Job Description

Status: Regular Full time

Working Conditions: Hybrid Work Environment (3 days in office)

Education Level: 4 years of University degree in Computer Science, Information Technology, Engineering, or related field.

Location: Pickering, Ontario

Shifts(s): Days

Travel: 10%

Deadline to Apply: February 16, 2024.

Electrify your career and help build a brighter tomorrow.

Every generation has a challenge that defines them. At OPG, we are calling on all innovators, disruptors, thought leaders and change-makers. Join us to electrify life in one generation and build a sustainable future powered by our electricity, our ideas, and our people. Join OPG and make history.

Whether you work in the skilled trades or are a business professional, a career at OPG is an opportunity to electrify your life on -- and off -- the job.

ACCOMMODATIONS

OPG is committed to fostering an inclusive, equitable, and accessible environment where all employees feel valued, respected, and supported. If you require accommodation during the application or interview process, please advise us as soon as possible so appropriate arrangements can be made.

If you require information in a format that is accessible to you, please contact

NEW CAMPUS: This position is moving to OPG Corporate Headquarters: In Summer 2025, OPG will officially welcome employees to our new Corporate Headquarters located at 1908 Colonel Sam Drive, Oshawa, Ontario. This new space will enable teamwork, collaboration and innovation that will help us to achieve our mission to electrify life in one generation.

JOB OVERVIEW

Ontario Power Generation (OPG) is looking for a dynamic, strategic, and results-driven professional to join our team in the role of Sr Governance, Risk & Compliance Consultant on our Nuclear Cyber Security team.

Reporting to the Section Head, Nuclear Cyber Security, this role is responsible for performing cyber security assessments against industry frameworks, Third party Risk Management, Cyber Risk Management Program, Awareness and Training, oversight of Cyber Governance and Compliance activities, and support Cyber Security Innovation and technical projects.

This is an exciting opportunity to work in an environment where you will contribute to OPG\'s public outreach, engagement, and education efforts as part of the company\'s commitment to growing its social license.

KEY ACCOUNTABILITIES

• Perform policy gap and control assessments against standard cybersecurity frameworks.
• Review policies, procedures, and processes to recommend enhancements and maintain oversight on Cyber Governance, Risk and Compliance process for IT and OT systems.
• Assist in developing and maintaining Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) for the Cyber Governance Security Program and initiatives. Provide advisory service to business units on governance, risk, and compliance best practices.
• Advise OPG subsidiaries to develop sound cybersecurity practices and maturity to reduce risk to the overall OPG brand.
• Lead Cybersecurity projects that drive efficiency and effectiveness of cyber security.
• Represent OPG Cyber Security at external committees and forums.
• Conduct various risk, control, maturity, and compliance assessments based on established security frameworks including but not limited to NIST CSF, CIS, ISO 27001, ISF, CSA N290.7, NERC-CIP, etc.
• Meet with business stakeholders to identify top security risks. Evaluate and perform business level cyber risk assessments using established risk methodology and provide recommendations for improving security posture and resolving identified risk and issues.
• Perform Third party Cyber risk assessments by working with vendors and ensure adherence to Cybersecurity Terms and Conditions using a Risk based approach.
• Assist in maturing the Third-Party Risk Management program by defining security controls based on the risk rating and tiers of the vendors.
• Develop Cyber Security awareness training.
• Work with cybersecurity department and communications team to release security news updates and bulletins related to cybersecurity.
• Develop and maintain risk registers, risk management framework, risk acceptance forms and maintain GRC tools to provide oversight for the cybersecurity program.
• Working with Enterprise Risk for performing periodic risk reporting and developing Executive and Board level reports.
• Support in building committee charters and interfacing with other internal/external stakeholders as part of Governance and Risk Committee meetings.
• Report on control failures and ensure compliance for the cybersecurity department.
• Work with Internal and External Audit and Regulatory Affairs functions to facilitate information gathering and reporting.
• Report on program efficiency such as vulnerability/patch management and program health reporting.
• Other duties as required.

EDUCATION

• 4 years of University degree in Computer Science, Information Technology, Engineering, or related field.
• Completed or working towards at least one cyber security certification (i.e., ISC2, ISACA, SANS ICS, ICS-CERT, US-CERT, ISA, CybatiWorks, or other relevant certifications) is considered an asset.

QUALIFICATIONS

• 6+ years of demonstrated hands-on experience in Cyber Risk, Consulting, and Third-Party Cyber Risk Management.
• Advanced knowledge of Cyber Security best practices such as network and application security, mobile device security, Identity & Access Management
• Strong understanding of security concepts and frameworks such as NIST, CIS, COSO, ISO 2700x, CSA N290.7 and NERC-CIP.
• In-depth understanding of security best practices, risks and technologies, and the solutions to address those risks within the Cyber Security domain.
• Phishing Simulation and Learning management tool, Python, Data Engineering, Automated Tasks Scheduling etc.
• Extensive experience with the following information security concepts:
• Security Operations (Investigations, Threat Hunting, Patching etc.)
• Business Continuity,
• Security Architecture,
• Secure Cloud Architecture,
• Incident Response,
• Information Protection,
• Access Control
• Demonstrated experience with vulnerability assessments, threat vectors, methodologies, and social engineering techniques to ensure events are categorized correctly and remediated in a timely manner.
• Knowledge of Information Systems Security Certification Consortium (ISC2), SysAdmin Audit Network and Security (SANS), or Information Systems Audit & Control Association (ISACA), to investigate threats to corporate information technology systems applications, and networks, and assess, evaluate, and recommend additions, modifications, or replacement.
• Strong communication and presentation skills. Additional skills in MS SQL Server, Advanced MS Excel, Power BI, Power Automate, Power Apps, GRC tools (Audit board, Archer),
• Strong communication skills, both oral and written, to prepare reports and communicate effectively with others.
• Ability to work effectively and efficiently in a flexible hybrid office environment.

The successful candidate will exhibit uncompromising integrity and commitment to upholding corporate values, and the OPG Code of Business Conduct.

What Makes a Career at OPG Different?

As Ontario\'s largest clean energy generator, we\'re building, expanding, and innovating the equipment and technology that keeps Ontario powered with clean, reliable energy.

At OPG, our values are our strengths. They are fundamental truths about our organization that don\'t change:

Safety - it\'s our business.

Integrity - always lead with integrity.

Excellence - never satisfied with good enough.

Inclusion - working together for powerful outcomes.

Innovation - creativity accelerates possibility.

Here\'s why OPG might just be the ideal workplace for you:

• Exceptional range of opportunities province-wide
• Long-term career growth and development opportunities
• Electricity is vital to the province and OPG\'s clean electricity is helping decarbonize other sectors.

Our promise to you:

• We care about the safety and the well-being of our employees. It is our utmost priority.
• A supportive work environment where you can be your best every day.
• Opportunities to stretch and develop.
• Offer different ways for you to give back to the communities where we operate.
• Partner with Indigenous communities and support local businesses.
• We support employment equity, diversity, and inclusion.

Are you ready to start a career that has the power to electrify life on and off the job? Apply now.

APPLICATION PROCESS

Please submit your application online at by 11:59 PM E.S.T. February 16, 2024. OPG thanks all those who apply; however, only candidates considered for an interview will be contacted.

#LI-Hybrid

.

Ontario Power Generation