Sr It Security Specialist

47303 - Toronto - Regular - Ongoing

Safety Comes First is a core value at Hydro One, and we remain committed to taking every reasonable precaution to ensure a respectful, safe and healthy working environment. Further to this commitment, we have adopted a COVID-19 Vaccination Policy to protect the health of our employees from the hazard of COVID-19. New employees will be required to declare their vaccination status to Hydro One. Employees who do not provide proof of vaccination status may not enter any 3rd party locations that require full vaccination (e.g. customer properties).

Hydro One is proud to be the largest electricity transmission and distribution provider in Ontario, serving nearly 1.5 million customers. We have a long history in the industry with our roots dating back over 110 years to 1906. Since then, we have worked to grow and evolve to meet the changing needs of our customers and communities across Ontario. Today, we’re focused on providing exceptional customer service and ensuring we are building safe communities where we live, work and play.

It’s an exciting time to join the team at Hydro One!

• NOTE* Hydro One introduced a Hybrid Work Pilot Project in 2022 for most office-based roles. Employees work in-office/on-site two days a week and remotely from home for three days a week. Hydro One is adding refreshed workspaces and technology to support these changes. Join us as we ‘trial & learn’ a new modern way of working and be a key driver of future state!

In office but with intention – a time for team and trust building, collaboration, and socialization. Please reach out to us to learn more!

As Senior Cybersecurity Advisor At Hydro One, You Will

• Join a diverse team of experienced Cybersecurity practitioners, and act as a subject matter expert for Information Security with the Lines of Business (LOB)
• Conduct research to maintain and expand knowledge on the latest cyber security technologies and standards, as well as the threat and vulnerability landscape for Industrial Control Systems (ICS) in general, and the Electrical sector in Ontario
• Focus on security operations and information security governance as it relates to Information Technology (IT) and Operations Technology (OT) systems
• Translate technical cyber & information security requirements into business actions. Preserve and apply the security governance framework (based on NIST) for the LOBs.
• Work with different, potentially conflicting requirements (legal, regulatory, industry standards, security strategy) to distil realistic security requirements supporting the business strategy

You Are An Experienced Cyber Risk Management Professional With Extensive Knowledge And Experience In Architecture Of The Following Domains And Their Application To IT (and Preferably OT) Environments

• Infrastructure Security
• Vulnerability Management
• Threat, Risk and Compliance
• Security Architecture
• Security Governance and Policies
• Security Operations
• Identity and Access Management

Specific Accountabilities May Include

• Seek industry trends and organization knowledge to understand and implement effective risk management practices.
• Support responses to various regulatory requests and audits
• Establish practices and communications to foster a culture of issue self-identification and support partners in the Risk Issue management processes to carry out their roles effectively and consistently.
• Continuously improve quality of the issue management process and data.
• Provide recommendations for security architecture for all technology projects, new platforms – on premise or cloud-based and ensure alignment of technology solutions to established frameworks and security standards.
• Provide risk management insights through an ongoing process of gathering, analyzing and prioritizing actionable risk messages; develop content to support communication of the messages and enable technology teams to consume and apply the messages to their respective areas.
• Build and manage effective relationships with key stakeholders, team members, and other business, functional and support groups. Collaborate with senior leaders to ensure alignment of Cyber Security initiatives.
• Manage various stakeholders across levels (including executives) and engage in resolution of risk issues.
• Represent the Cyber Security Governance, Risk and Architecture team as an advisor and expert Cyber Security SME to support overall security program
• Provide consultation to operational teams as a risk-focused senior cyber security advisor on security-related initiatives, solution selection, security architecture and security assessments

Requisite Experience And Skills

• 10+ years of information security experience in risk management and information security
• Knowledge of unique threats to the energy sector and its role within Canadian critical infrastructure
• Excellent organization/project planning, time and organizational change skills across multiple functional groups and departments
• Demonstrable experience in an advisor/consultant capacity representing Information Security
• Sound understanding of the Ontario Cyber Security Framework
• Extensive experience of strategic development of standards, Cyber Security Risk Identification and Mitigation techniques
• Excellent interpersonal, communication, and presentation skills applicable to a wide audience including senior and executive management
• Familiarity with Risk Management Frameworks (ISO 27005, NIST 800-30/39 or ISF IRAM2 )
• Knowledge of current trends in the cyber security industry
• One or more of CISSP, CRISC, CISM or other relevant certifications would be an asset
• Familiarity with scenario-based risk analysis using common threat modelling techniques
• Post-secondary education in Computer Science or related field, or equivalent work experience
• Strong knowledge of NIST SP800-53 and NIST Cyber Security Framework
• Knowledge of metrics programs and security dashboard creation

At Hydro One we understand that the success and strength of our business rests with our people. When we develop their skills, we are investing in both their success and ours. To secure the best talent, we seek to create a workforce that reflects the diverse populations of the communities where we live and work and to create a culture based on safety, innovation and inclusiveness.

We are honoured to be recognized by Forbes in its list of Canada’s Best Employers for 2023.

Thank you for considering a career with Hydro One, we welcome applications from all qualified candidates. If you are having difficulty using our online application system and you need an accommodation due to a disability, please email [email protected]. Hydro One will provide reasonable accommodation for qualified individuals with disabilities in the job application process.

Please note this email is only for accommodation requests. Resumes sent to this email address will not be considered.

Deadline: July 31, 2023

In the event you are experiencing difficulties applying to this job please consult our help page here .