Cyber Security Specialist
The BCUC might be unlike any other place you’ve worked before. We are unique in that our environment is structured yet dynamic, formal yet fun, and our work is highly collaborative yet also requires a tremendous amount of individual focus. Our team is filled with intelligent and passionate doers who demonstrate maturity, humility, and resourcefulness.
More about the BCUC: Our organization is an independent agency of the provincial government that is responsible for regulating energy utilities within the province, its compulsory automobile insurance rates and tolls related to intra-provincial pipelines. We work hard to ensure British Columbians get fair value for safe and reliable energy services and basic automobile insurance rates. While protecting the ratepayer and the public interest, we afford the entities that we regulate a reasonable opportunity to earn a fair return on their capital investments and in the case of compulsory insurance, ensure that costs are recovered and that there is adequate financial capacity to pay claims.
As the Cyber Security Specialist at the BCUC, you will be responsible for reviewing all reported cybersecurity information and incidents submitted by BCUC-regulated entities, and will ensure that such entities are at, or in the process of attaining, full alignment and compliance with cybersecurity standards and best practices. Leveraging your expertise in large infrastructure cyber security, you will ensure Critical Infrastructure Protection and industry standards are being upheld in specific areas including, but not limited to, emerging issues, security practices for cyber assets, personnel and training, electronic and physical security perimeters, change management, incident reporting and response plans, configuration change management and information protection.
If you are passionate about cyber security and want to contribute to the ongoing safekeeping of pivotal infrastructure in British Columbia then apply for our vacancy today!
- Support the BCUC’s Mandatory Reliability Program with regards to cybersecurity;
- Provide insight and feedback to regulated entities’ cybersecurity prevention planning and emergency response planning;
- Review the reported cybersecurity compliance documents incidents submitted by regulated entities and assess whether the reports contain any issues that require examination, revision or escalation;
- Review regulatory filings for systemic problems and opportunities for process improvements;
- Provide specialized technical level SME advice, guidance, and assistance as required, to BCUC staff and commissioners;
- Maintain awareness of emerging utility industry compliance issues, through benchmarking and participation in appropriate forums/groups. Stay up to date on new versions of NERC and standards and other North American best practices and participate in industry consultation when requested to do so. Distribute relevant information to BCUC Staff and Commissioners and provide education as required;
- Effectively and clearly communicating highly technical information both verbally and in writing to BCUC Staff and Commissioners;
- Plan and organize the review process by staying current with the expected filings, reviewing past filings, filing directives and, in consultation with the Manager, establish review priorities and processes;
- Engage in critical reading of filed evidence and communicate issues verbally and/or in written form to the team, Project Manager, and Commissioners;
- Support the development and maintenance of a review process for filing compliance and content issues;
- Communicate with regulated entities and stakeholders to obtain the necessary information to carry out reviews;
- In the interest of constant improvement, provide feedback on changes and improvements to filing directives to ensure clarity and efficiency;
- Collaborate and work with other members of the BCUC, as assigned;
- Attend project meetings and provide support to the BCUC as needed;
- Contribute to the development and population of the performance monitoring database;
- Act as Lead Staff on assigned proceedings including preparing Information Requests;
- Complete ad-hoc projects and tasks, as assigned.
Skills & Qualifications:
- Bachelor’s degree in Cybersecurity, Computer Science, Information Technology or a related discipline such as business administration, management of information systems, etc.;
- Security-related training/certifications (CISA, CISSP, CISM, CIRSC, CEH) is considered an asset;
- 10 years of experience in IT/OT;
- 5 years' experience in IT cyber security or related area and/or 3 years working specifically in a Critical Infrastructure Protection information security operations or consulting function;
- Experience performing assurance work (audits/reviews), and business risk assessments is considered an asset;
- Demonstrable experience with conducting security reviews, implementing information security recommendations, analyzing technical controls and applying security control standards required;
- Security experience including threat identification, proactive defense, incident response, and development of mitigation strategies;
- Previous experience in either a regulatory or utility environment is considered an asset;
- Excellent written and oral communication, and interpersonal skills;
- Proficiency in business writing for the preparation of reports and presentations
- Strong computer literacy with a demonstrated aptitude for working with different software packages and systems including proficiency in Microsoft Office;
- Analytical thinking and sound judgement to effectively solve problems;
- Ability to learn and operate in a highly regulated environment;
- Ability to work well in a non-hierarchical, matrix team structure;
- Ability to develop and maintain professional relationships with colleagues and stakeholders in a quasi-judicial/regulatory environment;
- Ability to multi-task with priorities and projects and produce results;
- Ability to communicate complex matters in lay terms to various stakeholders;
- Ability to link BCUC business plan and concepts to daily work.