Job Description

Type of position:

Regular

Your future role on our team

At BBA, we strive to offer effective, reliable, secure and resilient control systems to our industrial clients. Our ICS Cybersecurity team specializes in regulatory compliance and critical infrastructure protection, with a strong focus on helping utilities and industrial operators meet NERC CIP and ARS CIP requirements. We design and implement practical and innovative solutions that not only meet client needs but also satisfy mandatory compliance obligations.



You'll work hands-on as part of multidisciplinary teams whose members have complementary expertise in digital technologies, network and telecommunication infrastructures, programming and integration of automation systems, instrumentation and controls, and digital power systems.

With us, you'll get the opportunity to:

Lead and support NERC CIP and ARS CIP compliance activities across standards such as CIP-002 through CIP-014, including drafting and revising policies, procedures, RSAWs, audit evidence, diagrams, and supporting documentation. Perform compliance gap assessments, readiness reviews, and mock audits to help clients prepare for regulatory oversight and mitigate risk of violations. Assess ICS/OT cybersecurity and physical security controls to identify vulnerabilities, recommend compliance-driven remediation, and assist clients in implementing technical and procedural controls. Advise clients on regulatory obligations and provide clear interpretation of NERC/ARS CIP requirements, ensuring deliverables align with both compliance and operational needs. Objectively evaluate and recommend compliance-aligned technological solutions available on the market, such as access control systems, monitoring solutions, network segmentation technologies, and secure remote access tools. Build strong relationships with clients by guiding them in decision-making to mature their compliance posture, cybersecurity governance, and overall risk resilience. Contribute to the development of compliance methodologies, playbooks, and internal best practices in BBA's in-house labs (industrial cybersecurity, automation, networking, power systems).

Do your qualities and values match our corporate culture?

Autonomous Show an aptitude for self-development Result Oriented Excellent communication and interpersonal skill Attention to detail Strong organizational skills Thirst to learn and excel Caring mindset that puts people first

Certifications and job requirements:

Undergraduate degree in cybersecurity, electrical engineering, computer engineering, or a related field. Minimum 3-6 years of direct experience with NERC CIP or ARS CIP compliance programs in the electric utility, energy, or industrial sector. Strong knowledge of NERC/ARS CIP standards (CIP-002 to CIP-014), including proven experience with audits, self-certifications, evidence gathering, RSAW development, and compliance program management. Excellent communication skills, both spoken and written (English required; French an asset). Experience with ICS/OT environments such as programmable logic controllers, distributed control systems, intelligent electronic devices (IEDs), and SCADA systems.
Familiarity with industrial network architectures and communication protocols (Ethernet/IP, Modbus, DNP3, ICCP, etc.).

Preferred but not essential assets

Experience working with utilities, Independent System Operators (ISO/RTOs), or regulatory agencies in North America. Exposure to compliance-driven security controls such as patch management, vulnerability assessments, change management, and access management (aligned to CIP-005, CIP-007, CIP-010, CIP-011). Experience with IP network devices (switches, routers, firewalls) and security tools for monitoring and compliance reporting. Knowledge of cybersecurity technologies and best practices beyond compliance (ISA/IEC 62443, NIST CSF, NIST SP 800-53). Involvement in SOC operations, incident response, recovery planning (CIP-008, CIP-009), and business continuity planning. Certifications such as NERC Certified CIP Professional (C3P), GCIP, CISSP, CISM, GICSP, or equivalent.

An overview of BBA's Total Rewards:

Annual base salary Annual premium program for regular employees Access to a time bank Onsite mobility premium Cellphone Program Group insurance plan starting day one including short-term and long-term disability insurance for regular employees and telemedicine program Retirement saving plan for regular employees Vacation and sick leave Premium offered through the Employee Referral program

At BBA, you get many benefits:

Access to a leadership program Opportunity to mentor our next generation: we invest in our people and help them develop A corporate culture that values expertise An inclusive culture that values diversity, respect and openness Pension, insurance plan and other benefits On site and at the office: Health, safety and the environment are a priority A caring environment where everyone's ideas are listened to and there is no perception of hierarchy Friendly, eco-mindful and high-tech workspaces Committees involved in important causes: diversity, social commitment, etc Growing business with many opportunities

About BBA

BBA is one of Canada's leading private consulting engineering firms, with over 45 years of experience serving the energy and natural resources industry.


Our people are the foundation of our success. Their passion and excellence have earned us recognition as one of Canada's Best Employers and Best Managed Companies, and we're committed to fostering a workplace where everyone feels empowered to grow, lead and be themselves.


Our teams bring together engineering, environmental and commissioning expertise to deliver practical, innovative and sustainable solutions--from strategy to execution. With 20 offices across Canada, the U.S. and Latin America, we combine local presence with international reach, offering clients close collaboration and field-ready support.


Learn more about our culture and projects on LinkedIn or connect with our talent team.