12314 – Cybersecurity CIP Compliance Analyst

Category:
Information Technology
Industry:
Power
Type:
Full-time
Location:
Vancouver, BC
Job ID:
#171114

Our client, one of the largest electrical energy suppliers in Canada, has an immediate need for a Cybersecurity CIP Compliance Analyst with experience in IT audits to ensure compliance with digital technology and cyber security regulations and policy. This is a contract position for six (6) months located in Vancouver, BC.   

Description of Work: 

As an IT Cyber Security Compliance Consultant, you will collaborate with service providers and security administrators in completing compliance sustainment activities such as IT audits to ensure compliance with digital technology and cyber security regulations and policy.

  1. Participate in the activities to analyze the data to identify potential compliance gaps and develop action plans to remediate the compliance risks. 
  2. Work with the project team to implement the changes and review the evidence to confirm meet the compliance requirements. 
  3. Develop internal compliance procedures to support good security practice. 
  4. Act as compliance SME and work with various project teams to evaluate and identify the NERC CIP impacts as part of the ITDSP process. For the projects identified with NERC CIP impacts, meet with the project teams regularly to support the project’s implementation according to the NERC CIP requirements. 

Role Accountabilities 

  • Collaborate with service providers and security administrators in completing compliance sustainment activities such as IT audits by preparing detailed reports on various scheduled internal audits and collecting evidence documents to ensure compliance with cyber security regulations and policy. 
  • Conduct an audit review on compliance evidence documents by collaborating with CIP Policy Subject Matter Experts (SMEs), cybersecurity and safety teams, and emergency management team to monitor and assure the development, revision, and update of CIP compliance policies, processes, and procedures and the completion of required auditing records. 
  • Conduct compliance impact assessments on IT projects and provide guidance on the execution of cyber security related action items by collaborating with project managers to ensure that projects apply cybersecurity best practices and comply with regulations and policy. Identify potential cyber security risks and incidents by performing vulnerability assessments, coordinating with internal teams and stakeholders, and monitoring external events and security logs to help the organization prepare for possible cyber security contingencies. 
  • Determine remediation options and recommend solutions by analyzing security test results, confirming the impact of security risks and validating baseline security configurations for operating systems, applications, networking tools, and telecommunications equipment to mitigate cyber security risk. 

Required Education and Skills 

  • Bachelor’s degree or technical diploma in Computer Science, Information Security, or equivalent 
  • Certificate in at least one of the following areas, an asset: 
  • Certified Information Systems Security Professional (CISSP) 
  • Certified Information Systems Auditor (CISA) 
  • Certified Information Security Manager (CISM) 
  • Good knowledge and skills in IT compliance audits 
  • Good technical knowledge in the following areas: 
  • IT Processes 
  • Internet Policy Enforcement 
  • Network architecture 
  • Active Director 
  • Log management 
  • Vulnerability scanning 
  • Penetration testing 
  • Configuration management 
  • Asset management 
  • Continuous monitoring 
  • Web Content Filtering 
  • Encryption and strong authentication 
  • Physical Security related project or implementation 
  • Project management and coordination 
  • Industry standards ISO 270001/2 
  • National Institute of Standards and Technology (NIST) 
  • British Columbia’s Freedom of Information and Protection of Privacy Act (BC FIPPA) 
  • North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) 
  • Control Objectives for Information and Related Technologies (COBIT) 
  • Able to obtain a security clearance for a Security Sensitive Position classification 
  • Excellent communication skills for a professional environment, written and spoken 

 Candidates Must Have: 

  • A minimum of three (3) years of working experience in Information Technology with at least one (1) year in cyber security or equivalent. 
  • Must be located in BC currently. 
  • Must have experience with cyber security compliance (eg. Audit, NIST, ISO etc.) 
  • Must have a certificate as CISSP, CISA, CISM or similar. 
  • Must have experience in the utilities industry 
  • Experience with NERC CIP is an asset but not required. 

If you’re a technical professional, you know that it can be difficult to find fulfilling work that advances your career. At the Ian Martin Group, we exist to connect professionals like you with meaningful work at industry-leading companies in your field. And we walk the walk, too: as a Certified B Corporation, we believe in using business as a force for good for people, our communities, and the environment.

We value diversity and inclusion and encourage all qualified people to apply. If we can make this easier through accommodation in the recruitment process, please contact us at recruit@ianmartin.com

We encourage all qualified candidates to apply; however, only those selected for an interview will be contacted.

EWEMI