Cip Program Office Practice Lead - Vancouver, Canada - BC Hydro

BC Hydro

Verified Company

Vancouver, Canada

2 weeks ago

Posted by:

Sophia Lee

beBee Recruiter

Description

Powered by water... and by people like you

Providing clean electricity to 4 million customers takes a diverse workforce and that's where you come
in. We need your talent to help us build major projects to meet growing demand. To help our
customers find clean energy solutions for their homes and businesses and to be ready to respond
during storms and outages to keep our system reliable.

Working for BC Hydro is meaningful. And now, the stakes have been raised as we work towards a
solution to climate change while safely providing clean, affordable electricity to our customers.

We offer a healthy work life balance, training opportunities and career progression. We're proud to be
ranked as one of B.C.'s Top Employers and one of Canada's Best Diversity Employers. Join us as we
build an even cleaner B.C.

JOB DESCRIPTION

Duties:

In support of meeting BC Hydro's Mandatory Reliability Standards (MRS) compliance

requirements, the Critical Infrastructure Protection (CIP) Program Office has the mandate of
supporting the CIP Senior Manager to lead and manage CIP compliance across BC Hydro.
Working closely with the Reliability Standards Assurance team, CIP Governance and Execution
Delegates, and Compliance Leads from the Business Units, the CIP Program Office will:
support;

Drive consistency on implementation and sustainment of CIP standards; and
Provide a centralized view of CIP compliance performance and risk mitigation opportunities.
The CIP Program Office is focused on the management of CIP Standards, including but not

limited to security practices for cyber asset categorization, personnel and training, electronic and
physical security perimeters, change management, incident reporting and response plans,
configuration change management, information protection, physical security of transmission
stations/Control Centres, communications security between Control Centres, and cyber related
supply chain risk management.

The CIP Practice Lead (Asset Management and Electronic Security Perimeter) is responsible for

working with Execution delegates and Compliance leads from across the organization to
implement CIP practices, oversee incident investigations, develop and implement corporate-wide
CIP mitigation plans, manage continuous improvement initiatives, and support regulatory
processes as required.

The CIP Program Office will have a team of CIP Practice Leads who are each focused on

specific CIP practice areas. The CIP Practice Lead (Asset Management and Electronic Security

Perimeter) role will have specialist knowledge and will be responsible for the following activities

- related to CIP-002 (Asset Management) and CIP-005 (Electronic Security Perimeter) standards:

Ensure corporate alignment on plans, procedures, evidence & reporting of:
Asset inventorying & classification
Facility identification & impact rating
Electronic security perimeter identification & documentation
Identification & use of dialup communications within BES Cyber Assets/Systems
Lead development, implementation & sustainment of CIP002 methodology, asset refresh &

quality assurance of evidence creation- Support CIP standards development and assessment by coordinating and consolidating BC

Hydro's participation, voting position and impact of new/changed standards- Manage sustainment of CIP policies, programs and plans, review business unit Reliability

Standard Audit Worksheets (RSAWs) to ensure quality and consistency- Lead and facilitate enterprise-wide CIP practice committees to maintain consistent practices that

mitigate compliance violations- Assist in the identification, definition, investigation & remediation of CIP compliance issues

Track cross business unit CIP compliance program issues/gaps and lead enterprisewide

continuous improvement initiatives, including management action plans
Qualifications:
***- University degree or experience in relevant discipline or equivalent combination of education and

experience- Ability to obtain security clearance for a Security Sensitive Position classification

A minimum of 10 years of relevant information technology, cybersecurity, physical security and/

or regulatory compliance/audit experience in the electric utility industry- Demonstrated and proven experience, ability and knowledge in the following: NERC CIP

standards and programs; security governance, audit, risk and controls (including experience with
- designing, evaluating and implementing controls based on common security frameworks, such as

NERC CIP, COSO, COBIT, ISO, NIST);
Demonstrated experience in project management and task coordination
Excellent written and verbal communications skills
Excellent relationship management, collaboration and interpersonal skills
Effective presentation skills, including the ability to convey complex technical issues to diverse

audiences- Strong leadership skills and ability to influence cross-functional teams