Job Description

A workplace powered by you

At BC Hydro, we're working towards creating a cleaner and more sustainable future for all British Columbians and need


people like you to help us. A career at BC Hydro is meaningful and provides you the opportunity to be part of a talented,


inclusive, and diverse team. We offer a healthy work-life balance, competitive wages, a comprehensive benefits package,


and training opportunities to support you in your career growth. We're proud to be ranked as one of B.C.'s Top Employers


and one of Canada's Best Diversity Employers.




We invite you to join us as we build an even cleaner B.C. We welcome applications from all qualified job seekers. If you're a


person with a disability, please let us know by emailing RecruitmentHelp@bchydro.com, as adjustments can be made to


help support you in your application process.

IT Advisor - Cybersecurity Remediation Advisor

Number of positions: 1 Job Location: Edmonds C02



Employment type: Permanent Region: Lower Mainland



Hours of work: Full-time (37.5 hrs/wk) Flexible Work Role: Hybrid



Annual salary: $ 107,000.00 - 135,300.00

Position Highlights

The Cybersecurity Remediation Advisor, Applications & Platforms, acts as the primary liaison between the Cybersecurity


team and application stakeholders, ensuring effective communication, coordination, and execution of remediation efforts


across the application landscape. This role is pivotal in reducing risk, enhancing resilience, and embedding security into the


fabric of application development and operations

What you'll do

Vulnerability Prioritization & Strategy Development




Collaborates with Cybersecurity to assess, prioritize, and define remediation strategies for application-layer security
weaknesses (published vulnerabilities, insecure configurations, deviations from security standards), including those in third-

party and custom-built software.




Cross-Team Coordination & Engagement




Facilitates collaboration across application development, DevOps, QA, and business application teams to ensure timely
and effective remediation. Acts as a bridge between technical and business stakeholders.




Execution & Operational Oversight




Oversees remediation activities such as code fixes, library upgrades, configuration changes and security hardening, and
secure deployment practices--leveraging internal teams or vendors through projects, sprints, or operational workflows.




Secure Development Lifecycle (SDLC) Integration




Partners with engineering and DevOps teams to embed security controls throughout the SDLC. Promotes secure coding
practices, threat modeling, and integration of automated security testing (e.g., SAST, DAST, SCA).




Tooling & Automation Advocacy




Identifies and champions tools that support vulnerability detection, remediation tracking, and secure CI/CD pipelines.
Works with platform teams to automate remediation workflows.




Third-Party & SaaS Risk Management




Coordinates with vendor management and procurement to assess and remediate vulnerabilities in third-party and SaaS
applications. Ensures compliance with internal security standards.




Status Reporting & Escalation Management




Maintains authoritative tracking of remediation progress across application portfolios. Provides regular updates to leadership and acts as the escalation point for unresolved or high-risk issues.




Security Awareness & Enablement




Conducts enablement sessions for application teams on secure development and remediation best practices. Serves as a
trusted advisor to product owners and engineering leads.




Governance & Policy Alignment




Ensures remediation activities align with cybersecurity standards enterprise security policies, compliance requirements,
and audit findings. Contributes to the development of application security standards and SLAs.




Continuous Improvement & Risk Mitigation




Identifies opportunities to enhance application security posture and reduce long-term risk through proactive measures,
process improvements, and strategic initiatives.

What you bring

Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or a related field.


5+ years of experience in cybersecurity, with a focus on application and platform security.


Strong understanding of application development lifecycles and methodologies.


Experience with hybrid IT environments (on-premise and cloud).


Familiarity with DevSecOps practices and tools.


Experience with secure coding practices and application security testing.


Familiarity with tools such as static and dynamic analysis, vulnerability scanning, and penetration testing.


Strong understanding of cloud-native security architectures and shared responsibility models.


Knowledge of cybersecurity frameworks and standards (e.g., NIST).


Hands-on experience with securing cloud platforms (AWS, Azure) and hybrid environments.


Certifications such as CISSP, CCSP, or AWS/Azure Security Specialty are highly desirable.


Familiarity with NERC CIP compliance is an asset.


Previous experience with Security Operations management suites that organise workloads for managing risk
policies, security incidents and vulnerability responsiveness (i.e. ServiceNow IRM/GRC & SecOps)

What we offer

A comprehensive benefits package A minimum of 15 paid vacation days A lifetime pension Flexible work model, depending on your role type Training and development courses


For more information on the benefits we offer, visit bchydro.com/benefits.







Location: Burnaby, British Columbia, Canada V3N 4X8

What else you should know

Don't forget to update your Candidate Profile with your current resume and copies of your certifications. If applicable,


include your Trades Qualification. This will ensure we have all the necessary information to assess your application without


any delays.

Date Posted:

2025-11-20

Closing Date:

2025-12-18



For internal use 52206392