IT Advisor; Cybersecurity Audit and OT Risk

IT Advisor (Cybersecurity Audit and OT Risk)

We are seeking an IT Advisor to join our team. The successful candidate will perform security and compliance impact assessments, maintain knowledge of current cyber threats, and conduct security analyses of internal and external measures to identify risks, weaknesses, and vulnerabilities.

Responsibilities:

• Perform security and compliance impact assessments for technology or corporate initiatives, including documenting threats, identifying risks, and recommending controls.
• Maintain knowledge of current cyber threats and conduct security analyses of internal and external measures to identify risks, weaknesses, and vulnerabilities.
• Ensure that risk assessments, vulnerability assessments and threat analyses are conducted periodically and consistently to identify cybersecurity risk to the organization’s information.
• Provide direction and education to business areas and maintain expertise.
• Conduct vulnerability assessment reviews and perform vulnerability scans as required.
• Lead and coordinate the 3rd party vendor risk assessment by evaluating their security posture and ensuring compliance with security and regulatory standards.
• Monitor existing risk to ensure that changes are identified and managed appropriately.
• Analyze to assess the security controls when reviewing Privacy Impact Assessments (PIAs).
• Improve regulatory compliance by consulting with appropriate regulatory SMEs when required.
• Participate as Technology security SME on projects or initiatives to improve BC Hydro’s cybersecurity posture.
• Participate or coordinate response to various internal and external cybersecurity audits when required.

Requirements:

• A university degree or equivalent combination of education and experience, with a minimum of 7 years in IT/OT technology, cybersecurity, risk management, or audit-related work.
• Experience in system, application, and network security, risk management, IT security monitoring, and knowledge of industry standards (ISO 270001/2, NIST, COBIT5) and NERC CIP standards is preferred.
• Experience on developing, managing or supporting Cyber Security Information Technology (IT) or Operational Technology (OT) programs would be considered an asset.
• Understanding of audit requirements, including the ability to analyze compliance quality, accuracy and adequacy.
• Ability to obtain security clearance for a Security Sensitive Position, translate technical risks into actionable business language, and negotiate effectively.
• Excellent presentation, interpersonal, and documentation skills, with the ability to communicate technical matters to non-technical audiences.

What we offer:

• A minimum of 15 paid vacation days
• Flexible work model, depending on your role type
• Training and development courses

We are an equal opportunities employer and welcome applications from diverse candidates.