

overall NERC Critical Infrastructure Protection (CIP) processes and procedures and Industrial Control System Cyber Security
Risk Management initiatives.

MANITOBA HYDRO IS COMMITTED TO DIVERSITY AND EMPLOYMENT EQUITY

Reference Code: CO56704945-01

• Anticipate and assess longer term requirements and keep abreast of legislation and regulations pertaining to NERC and

Cyber Security in the United States and Canada.

• Manage NERC CIP-related requirements and document repositories/tools to collect and maintain the required evidence of

compliance activities including reporting and presentations regarding the IT NERC CIP activities and performance.

Qualifications:

• A four-year degree in Computer Science or Computer Engineering from a university of recognized standing, plus a minimum

of five years related information technology (IT) or industrial control system (ICS) support experience of which at least three
years must be in a system/platform support role.
OR

• A two-year diploma in Computer Technology from an institute of recognized standing, plus a minimum of seven years related

experience in IT or ICS support experience of which at least three years must be in a system/platform support role.

• Has or be willing to obtain certification within 12 months: ISAACA CSX Cybersecurity Practitioner (CSX-P) or (ICS)2

Entry-Level Cybersecurity certification; and maintain that certification in good standing.

• Professional certifications such as CISSP, CISM, CRISC, OSCP, CEH, CGIH, GPE, SANS, etc. would be an asset.
• Possess an understanding of Cyber security concepts, controls, frameworks and standards including NIST and ISO.
• Knowledge of ICS Cyber Security Risk Management and NERC Critical Information Protection (CIP) Standards, Programs

Information Event Management (SIEM) and analytics, access controls, Security Orchestration & Automated Response
(SOAR), endpoint protection, Cloud controls, Intrusion Detection and Prevention Systems (IDS/IPS), vulnerability assessment,
Cloud Access Security Brokers (CASB), web application security scanning and monitoring, risk registers, encryption
technologies, and patch management.

• Strong written and verbal communication skills with a demonstrated ability to communicate effectively, deliver reports,

recommendations, and presentations, and the ability to build and maintain harmonious working relationships with staff across
the enterprise at all levels.

• Excellent organizational and interpersonal skills, including facilitation, and negotiation.
• Demonstrated creativity in resolving complex information technology issues, implementing new processes and products and

Salary Range

Starting salary will be commensurate with qualifications and experience. The range for the classification is $40.64-$56.08 Hourly,
$77,882.74-$107,467.36 Annually.

Apply Now!

Visit www.hydro.mb.ca/careers to learn more about this position and to apply online. The deadline for applications is MAY
30, 2023.

We thank you for your interest and will contact you if you are selected for an interview.

This document is available in accessible formats upon request. Please let us know if you require any accommodations
during the recruitment process.