SENIOR CYBER SECURITY PROGRAM SPECIALIST

WINNIPEG, MB

• Competitive salary and benefits package.
• Defined-benefit pension plan.
• Nine-day work cycle which normally results in every other Monday off, providing for a balanced approach to work, family life and community.
• Flex-time and partially remote work schedule (providing the option to work remotely 3 days per 2 week period), depending on nature of work, operational requirements and work location.

• Support the Enterprise Cyber Security Program (ECSP): Be a lead in the design of the overall ECSP. Work closely with both Industrial Control System Program and Business Technology Asset Program representatives, and initiate, lead, oversee, and deliver security policies, standards, programs, roadmap, metrics, accountability structure, centralized services, and organizational change management for the ECSP. Oversee, drive progress on, lead, provide expert level input to, and monitor status of critical cyber security initiatives and programs across Manitoba Hydro.  Initiate, justify, and lead the procurement and management of ECSP related contracts. 
• Support enterprise technology security assessments: Provide expert level input to and lead the identification and execution of assessment activities including cyber maturity assessments, scenario assessments, penetration tests, threat risk assessments, enterprise technology security assessments and other assessments as a means of determining current state and identifying opportunities for improvement and enhancement. 
• Support governing committees: Identify, prepare and deliver ECSP metrics and updates as a key supporting member of cyber security governing committees. Provide expert level input and recommendations to committees to support effective decision making. 
• Support cyber security risk management: As a recognized corporate cyber security expert, identify enterprise cyber risks and gaps, assess and prioritize risks, and recommend, justify, influence, initiate, develop and drive implementation of mitigation activities. 
• Provide mentorship and coaching: Provide coaching and mentoring to staff across the division and ECSP through various forms (including information sharing presentations, documentation and process reviews, brainstorming, guidance, counsel and coaching and technical training plan development and implementation). Play a lead role in documenting work processes and continuous improvement initiatives. 
• Support cyber security operations where required: Provide technical expertise to support incident response and recovery, internal/external communications during events, and threat intelligence and vulnerability intake, triaging, action initiation, and tracking. In the event of a significant cyber security incident, you may be called to support response activities at any time during a 24-hour period to assure Manitoba Hydro system security and reliability.  
• Keep abreast of cybersecurity developments outside of MH: Research, analyze and provide relevant and actionable information on all cyber security related developments, issues, research, and trends applicable to MH. Maintain an awareness of legislation and regulations pertaining to cyber security including NERC and federal and provincial regulations. Participate in relevant industry cyber security groups. Develop and maintain working relationships with key industry contacts for the purpose of information exchange and to keep abreast of technology innovation, directions, trends and intelligence and threat developments. Provide expert level technical cybersecurity support to the Cyber Security Division, contribute to Departmental and Divisional strategic planning and visioning, and assist in translating corporate strategic goals into specific cyber security strategic and tactical actions.

• A four-year degree in Computer Science or Engineering or related discipline from a university of recognized standing plus a minimum of six years related information technology (IT) or industrial control system (ICS) Support experience, including cyber risk management, governance, policy, risk reduction and mitigation, IT and ICS protection, and regulatory requirements related to cybersecurity 
  OR 
• A two-year diploma in Electrical, Electronic, Computer Technology, related discipline from an institute of recognized standing plus a minimum of eight years related information technology (IT) or industrial control system (ICS) Support experience, including cyber risk management, governance, policy, risk reduction and mitigation, IT and ICS protection, and regulatory requirements related to cybersecurity.
• Is certified or be willing to obtain certification as a Certified Information System Security Professional (CISSP) from (ISC)². Certifications such as Cyber Security specific (CISM, CRISC, OSCP, CEH, CGIH, GPE, SANS, ISAACA CSX Cybersecurity Practitioner (CSX-P)), technology specific (SIEM, XDR, etc.), etc.), network related (CCNA, etc.), cloud platform related (M365, Azure, etc.), operating system related (Linux, Windows, Unix, Apple IOS), management related (PMP, emergency management, etc.), software/application security, etc. would be an asset.
• In-depth understanding of Manitoba Hydro's computing and network infrastructure (IT and ICS/CIP), and security programs, processes, and technology. 
• In-depth knowledge of best and industry-leading cyber risk management, cyber security concepts, controls, frameworks, policies, standards, tools.  
• Excellent written and verbal communication skills with a demonstrated ability to communicate and influence effectively, deliver reports, recommendations, and presentations, and the ability to build and maintain harmonious working relationships with staff across the enterprise at all levels.
• Excellent organizational and interpersonal skills, including teamwork, facilitation, and transfer of knowledge. 
• Demonstrated ability to prioritize and execute on a large volume of critical work, and resolve complex issues, implementing new systems and processes, with a focus on documentation and continuous improvement.
• Demonstrated initiative, and ability to prioritize, and achieve results in a timely manner.
• Demonstrated ability to work effectively at both a strategic and tactical level.
• Possess a valid Province of Manitoba Driver's Licence.
• Must obtain and maintain a current Personnel Risk Assessment and a "Clear" security rating in accordance with Manitoba Hydro policy P513.
• Must complete Manitoba Hydro Standards of Conduct training.
• Critical Infrastructure Protection (CIP) Training is required and must be renewed annually.
• Must maintain or be eligible for SECRET clearance from the Government of Canada.