Job Description

48067 - Toronto - Regular - Ongoing

Hydro One is proud to be the largest electricity transmission and distribution provider in Ontario, serving nearly 1.4 million customers. We have a long history in the industry with our roots dating back over 110 years to 1906. Since then, we have worked to grow and evolve to meet the changing needs of our customers and communities across Ontario. Today, we\xe2\x80\x99re focused on providing exceptional customer service and ensuring we are building safe communities where we live, work and play.

It\xe2\x80\x99s an exciting time to join the team at Hydro One!

The Sr. IT Security Specialist is responsible for support and development of initiatives related to Hydro One\xe2\x80\x99s Cyber Security including supporting the facilitation of quarterly presentations to the Board and Committees and ensuring consistently applied messaging to the stakeholders regarding Hydro One\xe2\x80\x99s cyber risk profile, you will:

• Join a diverse team of experienced Cybersecurity practitioners, and act as a subject matter expert for Information Security with the Lines of Business (LOB)

• Perform comprehensive industry risk analysis, scanning for emerging cyber risks.

• Translate technical cyber & information security requirements into business actions. Preserve and apply the security governance framework (based on NIST) for the LOBs.

• Work with different, potentially conflicting requirements (legal, regulatory, industry standards, security strategy) to distil realistic security requirements supporting the business strategy.

• Conduct research to maintain and expand knowledge on the latest cyber security technologies and standards, as well as the threat and vulnerability landscape for Industrial Control Systems (ICS) in general, and the Electrical sector in Ontario.

Specific Accountabilities may include:

• Represent the Cyber Security Governance, Risk and Architecture team as an advisor and expert Cybersecurity SME to support overall security program.
• Seek industry trends and organization knowledge to understand and implement effective risk management practices.
• Support Vice President, Security (Chief Security Officer) and Cyber Directors to further the departmental initiatives.
• Provide recommendations for security architecture for all technology projects, new platforms \xe2\x80\x93 on premise or cloud based and ensure alignment of technology solutions to established frameworks and security standards.
• Provide consultation to operational teams as a risk-focused senior cyber security advisor on security-related initiatives, solution selection, security architecture and security assessments.
• Provide risk management insights through an ongoing process of gathering, analyzing and prioritizing actionable risk messages; develop content to support communication of the messages and enable technology teams to consume and apply the messages to their respective areas.
• Establish practices and communications to foster a culture of issue self-identification and support partners in the Risk Issue management processes to carry out their roles effectively and consistently.
• Continuously improve quality of the issue management process and data.
• Create as well as maintains presentations and other communication materials for cyber risk updates to the Executive Leadership Team, Board and Committees
• Manage various stakeholders across levels (including executives) and engage in resolution of risk issues.
• Build and manage effective relationships with key stakeholders, team members, and other business, functional and support groups.

Requisite Experience and Skills:

• The candidate must have exceptional project management and Organizational skills, written and verbal communication skills, relationship-building skills, and the ability to collaborate with multifunctional teams.
• Extensive experience of strategic development of standards, Cyber Security Risk Identification and Mitigation techniques
• 10+ years of information security experience in IT and 1-3 years of relevant cybersecurity experience. Experience within cybersecurity operations departments is a plus.
• Strong interest in Cyber Risk and security operations; someone in process of pursuing or received a relevant cybersecurity certification is preferred such as CISSP, CISM
• Familiarity with Risk Management Frameworks (ISO 27005, NIST 800-30/39 or ISF IRAM2)
• Familiarity with scenario-based risk analysis using common threat modelling techniques.
• Knowledge of current trends in the cyber security industry
• Knowledge of metrics programs and security dashboard creation
• Must have a BA/BS degree or equivalent work experience. excellent Excel and PowerPoint skills.
• Some travel might be required.

At Hydro One we understand that the success and strength of our business rests with our people. When we develop their skills, we are investing in both their success and ours. To secure the best talent, we seek to create a workforce that reflects the diverse populations of the communities where we live and work and to create a culture based on safety, innovation and inclusiveness.

We are honoured to be recognized by Forbes in its list of Canada\xe2\x80\x99s Best Employers for 2023.

Thank you for considering a career with Hydro One, we welcome applications from all qualified candidates. If you are having difficulty using our online application system and you need an accommodation due to a disability, please email careers@hydroone.com. Hydro One will provide reasonable accommodation for qualified individuals with disabilities in the job application process.

Please note this email is only for accommodation requests. Resumes sent to this email address will not be considered.

Deadline: October 2, 2023

In the event you are experiencing difficulties applying to this job please consult our help page .

Hydro One Networks