OT Cybersecurity Advisor

Please note that this is a hybrid position. The candidate will provide on-site and off-site support to clients as needed. Less than 25% travel is expected in this role.

Do you want to experience the essence of a large organization in a company with a personal touch? Come and work with us! We are looking for creative, innovative, and collaborative people like you to join our team.

Take your ambitions to the next level

• Perform:

  • cybersecurity governance risk and compliance (GRC) activities for our nuclear clients, including:

    • gap analyses;

    • risk assessments and management;

    • creating standards and procedures;

    • developing cybersecurity training materials;

    • conducting organizational training as a subject matter expert (SME).

  • factory acceptance testing (FAT) and site acceptance testing (SAT) as required, diagnosing issues and effectively communicating solutions.

• Prepare and review technical documentation (e.g., assessments, reports);

• Review product- or system-specific engineering documentation such as manufacturing manuals, instrumentation and control (I&C) and network drawings to perform risk and controls assessments;

• Work both independently and as part of a team in a project-based environment as needed;

• Complete client-specific engineering change control (ECC) training to obtain necessary qualifications to work on the station-specific deliverables;

• Participate in cybersecurity research and development (R&D) activities, including software and hardware development;

• Contribute to sales initiatives, including attending conferences, writing proposals, estimating, and meeting with potential clients.

When it just clicks!

Does this sound like you?

• Minimum of 4 years of experience working in the field of cybersecurity, preferably in an operational technology (OT), I&C, or nuclear environment;

• Post-secondary degree in computer science, engineering, information security, or any related field;

• Experience preparing client deliverables in the form of technical documentation;

• Knowledge of the cybersecurity CIA triad is required;

• Working knowledge of:

  • NIST Cybersecurity Framework, NERC CIP, or CSA N290.7 Standard;

  • the Purdue model;

  • industrial control systems (ICS), computer operating systems (OS) and virtual machine (VM) technologies;

  • network architecture and basic networking concepts such as communication protocols, network topology, transmission media, etc.

• Excellent oral and written communication skills;

• Comfortable in client-facing environments;

• Assets:

  • Professional Engineering designation (P.Eng);

  • Cybersecurity-specific certifications (Security+, GICSP, CISSP, ISA/IEC 62443, etc.);

  • 5 years of residence in Canada;

  • Experience with OPG or Bruce Power ECC;

  • CSIS Level 2 security clearance (preferably at OPG or Bruce Power);

  • Working knowledge of:

    • the Harmonized Threat and Risk Assessment (HTRA) methodology;

    • firewall and network switch configurations;

    • ICS communication protocols, ICS security components, physical and logical hardening controls, etc.