The position will be responsible for the development, maintenance and communication of SAP security and GRC. The candidate will be expected to be an expert in SAP and Cybersecurity, offering recommendations on projects to ensure compliance with standards, policy, and security industry practises. In addition, the candidate must be able to consult with stakeholders in functional and technical arenas in support of Cybersecurity priorities. The individual should have strong communication skills and be willing to take initiative in a dynamic, collaborative environment.
As Cybersecurity Security consultant at Hydro One, you will:
Join a diverse team of experienced Cybersecurity practitioners, and act as a subject matter expert for Information Security with the Lines of Business (LOB)
Focus on security risk management and information security governance as it relates to Information Technology (IT) and Operations Technology (OT) systems
Translate technical cyber & information security requirements into business actions. Preserve and apply the security governance framework (based on NIST) for the LOBs.
Work with different, potentially conflicting requirements (legal, regulatory, industry standards, security strategy) to distil realistic security requirements supporting the business strategy
Conduct research to maintain and expand knowledge on the latest cyber security technologies and standards, as well as the threat and vulnerability landscape for Industrial Control Systems (ICS) in general, and the Electrical sector in Ontario
In a typical Hydro One project you will work as a member of the project team, and your job scope will include:
Translating technical risks into business risks, and aligning information security objectives with business objectives
Procuring, coordinating, presenting and providing follow up on security penetration testing and Threat Risk Assessments (TRAs)
Providing interpretation for the security policies, security code of practise, and standards
Provide information security consulting to the internal lines of business. This includes security architecture review and administering the information security framework throughout projects and change requests.
Specifically, this position will be involved in projects and project management of information security aspects of the project life cycle. This includes the handling of sensitive and confidential information e.g. data classification documents, threat-risk assessments, due care documents, etc. The position will require excellent people skills as facilitation with multiple lines of business across all levels will be required.
This position will also be involved in information security consulting for change requests, sustainment and projects. This will require a high level of technical skills to facilitate documentation of controls. The role will also participate with the creation of IT solutions by providing guidance on creation of effective controls. The role will require an understanding of Hydro One’s IT Security framework and enterprise architecture concepts.
This position requires a minimum of 5 years of experience providing security consulting services to projects. The candidate’s skills include:
Understanding the role of the security governance team within the organization
Experience working with various systems development lifecycles
Experience in providing SAP security and GRC administration services related to the design, installation, administration, testing and on-going maintenance of SAP
Identify risks and design access control systems to enforce a Segregation of Duties
Applying of security in the phases of the system development lifecycle
Ability to be a member of the team, working with a project manager and the architects
Ability to quickly learn the security standards and provide guidance when identifying areas of non-compliance
Working with the lines of business to understand their business objectives
Excellent written and verbal communications, and presentation skills
Knowledge of Microsoft Work, Outlook, PowerPoint and Excel
The following skills are also desirable
Experience with security IT and OT networks
Knowledge of NERC CIP, and the NIST Cybersecurity Framework
Certification: CISP, CISA or CISM
This role does not have “on-call” responsibilities. Candidates would work from Toronto location.
If you share our passion for safety, our customer service focus, and are ready to play a lead role in building a bright future, we would love to hear from you!
Thank you for considering this opportunity and we welcome applications from all qualified candidates. If you are being considered for an interview or other assessment one of our Recruitment Consultants will be in touch. Furthermore, if you are being considered for an interview and require special accommodations please let us know. Finally, short-listed candidates will be asked to pass a reliability check (which could include criminal background check, driver’s license abstract, education verification, etc.) prior being offered a job at Hydro One.
Deadline: March 25, 2019
In the event you are experiencing difficulties applying to this job please consult our help page here.
This article comes from NationTalk:
The permalink for this story is: