Please note that this is a hybrid position. The candidate will provide on-site and off-site support to clients as needed. Less than 25% travel is expected in this role.
Do you want to experience the essence of a large organization in a company with a personal touch? Come and work with us! We are looking for creative, innovative, and collaborative people like you to join our team.
Take your ambitions to the next level
-
Perform:
-
cybersecurity governance risk and compliance (GRC) activities for our nuclear clients, including:
-
gap analyses;
-
risk assessments and management;
-
creating standards and procedures;
-
developing cybersecurity training materials;
-
conducting organizational training as a subject matter expert (SME).
-
-
factory acceptance testing (FAT) and site acceptance testing (SAT) as required, diagnosing issues and effectively communicating solutions.
-
-
Prepare and review technical documentation (e.g., assessments, reports);
-
Review product- or system-specific engineering documentation such as manufacturing manuals, instrumentation and control (I&C) and network drawings to perform risk and controls assessments;
-
Work both independently and as part of a team in a project-based environment as needed;
-
Complete client-specific engineering change control (ECC) training to obtain necessary qualifications to work on the station-specific deliverables;
-
Participate in cybersecurity research and development (R&D) activities, including software and hardware development;
-
Contribute to sales initiatives, including attending conferences, writing proposals, estimating, and meeting with potential clients.
When it just clicks!
Does this sound like you?
-
Minimum of 4 years of experience working in the field of cybersecurity, preferably in an operational technology (OT), I&C, or nuclear environment;
-
Post-secondary degree in computer science, engineering, information security, or any related field;
-
Experience preparing client deliverables in the form of technical documentation;
-
Knowledge of the cybersecurity CIA triad is required;
-
Working knowledge of:
-
NIST Cybersecurity Framework, NERC CIP, or CSA N290.7 Standard;
-
the Purdue model;
-
industrial control systems (ICS), computer operating systems (OS) and virtual machine (VM) technologies;
-
network architecture and basic networking concepts such as communication protocols, network topology, transmission media, etc.
-
-
Excellent oral and written communication skills;
-
Comfortable in client-facing environments;
-
Assets:
-
Professional Engineering designation (P.Eng);
-
Cybersecurity-specific certifications (Security+, GICSP, CISSP, ISA/IEC 62443, etc.);
-
5 years of residence in Canada;
-
Experience with OPG or Bruce Power ECC;
-
CSIS Level 2 security clearance (preferably at OPG or Bruce Power);
-
Working knowledge of:
-
the Harmonized Threat and Risk Assessment (HTRA) methodology;
-
firewall and network switch configurations;
-
ICS communication protocols, ICS security components, physical and logical hardening controls, etc.
-
-
- English: Proficient