Security Policy & Audit Specialist

EUI, Electricity Operations, System Operations - Edmonton, AB (30+ days ago)

Apply Now

Department Description
EUI, Electricity Operations, System Operations
Electricity Operations is responsible for the electrical transmission and distribution systems in the City of Edmonton, with a focus on safety, reliability, and innovative and practical solutions. Our employees look after electrical infrastructure as well as the underground and aerial distribution networks.
Highlights of the job

We are hiring a Full-Time Permanent position working out of Edmonton, AB.

The Security Policy and Audit Specialist, working with other specialized cross functional groups is accountable to design, document, build, and measure EPCOR Distribution and Transmission, Inc. (EDTI) wide cyber security policies. The specialist is also accountable to provide process expertise, manage and update documentation, and collect/present evidence for EDTI focused aspects of the Alberta Reliability Standards (ARS) Cybersecurity Infrastructure Protection (CIP) Standards regulatory requirements and coordinate EPCOR wide ARS CIP requirements to ensure ongoing consistent and accurate evidence collection and presentation to demonstrate compliance.

The Security Policy and Audit specialist analyzes highly technical documentation including firewall and SIEM logs, network and infrastructure design documentation, Operational Technology (OT) / SCADA equipment configuration, and detailed product technical documentation in order to design and build EDTI’s cyber security program.

The Security Policy and Audit Specialist is accountable to the Manager, Operations Network & Security, and operates within the context and prescribed limits established by the Manager.

What you’d be responsible for
Provide input to the Operations Network and Security (ONS) plans and directions, and demonstrate on-going appropriate relationships with other positions, as required.
Ensure all EDTI OT assets are properly inventoried and categorized by risk, with appropriate policies in place to ensure that systems are configured, and monitored to protect EPCOR s operational computing and communications infrastructure from malicious attacks and/or unintended changes.
Leading a cross functional group of SME’s, manage and maintain EPCOR’s NERC / ARS CIP policies covering information classification, change management, access management, electronic security perimeter, physical security, malicious software prevention, security testing, ports and services management, patch management, security incident response, disaster recovery, audit evidence collection, and other applicable activities through ongoing and yearly update and review processes.
Oversee compliance sustainment and continuous improvement efforts associated with EPCOR’s ARS CIP compliance program. Review ARS CIP related incidents for systemic problems and opportunities for process improvements.
On a regular basis, review, maintain, and update EDTI’s position in EPCOR’s cyber security framework documentation, and lead collaboration with SME’s across EDTI
Provide specialized technical level SME advice, guidance, and assistance as required, to teams within EDTI and EPCOR on ARS CIP compliance.
Responsible to collect, format, and present evidence for regulatory, security, and policy audits. Provide accurate and timely responses to audit information requests.
Assist in the planning, development, and execution of training programs designed to ensure compliance with ARS CIP and related internal cyber security policies.
Maintain awareness of emerging electrical utility industry compliance issues, through benchmarking and participation in appropriate forums/groups. Stay up to date on new versions of NERC and ARS standards and participate in industry consultation. Distribute relevant information to impacted SMEs and provide education as required.
Provide technical and business analysis, develop business cases and participate in regulatory filings related to cyber security initiatives.
Develop and maintain business unit KPIs for cyber security related metrics. Participate in or drive cross-functional teams to design and maintain dashboards to support EDTI’s cyber security posture.
Effectively and clearly communicating highly technical information both verbally and in writing to team members, management, executive, and others.
Demonstrate a high performance, high discipline, safe, accountable, focused, innovative and achievement-oriented, easy to do business with manner of working.
What’s required to be successful
Bachelor’s degree in Cybersecurity, Computer Science, Information Technology or a related discipline such as business administration, management of information systems, etc.

10 years of experience in IT/OT:
5 years' experience in IT cyber security or related area and/or 3 years working specifically in a Critical Infrastructure Protection information security operations or consulting function;
2+ years’ experience with ARS or NERC CIP regulatory requirements is preferred.
Experience performing assurance work (audits/reviews), and business risk assessments is required
Working experience with cyber security frameworks (C2M2, NIST CSF, CIS)
Security-related training/certifications are an asset (CISA, CISSP, CISM, CIRSC)
Security experience including threat identification, proactive defense, incident response, and development of mitigation strategies is an asset
Experience with protection and control, automation, telecontrol and SCADA operational technologies would be considered an asset
Experience in power systems or electrical utilities would be considered an asset
Experience managing and analyzing data from system event logs, SIEM logs, firewall rules, and baseline reporting software
Strong reporting and data analysis skillset is required
Requires proficiency in business writing for the preparation of reports and presentations
Requires effective presentation skills, appropriate for senior or executive management levels
Experience with business and process analysis
Other important facts about this job

Jurisdiction: PROF

Hours of work: 80 hours of work biweekly

Application deadline: Sunday, August 9th, 2020 at 12:00:00AM MST

Learn more about Working at EPCOR!

Please note the following information:
A requirement of working for EPCOR is that you are at least 18 years of age and legally entitled to work in Canada. (A copy of a valid work permit may be required.)
If you are considered for the position, clearance on all applicable background checks (which may include criminal, identity, educational, and/or credit) and professional reference checks is required. Some EPCOR positions require an enhanced level of background assessment, which is dictated by law. These positions require advanced criminal record checks that must also be conducted from time to time after commencement of employment.
A technical/practical assessment may be administered during the selection process and this exercise will be used as a part of the selection criterion.
To meet the physical demands required of some positions, candidates must be in good physical condition and willing to work in all weather conditions. Clearance on pre-placement medical and drug and alcohol testing may be required.

Our Commitment to Diversity and Inclusion

On Team EPCOR, we believe in building an engaging, inclusive and diverse work culture that inspires creative thinking, innovation and adds value to our communities. Our organization is a place where everyone is welcome, and where you can bring your whole self to work.

When you join our team, you’ll find a workplace where all opinions, beliefs and lifestyles matter. We encourage you to apply and are happy to provide reasonable accommodation during the selection process to meet your needs.