Loading...
 
Share this Job

Manager, Sr IT Security Specialist (Compliance)

Date: Jan 12, 2022

Location: Barrie, ON, CA

Company: Hydro One Networks Inc

43840 - Barrie - Regular - ongoing 

Safety Comes First is a core value at Hydro One, and we remain committed to taking every reasonable precaution to ensure a respectful, safe and healthy working environment. Further to this commitment, we have adopted a COVID-19 Vaccination Policy to protect the health of our employees from the hazard of COVID-19. Employees will be required to either be fully vaccinated or undergo regular rapid antigen testing in order to access a Hydro One worksite.

Hydro One is proud to be the largest electricity transmission and distribution provider in Ontario, serving nearly  1.4 million customers. We have a long history in the industry with our roots dating back over 110 years to 1906. Since then, we have worked to grow and evolve to meet the changing needs of our customers and communities across Ontario. Today, we’re focused on providing exceptional customer service and ensuring we are building safe communities where we live, work and play.

It’s an exciting time to join the team at Hydro One!

 

Job Summary

 

Support the Senior Manager, Regulatory Compliance and Operations Services in effectively designing and developing strategies consistent with Hydro One's position related to Security and Regulatory Compliance requirements

Support the Director, Operating Technology (OT) Operations in the successful sustainment of Regulatory Compliance, and Security standards within OT. The incumbent of this role:

 

  • Is the Prime point of contact for all Audit engagements and Regulatory / Compliance examinations which impact the LOB
  • Coordinates and oversees any meetings and engagements with Audit, and Compliance including
  • Tracks progress on remediation of Audit and Compliance findings / observations
  • Own and manage the LOB Technology & Operational Risk Register
  • Develop and operationalize management reporting to highlight progress of key risk remediation activities.  Chair LOB Technology Risk Committee Monthly meetings
  • Develop and operationalize LOB Technology Risk Scorecard (working with 2nd line partners – e.g. Security Operations) includes defining LOB Technology Risk Metrics (key Risk Indicators) tied to risk related operational activities and identifying associated LOB control/KRI owners. 
  • Managing direct people

 

Job Responsibilities:

 

Provide day to day review analysis of the perimeter IT network trying to determine unauthorized access attempts, probes, pre-attack information gathering, network mapping and monitoring mail for unauthorized data extraction. Review server and network security for inappropriate activity/incidents such as large amounts of unauthorized data being moved or transferred or unauthorized access to financial or Executive data including emails. Participate in Business and IT initiated projects. Ensure that security requirements for the projects are defined and captured. Catalogue all security risks within projects, including those created within the proposed solutions. Utilize ISD’s 5 Stage

Project Methodology when delivering security guidance and services. Manage IT Security sponsored projects. Manage or co-manage IT Security Operations. Participate in the ongoing development of Hydro One Security Policy, Procedures and Guidelines. The incumbent must possess a strong client service orientation and a desire to help the business meet their objectives.

 

Specific Accountabilities

 

  • Provide day to day review analysis of the perimeter IT network trying to determine unauthorized access attempts, probes, pre-attack information gathering, network mapping and  monitoring  mail for unauthorized data extraction.  Review server and network security for inappropriate activity/ incidents such as large amounts of unauthorized data being moved or transferred or unauthorized access to financial or Executive data including emails.
  • Provide security scans of internal computer networks to search for unauthorized devices, detect suspicious activity, such as inappropriate printing of files from key IT systems such as SAP, Customer One, Peoplesoft, or any of the other key business or financial systems.  Provide scans to detect the emailing of large attachments to personal email accounts, inappropriate employee communication with suspicious persons, suspicious clearing of system audit logs,
  • information leaks, IT sabotage-specific detection and to identify inappropriate access or transmission of sensitive data or use and presence of hacking tools.
  •  Participate in Business and IT initiated projects; Attend project reviews as required, including assessment of Project Orders, RFP’s, Business Cases and Service Requirement Documents (SRD’s); Ensure security requirements for the project are defined and captured; Provide security architecture expertise to the project; Catalogue all security risks with the project, including those created within the proposed solution and those generated through project activities; Review and recommend approval for proposed technology solution; Review and recommend approval for sustainment adjustments as a result of remedial actions for risk reduction.
  • Remain operationally current for all key and critical Hydro One IT systems and networks to ensure investigations are necessary, core operational competencies and skills will improve and ensure that the full range of potential root causes are explored without putting at risk the continued operation of the system or network.
  • Conduct complex and technical IT investigations and address general queries regarding recovery, authentication, and analysis of electronic data when an investigation involves issues relating to reconstruction of computer usage, xamination of residual data, authentication of data by technical analysis. Conduct IT security threat and risk assessments related to key and critical IT systems and networks as it relates to external threats, labour disruptions and internal wrong-doing. Complete detailed investigative reports outlining the key elements, evidence collected, findings and recommendations regarding IT security investigations.
  • Work with Law Enforcement High Tech crime groups and maintain an operational skills level in order to gather and protect key IT evidence that may lead to criminal, civil (or both) court proceedings. Remain current with the safe and effective securing of evidence on a wide variety of wired and wireless electronic devices used for and within the Hydro One business.
  • Provide assistance to physical security relating to Cyber asset security by identifying critical cyber related devices and determine IT system relevance.  Conduct IT Data and Cyber Security awareness programs through presentation and education.  Review items posted to the corporate web page to determine if they represent an overall security risk.
  • Assist the Director of Business Information Technology in the assessment of IT Security work programs focused on the prevention, detection and response to breaches and malicious behaviours targeting Hydro One’s IT systems and networks.  Assist CSS Security Consultants in responding to their work programs.

 

Selection Criteria:

The candidates are expected to have demonstrated capability in the following areas:

  • University degree or related studies, or equivalent experience.
  • 10+ years experience
  • Proven ability to meet deadlines and manage priorities.
  • Good communications skills with the ability to work/liaise effectively with business, IT stakeholders, and vendor representatives.
  • Relevant experience in utility sector is preferred.

 

Internal Job Title:  Sr. IT Security Specialist 


At Hydro One we understand that the success and strength of our business rests with our people. When we develop their skills, we are investing in both their success and ours. To secure the best talent, we seek to create a workforce that reflects the diverse populations of the communities where we live and work and to create a culture based on safety, innovation and inclusiveness.

 

We are honoured to be recognized by Forbes in its list of Canada’s Best Employers for 2021.

 

Thank you for considering a career with Hydro One, we welcome applications from all qualified candidates. If you are having difficulty using our online application system and you need an accommodation due to a disability, please email careers@hydroone.com. Hydro One will provide reasonable accommodation for qualified individuals with disabilities in the job application process.

 

Please note this email is only for accommodation requests. Resumes sent to this email address will not be considered.

 

Deadline: January, 25, 2022

 

 

In the event you are experiencing difficulties applying to this job please consult our help page here.


Job Segment: Compliance, Corporate Security, ERP, Network, Security, Legal, Technology