Cip Controls Advisor - Vancouver, Canada - BC Hydro

BC Hydro
BC Hydro
Verified Company
Vancouver, Canada

1 month ago

Sophia Lee

Posted by:

Sophia Lee

beBee Recruiter


Description

JOB DESCRIPTION

Duties:


  • In support of meeting BC Hydro's Mandatory Reliability Standards (MRS) compliance
requirements, the Critical Infrastructure Protection (CIP) Program Office has the mandate of
supporting BC Hydro's CIP Senior Manager to lead and manage CIP compliance across BC
Hydro. Working closely with the Reliability Standards Assurance team, CIP Governance and
Execution Delegates, and Compliance Leads from the Business Units, the CIP Program Office


will:

support;

  • Drive consistency on implementation and sustainment of CIP standards; and
  • Provide a centralized view of CIP compliance performance and risk mitigation opportunities.
  • The CIP Program Office is focused on the management of CIP Standards, including but not
limited to security practices for cyber asset categorization, personnel and training, electronic and
physical security perimeters, change management, incident reporting and response plans,
configuration change management, information protection, physical security of transmission
stations/Control Centres, communications security between Control Centres, and cyber related
supply chain risk management.

The CIP Controls Advisor

will:


  • Work with CIP Practice Leads, Reliability Standards Assurance (RSA) and Compliance teams
from across the organization to identify and implement CIP program/process improvements
resulting from mitigation plans, management action plans and continuous improvement initiatives.

  • Perform NERC CIP noncompliance investigations and root cause analysis using the established
investigations framework, ensuring that an enterprise-wide perspective is applied to investigations,
root cause analysis and mitigation plan development.

resulting from mitigation plans, management action plans and continuous improvement initiatives.
This may involve working with a cross-functional team from multiple business areas to design and
implement improvements to CIP program policies, procedures and job aids, and processes and
controls.

  • Track and report status of CIP incidents and mitigation plan milestones across all business
areas, ensuring deliverables are reviewed by key stakeholders to meet internal and regulatory
timelines. Advise CIP Senior Manager on the progress of Incident Reports / Mitigation Plans.

  • Develop methods to measure trends in incidents, near misses and control monitoring metrics to
proactively identify continuous improvement opportunities.- Implement the CIP Controls Monitoring Program and maintain centralized CIP internal controls

repository. Identify continuous improvement opportunities for the CIP Controls Monitoring

  • Program

Qualifications:

***- University degree or experience in relevant discipline or equivalent combination of education and

experience.- A minimum of 7 years of relevant information technology, cybersecurity, and/or regulatory

compliance/audit experience in the electric utility industry.- Demonstrated and proven experience, ability and knowledge in at least one of the following:
cybersecurity governance, audit, risk and controls (including experience with designing, evaluating
- and implementing controls based on common security frameworks, such as NERC CIP, COSO,

  • COBIT, ISO, NIST).
  • Must have the ability to identify key risks and associated issues. Must have a sound
understanding of internal control and risk management principles and frameworks.- Demonstrated and proven experience in process development/improvement, project

management, and program implementation. This role will involve using Microsoft Visio and other
- tools to document swim lane diagrams, process maps, a given task through to completion. The ability to multitask and effectively prioritize varied
  • The role requires expertise in policy interpretation and formulation, knowledge in risk
management and control methodologies, and experience working within complex multi
- strong trusting relationships and leveraging their network to deliver results.
  • Excellent written and verbal communications skills.
  • Excellent facilitation, relationship management, collaboration and interpersonal skills.
  • Effective presentation skills, including the ability to convey complex technical issues to diverse
audiences.- Strong leadership skills and ability to influence cross-functional teams.

  • Ability to obtain security clearance for a Security Sensitive Position classification.
  • Demonstrated and proven experience, ability and knowledge in NERC CIP standards and
programs would be considered an asset.- Cybersecurity certification (e.g. CISSP, GSEC, GCIA, GCWN, CISA, CISM, CCNA, GPEN)

would be considered an asset.


ADDITIONAL INFORMATION:


  • Please note this is a PM1 (P3) role
  • PN
We're always looking for exceptional people to bring new ideas, fresh thinking and the motivation
- to help shape the electricity system in B.C. It's an exciting time to be a part of our team as we
- invest in our system and prepare to meet the challenges of

More jobs from BC Hydro