We are looking for a Sr. IT Security Specialist (NERC*)
* North American Electric Reliability Corporation: NERC Compliance Monitoring is the process used to assess, investigate, evaluate, and audit in order to measure compliance with NERC Reliability Standards. ... Compliance Enforcement is the process by which NERC issues sanctions and ensures mitigation of confirmed violations of mandatory NERC Reliability Standards.
Type of employment: Permanent position
Location: Downtown Toronto
· Support the Manager, CIP Compliance Sustainment in effectively designing and developing strategies consistent positions related to standards and compliance requirements.
· Support the Critical Infrastructure Protection (CIP) Senior Manager and/or Delegate in the successful sustainment of compliance to NERC CIP standards.
· Oversee compliance sustainment and continuous improvement efforts associated with NERC CIP compliance program. Review NERC CIP related security incidents for systemic problems and opportunities for process improvements.
· Support the Governance Delegates (GDs), Execution Delegates (EDs) and Process Owners (POs) accountable for the CIP standards/processes within the Internal Compliance Program (ICP).
· Advise the GDs on areas to focus when new changes are introduced to the NERC CIP standards. Coordinate with GDs/POs to help facilitate institutionalizing CIP compliance into work processes.
· Advise GD and ED in creation of non-compliance reports and remediation planning.
· Provide oversight and ensure that an overall CIP process metrics dashboard is established with input from all stakeholders and is maintained in accordance with the reporting cycles.
· Advise GDs/EDs in creation of non-compliance reports and remediation planning.
· Ensure that the CIP Process Architecture is maintained and kept current.
· Assist CIP GDs/POs with updating high impact or high complexity processes based on specific improvement or remediation efforts.
· Assist CIP GDs/POs in identifying and rolling out complex key changes in support of specific improvement or remediation efforts.
· Provide governance support to Process Owners in respect to escalating issues and concerns as well as formalizing support requests to create formalized projects and continuous improvement initiatives.
· Perform preliminary reviews of Physical Security Plans, Cyber Security Policies and Technical Feasibility Exceptions related to CIP Standards and other related policies on an annual basis and report out to Manager.
· Provide advice and deliver training and other communications to internal stakeholders, corporate and operations staff to assist in their understanding of security compliance processes. This may include websites, toolkits, seminars and other employee engagement tools.
· Collaborate with Reliability Standards Readiness and Strategy to provide direction to CIP GDs/POs. Support Reliability Compliance Assurance’s evidence audit operations and actioning of audit results
· Enforce compliance with IT Security Policies and Standards across the enterprise using the compliance tracking framework.
· Coordinate compliance enforcement activities with outsource service providers.
· Develop and present management compliance reports to various stakeholders.
· Engage and manage third parties to perform compliance exercises as necessary.
· Participate in development and maintenance of IT Security Policies and Standards.
· Manage compliance remediation activities.
· Manage and motivate staff and contractors in projects.
· The candidate is expected to have demonstrated capability in the following areas:
· University degree or related studies, or equivalent experience.
· 10+ years’ experience in IT Security.
· 5+ years relevant experience in a senior Information Security or IT Security role.
· Demonstrated understanding of relevant standards and regulatory requirements (NERC CIP, Bill C-198, PCI, PIPEDA, etc.).
· Relevant experience in IT security governance with the capacity to enforce standards and liaise with stakeholders.
· Relevant experience in strategic business planning and management.
· Relevant experience in financial management and control.
· Strong organizational and communication skills.
· Strategic business thinking - ability to apply technical knowledge and experience to make management decisions for achieving business objectives.
· Ability to lead and work in a multi-team environment and drive completion of deliverables.
· Ability to assess enterprise risk with proper recommendation on mitigation.
· Proven ability to meet deadlines and manage priorities.
· Good communications skills with the ability to work/liaise effectively with business, IT stakeholders, and vendor representatives.
· Relevant experience in utility sector is preferred.
· Ability to apply discretion when dealing with confidential information.
We would like to thank you personally for applying to Step by Step Professional Services Inc. Please note that we will review your application and only those candidates selected for further consideration will be contacted directly. However, we will retain your application on file and would be pleased to contact you if further opportunities arise.