Job Description

A workplace powered by you

At BC Hydro, we're working towards creating a cleaner and more sustainable future for all British Columbians and need


people like you to help us. A career at BC Hydro is meaningful and provides you the opportunity to be part of a talented,


inclusive, and diverse team. We offer a healthy work-life balance, competitive wages, a comprehensive benefits package,


and training opportunities to support you in your career growth. We're proud to be ranked as one of B.C.'s Top Employers


and one of Canada's Best Diversity Employers.




We invite you to join us as we build an even cleaner B.C. We welcome applications from all qualified job seekers. If you're a


person with a disability, please let us know by emailing RecruitmentHelp@bchydro.com, as adjustments can be made to


help support you in your application process.

IT Compliance Analyst (FTT)

Number of positions: 1 Job Location: Dunsmuir 08



Employment type: Temporary Region: Lower Mainland



Hours of work: Full-time (37.5 hrs/wk) Flexible Work Role: Hybrid



Annual salary: $ 70,800.00 - 76,300.00

Position Highlights

Provides support on the sustainment of BC Hydro's cybersecurity/IT compliance with various regulatory compliance


requirements (such as North American Reliability Corporation (NERC) Critical Infrastructure Protection (CIP)).

What you'll do

Oversees the review of compliance workflows (such as Critical Infrastructure Protection (CIP) change requests, patch
management and vulnerability assessments) in the compliance management system to ensure adherence to timelines and


established procedures. Identifies compliance issues with documentation and reviews with internal teams or external


service providers to negotiate solutions and provide recommendations for next steps. Approves or declines compliance


workflows for accuracy and completeness for next steps in the process.




Identifies, develops and implements new or revised compliance processes/procedures (such as access management,
Transient Cyber Assets (TCA)). Solicits feedback from applicable stakeholders. Recommends process/procedural


improvements to address concerns and gaps. Develops and maintains documentation in knowledge management


repositories. Reviews and publishes knowledge articles to business-facing knowledge bases.




Coordinates the access management review process by: preparing quarterly and annual access review reports; verifying
the business justification to maintain access for access holders with BC Hydro managers; reviewing access revocation


records from various systems; and preparing compliance documentation as required.




Coordinates the external vendor TCA authorization process for usage and security controls of devices by: reviewing
authorization requests for quality and accuracy; approving or declining authorization requests; conducting random audits on


the security controls of TCA devices to ensure compliance with policies and procedures; following-up with external vendors


to resolve compliance issues; and rejecting devices and removing users from access groups for non-compliance with BC


Hydro's security control and compliance requirements.




Coordinates the collection of compliance documentation for the annual certification process or audits. Monitors progress of
completing the Reliability Standard Audit Worksheets (RSAW). Populates or reviews RSAW and related compliance


documentation and narratives for accuracy and completeness. Follows-up with internal teams and external service


providers on areas requiring clarification or action.




Recommends minor enhancements to enterprise compliance access management systems to IT Compliance Analyst
Work Leader. Under guidance of IT Compliance Analyst Work Leader, works with IT System Developers to implement


minor enhancements. Carries out user acceptance testing to ensure minor enhancements meet functional and operational


efficiency and effectiveness requirements.




Prepares training materials and conducts formal/informal training sessions and presentations on compliance programs,
compliance processes and procedures to internal teams, co-op students and external service providers.




Assists management with NERC CIP incident investigations by: preparing the documentation related to incident; carrying
out root cause mapping analysis of incident under management's direction and guidance; maintaining evidence
documentation upon completion of investigation; recommending process improvements to stakeholders as part of mitigation


solutions; and advising of risks with meeting deadlines.




Monitors and responds to enquiries sent to email inboxes. Forwards to appropriate team members as required.


Prepares status reports of completed and outstanding compliance documentation reviews.


Performs duties of a minor nature related to the above duties that do not affect the rating of the job.

What you bring

Degree in Information Technology, Engineering, Business Administration or related fields; plus two (2) years of experience
in IT audit related activities (e.g. gathering, developing and reviewing audit evidence documents) or cybersecurity related


activities.




OR




Diploma in Information Technology, Engineering, Business Administration or related fields; plus four (4) years of
experience in IT audit related activities (e.g. gathering, developing and reviewing audit evidence documents) or


cybersecurity related activities.




Demonstrated experience developing and maintaining business processes and procedures.


Requires in-house NERC CIP training to be completed within the first week of starting in the job.


Security related certification (such as CompTIA Security+, Certified Information Systems Security Professional (CISSP),
Certified Information Systems Auditor (CISA)) considered an asset.

What we offer

A comprehensive benefits package A minimum of 15 paid vacation days A lifetime pension Flexible work model, depending on your role type Training and development courses


For more information on the benefits we offer, visit bchydro.com/benefits.




PN 2024481


Location: Vancouver, BC, Canada V6B 5R3

What else you should know

This position is affiliated with the Movement of United Professionals union (MoveUP/COPE). http://moveuptogether.ca


This is a Full Time Temporary role until November 2025.
The main responsibilities for this position are:




Assist in ongoing CIP compliance sustainment tasks for NERC CIP-010 standard.


Review, authorize and document CIP compliance evidence to meet NERC requirements of baseline change management.


Collaborate with BC Hydro internal teams and third-party service providers on cyber asset commissioning and
decommissioning and make sure the CIP compliance requirements are fulfilled.




Contribute to process improvement projects by performing analysis of IT compliance to ensure the requirements and
impacts to the team's compliance process.




Support the compliance sustainment tasks for NERC CIP-002/005/007 standards in a minor role.Before you apply, please
confirm you meet BC Hydro's time in role requirement. M&P employees must meet the time in role requirement specified in


their most recent offer letter. For MoveUP and IBEW employees, the current time in role as outlined in the Collective


Agreements will apply.




Don't forget to update your Candidate Profile with your current resume and copies of your certifications. If applicable,


include your Trades Qualification. This will ensure we have all the necessary information to assess your application without


any delays.

Date Posted:

2025-02-21

Closing Date:

2025-02-28



For internal use 52075874