IT Compliance Analyst (FTT)

BC Hydro • Full-time • Vancouver, British Columbia, Canada • C$ 70.80k - C$ 76.30k / year • 3w ago

A workplace powered by you

At BC Hydro, we’re working towards creating a cleaner and more sustainable future for all British Columbians and need
people like you to help us. A career at BC Hydro is meaningful and provides you the opportunity to be part of a talented,
inclusive, and diverse team. We offer a healthy work-life balance, competitive wages, a comprehensive benefits package,
and training opportunities to support you in your career growth. We're proud to be ranked as one of B.C.'s Top Employers
and one of Canada's Best Diversity Employers.

We invite you to join us as we build an even cleaner B.C. We welcome applications from all qualified job seekers. If you’re a
person with a disability, please let us know by emailing RecruitmentHelp@bchydro.com, as adjustments can be made to
help support you in your application process.

IT Compliance Analyst (FTT)

Number of positions: 1 Job Location: Dunsmuir 08

Employment type: Temporary Region: Lower Mainland

Hours of work: Full-time (37.5 hrs/wk) Flexible Work Role: Hybrid

Annual salary: $ 70,800.00 - 76,300.00

Position Highlights
Provides support on the sustainment of BC Hydro’s cybersecurity/IT compliance with various regulatory compliance
requirements (such as North American Reliability Corporation (NERC) Critical Infrastructure Protection (CIP)).

What you'll do

Oversees the review of compliance workflows (such as Critical Infrastructure Protection (CIP) change requests, patch

management and vulnerability assessments) in the compliance management system to ensure adherence to timelines and
established procedures. Identifies compliance issues with documentation and reviews with internal teams or external
service providers to negotiate solutions and provide recommendations for next steps. Approves or declines compliance
workflows for accuracy and completeness for next steps in the process.

Identifies, develops and implements new or revised compliance processes/procedures (such as access management,

Transient Cyber Assets (TCA)). Solicits feedback from applicable stakeholders. Recommends process/procedural
improvements to address concerns and gaps. Develops and maintains documentation in knowledge management
repositories. Reviews and publishes knowledge articles to business-facing knowledge bases.

Coordinates the access management review process by: preparing quarterly and annual access review reports; verifying

the business justification to maintain access for access holders with BC Hydro managers; reviewing access revocation
records from various systems; and preparing compliance documentation as required.

Coordinates the external vendor TCA authorization process for usage and security controls of devices by: reviewing

authorization requests for quality and accuracy; approving or declining authorization requests; conducting random audits on
the security controls of TCA devices to ensure compliance with policies and procedures; following-up with external vendors
to resolve compliance issues; and rejecting devices and removing users from access groups for non-compliance with BC
Hydro’s security control and compliance requirements.

Coordinates the collection of compliance documentation for the annual certification process or audits. Monitors progress of

completing the Reliability Standard Audit Worksheets (RSAW). Populates or reviews RSAW and related compliance
documentation and narratives for accuracy and completeness. Follows-up with internal teams and external service
providers on areas requiring clarification or action.

Recommends minor enhancements to enterprise compliance access management systems to IT Compliance Analyst

Work Leader. Under guidance of IT Compliance Analyst Work Leader, works with IT System Developers to implement
minor enhancements. Carries out user acceptance testing to ensure minor enhancements meet functional and operational
efficiency and effectiveness requirements.

Prepares training materials and conducts formal/informal training sessions and presentations on compliance programs,

compliance processes and procedures to internal teams, co-op students and external service providers.

Assists management with NERC CIP incident investigations by: preparing the documentation related to incident; carrying

out root cause mapping analysis of incident under management’s direction and guidance; maintaining evidence

documentation upon completion of investigation; recommending process improvements to stakeholders as part of mitigation
solutions; and advising of risks with meeting deadlines.

Monitors and responds to enquiries sent to email inboxes. Forwards to appropriate team members as required.

Prepares status reports of completed and outstanding compliance documentation reviews.

Performs duties of a minor nature related to the above duties that do not affect the rating of the job.

What you bring

Degree in Information Technology, Engineering, Business Administration or related fields; plus two (2) years of experience

in IT audit related activities (e.g. gathering, developing and reviewing audit evidence documents) or cybersecurity related
activities.

OR

Diploma in Information Technology, Engineering, Business Administration or related fields; plus four (4) years of

experience in IT audit related activities (e.g. gathering, developing and reviewing audit evidence documents) or
cybersecurity related activities.

Demonstrated experience developing and maintaining business processes and procedures.

Requires in-house NERC CIP training to be completed within the first week of starting in the job.

Security related certification (such as CompTIA Security+, Certified Information Systems Security Professional (CISSP),

Certified Information Systems Auditor (CISA)) considered an asset.

What we offer

A comprehensive benefits package
A minimum of 15 paid vacation days
A lifetime pension
Flexible work model, depending on your role type
Training and development courses

For more information on the benefits we offer, visit bchydro.com/benefits.

PN 2024481
Location: Vancouver, BC, Canada V6B 5R3

What else you should know

This position is affiliated with the Movement of United Professionals union (MoveUP/COPE). http://moveuptogether.ca

This is a Full Time Temporary role until November 2025.

The main responsibilities for this position are:

Assist in ongoing CIP compliance sustainment tasks for NERC CIP-010 standard.

Review, authorize and document CIP compliance evidence to meet NERC requirements of baseline change management.

Collaborate with BC Hydro internal teams and third-party service providers on cyber asset commissioning and

decommissioning and make sure the CIP compliance requirements are fulfilled.

Contribute to process improvement projects by performing analysis of IT compliance to ensure the requirements and

impacts to the team’s compliance process.

Support the compliance sustainment tasks for NERC CIP-002/005/007 standards in a minor role.Before you apply, please

confirm you meet BC Hydro’s time in role requirement. M&P employees must meet the time in role requirement specified in
their most recent offer letter. For MoveUP and IBEW employees, the current time in role as outlined in the Collective
Agreements will apply.

Don't forget to update your Candidate Profile with your current resume and copies of your certifications. If applicable,
include your Trades Qualification. This will ensure we have all the necessary information to assess your application without
any delays.

Date Posted: 2025-02-21 Closing Date: 2025-02-28

For internal use 52075874

Apply