Please note that this is a hybrid position. Less than 25% of travel is expected in this role.
Do you want to experience the essence of a large organization in a company with a personal touch? Come and work with us! We are looking for creative, innovative, and collaborative people like you to join our team.
Take your ambitions to the next level
-
Perform cybersecurity Governance, Risk, and Compliance (GRC) activities for our nuclear clients, including:
-
Gap analyses;
-
Risk assessments and management;
-
Creating standards and procedures;
-
Developing cybersecurity training materials; and,
-
Providing organizational training as a Subject Matter Expert (SME).
-
-
Prepare and review technical documentation (e.g., assessment and reports);
-
Review the product or system-specific engineering documentation, including manufacturing manuals, instrumentation and control (I&C) and network drawings, to perform risk and control assessments;
-
Work independently as well as a member of a team in a project-based environment, as needed;
-
Complete client-specific Engineering Change Control (ECC) training to obtain the necessary qualifications to work on the station-specific deliverables;
-
Participate in cybersecurity research and development (R&D) activities, including software and hardware development;
-
Perform Factory Acceptance Testing (FAT) and Site Acceptance Testing (SAT) as required, diagnose issues and communicate solutions effectively;
-
Contribute to sales initiatives, including attending conferences, writing proposals, estimating and meeting with potential clients.
When it just clicks!
Does this sound like you?
-
Over four years of experience working in the field of cybersecurity, preferably in an operational technology (OT), I&C, or nuclear environment;
-
Post-secondary degree in computer science, engineering, information security, or any related field;
-
Knowledge of the cybersecurity CIA triad is required;
-
Working knowledge of NIST Cybersecurity Framework, NERC CIP, or CSA N290.7 Standard;
-
Working knowledge of the Purdue model;
-
Working knowledge of Industrial Control Systems (ICS), computer Operating Systems (OS) and Virtual Machine (VM) technologies;
-
Working knowledge of network architecture and basic networking concepts, such as communication protocols, network topology, transmission media, etc.;
-
Experience preparing client deliverables in the form of technical documentation;
-
Excellent oral and written communication skills;
-
Comfortable in client-facing environments.
Additional Qualifications
-
Professional Engineering designation (P.Eng.) would be an asset;
-
Cybersecurity-specific certifications would be an asset (Security+, GICSP, CISSP, ISA/IEC 62443, etc.);
-
Experience with OPG or Bruce Power ECC is a significant asset;
-
CSIS Level 2 security clearance (preferably at OPG or Bruce Power) is a significant asset;
-
Working knowledge of Harmonized Threat and Risk Assessment (HTRA) methodology would be an asset;
-
Working knowledge of firewall and network switch configurations would be an asset;
-
Working knowledge of ICS communication protocols, ICS security components, physical and logical hardening controls, etc., would be an asset.
- English: Proficient