Cyber and Information Security Analyst

In support of achieving excellence and business results through safe, reliable operations, Bruce Power’s Cyber & Information Security division is hiring for a Cyber and Information Security Analyst. The team safeguards Bruce Power’s digital assets and information systems, focusing on prevent, detect, and respond capabilities and collaborating across the enterprise to improve reliability and security.

This is a permanent, full-time position located on site in Tiverton, Ontario, offering a competitive benefits, compensation and pension package.

• Contributes to the work program of the team by completing assigned tasks and projects on schedule.
• Follows applicable legislation, policies, programs, procedures, and agreements in daily work.
• Collaborates with team members to support the development and delivery of cyber and information security initiatives.
• Participates in training and development activities to maintain and enhance skills and qualifications.
• Provides feedback on performance and suggests improvements to enhance team effectiveness.
• Communicates and collaborates with colleagues and other teams to address issues and ensure smooth workflow.
• Supports the implementation of future plans and goals as communicated by and developed in cooperation with the leadership team.
• Provides input on strategy, technology, policies, compliance, and communications as needed.
• Risk identification, management, and mitigation across the Cyber Essential Asset, Business Technology, and Information Protection domains.
• Interface with stakeholders inside and outside the Division to deliver effective cyber security operations capabilities and incident response.
• Champion, refine, and develop standards, procedures, and processes for the Cyber & Information Security team.
• Collaborate with Enterprise Architecture to develop and maintain a technology roadmap for Cyber & Information Security operations.
• Continuously improve the operations of systems and supporting processes.
• Proactively research and champion courses of action to resolve and prevent problems and to maintain high service levels for users and stakeholders.
• Identify opportunities and champion continuous improvement for application optimization, redesign, or process improvement.

• In-depth knowledge of Information Security best-practice frameworks and standards including ISO 27000 series, NERC CIP, IAEA, SOX, PIPEDA, NIST, CSA, etc.
• Proven ability to establish excellent working relationships with internal and external contacts at all levels.
• Profile log / network / malware / device analysis and making recommendations for remediation of security vulnerability conditions.
• Very strong TCP / IP network and protocol knowledge.
• Intricate knowledge of Windows / Unix / Linux operating systems internals.
• Knowledge of scripting languages such as PowerShell / Perl / Python to automate tasks.
• Preferred GIAC Certifications (e.g., GRID, GCIH); any GIAC certifications will be beneficial.

• Typically acquired through the completion of 4 years of university training in a related field (Computer Science, Information Technology, Computer Engineering, etc.), or an equivalent level of education.
• Certifications in Cyber & Information Security (CISSP, GIAC, CCSP, etc.) are considered an asset.
• Eight to ten years of relevant experience is typically expected.
• Experience with the following is an asset: interfacing with CCCS and other key stakeholders; hardening assets against cyber or insider attacks; vulnerability management, patch management and secure configuration; incident handling techniques and frameworks; Security Operations Centre operations and related tools; SIEM / SOAR platforms; threat intelligence and monitoring; IAM, EDR, vulnerability management; on-premise and cloud hosting; application infrastructure; and managed contracts.
• Experience in proper investigative / forensic techniques, evidence handling, malware analysis, defense-in-depth strategies, ICS/SCADA security considerations, threat and risk assessment, and security policy development.
• Experience in developing internal/external documentation such as detailed procedures, IR playbooks, and operational metrics reports.

Are you ready for a change?

Please complete the online application and attach a cover letter and resume, indicating your education and experience as it relates to this opportunity. We look forward to receiving your application and will be in contact with you should you be selected for an interview.

The successful candidate will be selected based on related and required education, experience, knowledge and skills, a competency-based interview, and background reference checks.

As one of Canada’s Best Diversity Employers, Bruce Power is committed to promoting a culture of diversity, equity and inclusion where workers feel valued for their uniqueness and are recognized for their individual differences, talents and skills. We welcome and encourage everyone to apply to support our inclusive workplace culture.

Employment type: Full-time

Job function: Information Technology

Industries: Utilities and Energy Technology

Location: Tiverton, Ontario

Seniority level: Not Applicable