IT Security Specialist Job at Manitoba Hydro, Winnipeg, MB

U1JjK01tVWJ1U3FnNlV1Z0RwMEJkQT09

Job Description

CYBER SECURITY SPECIALIST

Winnipeg, MB

Manitoba Hydro is consistently recognized as one of Manitoba's Top Employers!

Great Benefits

  • Competitive salary and benefits package.
  • Defined-benefit pension plan.
  • Nine-day work cycle which normally results in every other Monday off, providing for a balanced approach to work, family life
and community.
  • Flex-time and partially remote work schedule (providing the option to work remotely 3 days per 2 week period), depending on

nature of work, operational requirements and work location.

Manitoba Hydro is a leader among energy companies in North America, recognized for providing highly reliable service and
exceptional customer satisfaction. Join our team of Manitoba's best as we continue to build a company that supports innovation,
commitment and customer service.

Manitoba Hydro is looking for a highly motivated person to be part of a team that partners with stakeholders across Manitoba Hydro
to manage cyber security risk. The position will lead multiple security programs, conduct and review complex security risk
assessments, provide specialized security expertise across the enterprise, and be a driver of corporate security culture and
commitment.

Responsibilities:

  • Maintain the integrity, confidentiality, and availability of Manitoba Hydro information and technology assets by designing,
implementing, monitoring, communicating, and enforcing overall Enterprise Technology Security policies, processes,
guidelines, and controls for all Manitoba Hydro technology environments and assets.
  • Lead multiple enterprise Cyber Security programs, provide assistance and consultation on several others including (but not
limited) to threat intelligence, policy management, NERC CIP, Industrial Control System Cyber Security Risk Management,
incident response and disaster recovery, and application security.
  • Support the design and execution of tabletop exercise scenarios, ensure Disaster Recovery planning and practices are in
accordance with cyber security guidelines, and assess all-source intelligence and recommend targets to support cyber
operation objectives.
  • Conduct complex security risk assessments on applications to prevent vulnerabilities and entry points that attackers can
exploit.
  • Provide specialized Cyber Security expertise and consulting services to ensure consistency of Cyber Security practices
across all technology and networks throughout Manitoba Hydro.
  • Lead various Cyber Security Awareness Program campaigns and initiatives, including enterprise communications, awareness
training, phishing simulations, presentations, and other communications vehicles.
  • Be a driver of corporate security culture and commitment through awareness campaigns, engagement on project teams, and
engagement on multiple security programs.
  • Conduct Cyber risk management tasks such as security assessments, threat assessments, risk reviews, post-implementation
and in-production reviews, scenario-based Cyber assessments, and ICS risk assessments against systems, applications,
networks, cloud assets, processes, and controls.
  • Lead or assist with the third-party Enterprise Technology Security Assessments and manage the resulting recommendations
and action plans.
  • Establish and oversee monitoring, selection and termination for suppliers.
  • Develop and maintain good working relationships with industry contacts for the purpose of information exchange and to keep
abreast of technology innovation and directions.
  • Develop and maintain good working relationship with stakeholders throughout Manitoba Hydro including any subsidiaries.
  • Work collaboratively with staff across the enterprise in the development, implementation, maintenance, and improvement of

overall NERC Critical Infrastructure Protection (CIP) processes and procedures and Industrial Control System Cyber Security
Risk Management initiatives.

MANITOBA HYDRO IS COMMITTED TO DIVERSITY AND EMPLOYMENT EQUITY

Reference Code: CO56704945-01

  • Anticipate and assess longer term requirements and keep abreast of legislation and regulations pertaining to NERC and
Cyber Security in the United States and Canada.
  • Manage NERC CIP-related requirements and document repositories/tools to collect and maintain the required evidence of
compliance activities including reporting and presentations regarding the IT NERC CIP activities and performance.

Qualifications:

  • A four-year degree in Computer Science or Computer Engineering from a university of recognized standing, plus a minimum
of five years related information technology (IT) or industrial control system (ICS) support experience of which at least three
years must be in a system/platform support role.
OR
  • A two-year diploma in Computer Technology from an institute of recognized standing, plus a minimum of seven years related
experience in IT or ICS support experience of which at least three years must be in a system/platform support role.
  • Has or be willing to obtain certification within 12 months: ISAACA CSX Cybersecurity Practitioner (CSX-P) or (ICS)2
Entry-Level Cybersecurity certification; and maintain that certification in good standing.
  • Professional certifications such as CISSP, CISM, CRISC, OSCP, CEH, CGIH, GPE, SANS, etc. would be an asset.
  • Possess an understanding of Cyber security concepts, controls, frameworks and standards including NIST and ISO.
  • Knowledge of ICS Cyber Security Risk Management and NERC Critical Information Protection (CIP) Standards, Programs
and Procedures, CIP infrastructure components and CIP cyber assets.
  • Technical system support experience with Information Technology and infrastructure components.
  • Knowledge and understanding of prevention and defense technologies, software and best practices, including Security

Information Event Management (SIEM) and analytics, access controls, Security Orchestration & Automated Response
(SOAR), endpoint protection, Cloud controls, Intrusion Detection and Prevention Systems (IDS/IPS), vulnerability assessment,
Cloud Access Security Brokers (CASB), web application security scanning and monitoring, risk registers, encryption
technologies, and patch management.

  • Strong written and verbal communication skills with a demonstrated ability to communicate effectively, deliver reports,
recommendations, and presentations, and the ability to build and maintain harmonious working relationships with staff across
the enterprise at all levels.
  • Excellent organizational and interpersonal skills, including facilitation, and negotiation.
  • Demonstrated creativity in resolving complex information technology issues, implementing new processes and products and
redesigning work processes.
  • Demonstrated focus on documentation and continuous improvement.
  • Demonstrated initiative, and ability to prioritize, and achieve results in a timely manner.
  • Possess good analytical skills, be self-motivating, and possess mature judgment with the ability to make and implement sound
decisions.
  • Possess a valid Province of Manitoba Driver's Licence.
  • Must complete Manitoba Hydro Standards of Conduct training.
  • Critical Infrastructure Protection (CIP) Training is required and must be completed prior to transfer date and renewed annually.

Salary Range

Starting salary will be commensurate with qualifications and experience. The range for the classification is $40.64-$56.08 Hourly,
$77,882.74-$107,467.36 Annually.

Apply Now!

Visit www.hydro.mb.ca/careers to learn more about this position and to apply online. The deadline for applications is MAY
30, 2023.

We thank you for your interest and will contact you if you are selected for an interview.

This document is available in accessible formats upon request. Please let us know if you require any accommodations
during the recruitment process.

Similar Jobs