LiveHire users cookies on this website. Cookies are small pieces of data stored by your browser on your computer or device to help run this site, improve security, and improve your experience.

Click Accept to continue, or for more information please see our Cookies Policy.

‹ Back to all jobs

12491 - Critical Infrastructure Protection Investigations Lead

  • LocationVancouver, BC V6B 5R3 - Canada
  • Work TypeContract/Temp
  • Positions1 Position
  • Published At:2 months ago

Apply

  • Job no: AAF9X
  • Categories: Information Technology

Our client, one of the largest electrical energy suppliers in Canada, has an immediate need for a Critical Infrastructure Protection Investigations Lead with experience in IT audits to ensure compliance with digital technology and cyber security regulations and policy. This is a contract position for one (1) year located in Vancouver, British Columbia 

 Description: 

This role is for a brand-new function in the Technology Team and will be responsible for oversight of NERC CIP incident investigations & remediation planning. The CIP Program Office Investigations Lead will be responsible for working with different compliance teams and provide oversight for NERC incident investigations, develop remediation plans and coordinate investigations across different functional areas. (NERC CIP stands for North American Electric Reliability Corporation Critical Infrastructure Protection and is a set of security requirements designed to secure the assets required for operating North America's bulk electric system

  Accountabilities 

  • Reporting to the Manager, CIP Program Office, the Investigations Lead is responsible for working with Compliance teams from across the organization to oversee incident investigations and remediation plans. 
  • Coordinates NERC CIP non-compliance investigations and remediation 
  • Works closely with Reliability Compliance team, Compliance teams, and various internal and external parties to perform compliance incident investigations for incidents owned by multiple functional areas. The investigation process includes root cause analysis, analysis and collection of evidence, and completion of mitigation actions. 
  • Oversees the investigations across business units to ensure consistency based on the investigation framework/methods sets up by Reliability Compliance 
  • Provides guidance on the investigation approach/methods based on established investigation framework/methods by Reliability Compliance 
  • Reviews Internal Reports and advises CIP Senior Manager on acceptance of Internal Report 
  • Reviews and recommends acceptance of remediation plan 
  • May lead remediation plan implementation across functional areas 
  • Track's remediation plan completion 
  • Collaborate with other SMES or team members in completing compliance project/program, audits to ensure compliance with cyber security regulations and policy 
  • Lead an audit review on compliance evidence documents by collaborating with CIP Policy Subject Matter Experts (SMEs) cybersecurity and safety teams, and emergency management team to monitor and assure the development, revision, and update of CIP compliance policies, processes, and procedures and the completion of required auditing records 
  • Conduct compliance impact assessments on IT projects and provide guidance on the execution of cyber security related action items by collaborating with project managers to ensure that projects apply cybersecurity best practices and comply with regulations and policy 
  • Identify potential cyber security risks and incidents by performing vulnerability assessments, coordinating with internal teams and stakeholders, and monitoring external events and security logs to help prepare for possible contingencies 
  • Determine remediation options and recommend solutions by analyzing security test results, confirming the impact of security risks and validating baseline security configurations for operating systems, applications, networking tools, and telecommunications equipment to adequately mitigate cyber security risk 

 Must have Experience 

  • 7 + years of working experience in Information Technology with at least five (5) years in cyber security or equivalent 
  • Expert knowledge and skills in IT compliance audits 
  • Must have risk management experience   
  • Must have experience doing compliance investigations   
  • Experience with NERC CIP standards in the utility industry is a strong asset. 
  • Excellent communication skills for a professional environment, written and spoken 

Required Education and Skills 

  • Bachelor’s degree or technical diploma in Computer Science, Information Security, or equivalent 
  • Able to obtain a security clearance for a Security Sensitive Position classification 
  • Certificate in at least one of the following areas, an asset: 
  • Certified Information Systems Security Professional (CISSP) 
  • Certified in Risk Information Systems Control (CRISC) 
  • Certified Information Systems Auditor (CISA) 
  • Certified Information Security Manager (CISM) 
  • GIAC Certified Incident Handler (GCIH) 
  • GIAC Certified Penetration Tester (GPEN) 
  • Good technical knowledge and working experience in the following areas: 
  • IT Processes 
  • Internet Policy Enforcement 
  • Network architecture 
  • Active Directory 
  • Log management 
  • Vulnerability scanning 
  • Penetration testing 
  • Configuration management 
  • Asset management 
  • Continuous monitoring 
  • Web Content Filtering 
  • Encryption and strong authentication 
  • Physical Security related project or implementation 
  • Project management and coordination 
  • Industry standards 
  • ISO 270001/2 
  • National Institute of Standards and Technology (NIST) 
  • British Columbia’s Freedom of Information and Protection of Privacy Act (BC FIPPA) 
  • North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) 
  • Control Objectives for Information and Related Technologies (COBIT) 

If you're a technical professional, you know that it can be difficult to find fulfilling work that advances your career. At the Ian Martin Group, we exist to connect professionals like you with meaningful work at industry-leading companies in your field. We walk the walk, too: Certified B Corporation, we believe in using business as a force for good for people, our communities, and the environment

We value diversity & inclusion & encourage all qualified people to apply. If we can make this easier through accommodation in the recruitment process, please contact us at recruit@ianmartin.com 

We encourage all qualified candidates to apply; however, only those selected for an interview will be contac

  • Published on 26 Feb 2021, 10:24 PM