Cyber Security Engineer

CYBER SECURITY ENGINEER
WINNIPEG, MB

Manitoba Hydro is consistently recognized as one of Manitoba's Top Employers!

Great Benefits
- Competitive salary and benefits package.
- Defined-benefit pension plan.
- Nine-day work cycle which normally results in every other Monday off, providing for a balanced approach to work, family life and community.
- Flex-time and partially remote work schedule (providing the option to work remotely 3 days per 2 week period), depending on nature of work, operational requirements and work location.

Manitoba Hydro is a leader among energy companies in North America, recognized for providing highly reliable service and exceptional customer satisfaction. Join our team of Manitoba's best as we continue to build a company that supports innovation, commitment, and customer service, while actively supporting a diverse, equitable and inclusive workplace.

Under the general direction of the Enterprise Cyber Security Program Department, help manage cyber security risk by enhancing corporate security culture through security training and awareness program development and delivery, conducting and reviewing complex security risk assessments, and providing assistance on security programs. This position will help ensure security through the application of engineering principles and industry standards.

Responsibilities:
-Contribute to the development, implementation, sustainment, and continuous improvement of cyber security programs including (but not limited) to threat intelligence, policy management, NERC CIP, Industrial Control System Cyber Security Risk Management, incident response and disaster recovery, and application security.
- Conduct security risk assessments on applications to prevent vulnerabilities and entry points that attackers can exploit.
- Contribute to security risk identification, assessment, and mitigation strategies to resolve vulnerabilities and recommend and support security changes to system or system components as needed.
- Participate on project teams to provide security guidance and ensure security controls and requirements are ‘baked in' and addressed during the project.
- Lead or assist with various cyber security awareness program initiatives including cyber security awareness training, and simulated phishing campaigns.
- Assist with the third-party Enterprise Technology Security Assessment and manage the resulting recommendations and action plans.
- Direct activities of external suppliers and support establishing and overseeing monitoring, selection and termination of suppliers.
- Develop and maintain good working relationships with industry contacts for the purpose of information exchange and to keep abreast of technology innovation and directions. Develop and maintain good working relationships with contacts within D&T, ICS teams, and stakeholders throughout Manitoba Hydro including subsidiaries.
- Support the development, implementation, maintenance, and improvement of D&T's overall NERC Critical Infrastructure Protection (CIP) processes and procedures and Industrial Control System Cyber Security Risk Management initiatives.
- Ensure security through the application of engineering principles and industry standards. Provide recommendations and justifications on security tools and programs that affect system availability and reliability.
- Provide assistance on security programs including but not limited to threat intelligence, policy management, incident response and disaster recovery, and application security.

Qualifications:
- Graduate in Engineering from a university of recognized standing, plus a minimum of four years related experience, including two years related experience in Cyber Security, Operational Technology, or Information Technology Infrastructure support.
- Member in good standing with Engineers Geoscientists Manitoba.
- Has or be willing to obtain certification within 12 months: ISAACA CSX Cybersecurity Practitioner (CSX-P) or (ICS)2 Entry Level Cybersecurity certification; and maintain that certification in good standing. Professional certifications such as CISSP,CISM, CRISC, OSCP, CEH, CGIH, GPE, SANS, etc would be an asset.
- Possess an understanding of Cyber security concepts, controls, frameworks and standards including NIST and ISO.
Knowledge of ICS Cyber Security Risk Management and NERC Critical Information Protection (CIP) Standards, Programs and Procedures, CIP infrastructure components and CIP cyber assets.
- Technical system support experience with Information Technology and infrastructure components.
- Strong written and verbal communication skills with a demonstrated ability to communicate effectively, deliver reports, recommendations, and presentations, and the ability to build and maintain harmonious working relationships with staff across the enterprise at all levels.
- Excellent organizational and interpersonal skills, including facilitation, and negotiation.
- Demonstrated creativity in resolving complex information technology issues, implementing new processes and products and redesigning work processes.
- Demonstrated initiative, and ability to prioritize, and achieve results in a timely manner.
- Possess good analytical skills, be self-motivating, and possess mature judgment with the ability to make and implement sound decisions.
- Possess a valid Province of Manitoba Driver's Licence.
- Must obtain and maintain a current Personnel Risk Assessment and a "Clear" security rating in accordance with Manitoba Hydro policy P513.
- Must complete Manitoba Hydro Standards of Conduct training.
- Critical Infrastructure Protection (CIP) Training is required and must be completed prior to transfer date and renewed annually.

Salary Range
Starting salary will be commensurate with qualifications and experience.
The range for the Professional Engineer classification is $43.44-$59.95 Hourly, $83,247.84-$114,870.60 Annually.
The range for the Engineer-in-Training classification is $32.51-$45.74 Hourly, $62,293.92-$87,654.58 Annually.

Apply Now!
Visit www.hydro.mb.ca/careers to learn more about this position and to apply online.
The deadline for applications is APRIL 22, 2025.

We thank you for your interest and will contact you if you are selected for an interview.
This document is available in accessible formats upon request. Please let us know if you require any accommodations during the recruitment process.