IT Advisor - Cybersecurity Risk and Compliance

BC Hydro • Full-time • Vancouver, British Columbia, Canada • C$ 107k - C$ 135.30k / year • 1w ago

A workplace powered by you

At BC Hydro, we’re working towards creating a cleaner and more sustainable future for all British Columbians and need
people like you to help us. A career at BC Hydro is meaningful and provides you the opportunity to be part of a talented,
inclusive, and diverse team. We offer a healthy work-life balance, competitive wages, a comprehensive benefits package,
and training opportunities to support you in your career growth. We're proud to be ranked as one of B.C.'s Top Employers
and one of Canada's Best Diversity Employers.

We invite you to join us as we build an even cleaner B.C. We welcome applications from all qualified job seekers. If you’re a
person with a disability, please let us know by emailing RecruitmentHelp@bchydro.com, as adjustments can be made to
help support you in your application process.

IT Advisor - Cybersecurity Risk and Compliance

Number of positions: 1 Job Location: Dunsmuir 08

Employment type: Temporary Region: Lower Mainland

Hours of work: Full-time (37.5 hrs/wk) Flexible Work Role: Hybrid

Annual salary: $ 107,000.00 - 135,300.00

What you'll do

Reporting to the Technology Cybersecurity Risk and IT Compliance Manager, the IT Advisor leads and provides oversight

for cybersecurity compliance sustainment activities (e.g. NERC CIP) within the Technology KBU.

Lead the development, review and improvements of Technology cybersecurity compliance processes (e.g. NERC CIP)

and procedures to align with corporate-level policies, programs, and processes.

Lead the team and develop action plans to improve internal compliance processes to reduce non-compliance risks via

continuous improvement.

Work closely with Reliability Compliance team, Compliance Program Office, and various internal and external parties to

perform compliance incident investigations and mitigation plan development.

Participate as Technology Compliance SME on projects or initiatives to evaluate/implement new cybersecurity compliance

standards (e.g. NERC CIP).

Participate or coordinate response to various internal and external cybersecurity audits when required.

Identify the cybersecurity compliance and risk impacts for Technology projects or other corporate initiatives with potential

impacts and risk mitigations. Provide security control guidance to the implementation teams to ensure both compliance and
security requirements are followed.

Lead supply chain cybersecurity risk assessment process and support mitigation actions.

What you bring

University degree or experience in relevant discipline or equivalent combination of education and experience.

Ability to obtain security clearance for a Security Sensitive Position classification.

A minimum of 7 years of experience in Technology regulatory compliance/audit, with a strong focus in cybersecurity.

Knowledge and experience on audit related activities.

Experience on project management and task coordination.

Experience on internal control process improvement.

Experience on investment planning including developing business cases and facilitating approvals.

Experience on assessing cybersecurity risk and implementing security controls.

Knowledge or experience in NERC CIP standards and requirements.

Knowledge or experience in multiple of these areas: Active Directory, Log management, Strong Authentication, Identity

and Access Management (IAM) solutions, Access Management, Access Review.

Knowledge of industry standards such as ISO 270001/2, NIST, COBIT etc.

Knowledge and experience on incident investigation process.

Ability to translate technical risks, controls, vulnerabilities and issues into clear, actionable business language.

Persuasive, proven negotiating capability that can bring competing objectives together in a way that provides the sense of

“win-win”.

Excellent presentation skills including the ability to explain technical matters to a non-technical audience.

Strong interpersonal skills and documentation skills. Ability to develop written communications that are persuasive, and

business focused.

Team player, good time-management and organizational skills and ability to work autonomously in a dynamic

environment.

Flexibility to adjust quickly to multiple demands, shifting priorities, ambiguity, and rapid change.

What we offer

A comprehensive benefits package
A minimum of 15 paid vacation days
A lifetime pension
Flexible work model, depending on your role type
Training and development courses

For more information on the benefits we offer, visit bchydro.com/benefits.

PN 2005852
Location: Vancouver, BC, Canada V6B 5R3

What else you should know

Cybersecurity certification (e.g. CISSP, GSEC, GCIA, GCWN, CISA, CISM, CCNA, GPEN) would be considered an asset.

Implementation experience with NIST CSF, NIST Risk Management framework and cybersecurity controls would be

considered as asset.

Experience of managing a team including contractors and employees would be considered as asset.

Experience in Industrial Control Systems (ICS) including SCADA and other Operational Technology (OT) used in the

Energy sector would be considered an asset.

This position is a FTT opportunity until May 2026.

Applicants who do not meet the full qualifications or those with lesser work experience may be considered with a

combination of education and demonstrated related experience and strong business acumen in Cybersecurity Compliance.

Before you apply, please confirm you meet BC Hydro’s time in role requirement. M&P employees must meet the time in role
requirement specified in their most recent offer letter. For MoveUP and IBEW employees, the current time in role as
outlined in the Collective Agreements will apply.

Don't forget to update your Candidate Profile with your current resume and copies of your certifications. If applicable,
include your Trades Qualification. This will ensure we have all the necessary information to assess your application without
any delays.