IT/OT Security Analyst

Who We Are: At Northland, we’re enablers of change, united by our journey to transform the energy sector into the foundation for a sustainable future. Since our inception, we’ve been early movers in the energy industry, adopting new initiatives that pave the way for communities across the globe and helping forge their path towards a carbon-neutral landscape. We’re a different kind of independent power producer. As developers, owners and operators at the forefront of the energy transition, we’re uniquely positioned to leave a lasting impact in the regions where we operate. We’ve expanded our business across Canada, the United States, Latin America, Europe and Asia to become a global leader, all by bringing together industry experts to find solutions with an entrepreneurial mindset. While our work powers communities across the globe, Northland is powered by our people.

Reporting to the Manager, IT/OT Security Operations, the IT/OT Security Analyst will be responsible for day-to-day IT/OT security operations, including implementation of security projects, ensuring the success of day-to-day operations, and assisting other IT/OT teams and business units with security related tasks. The role will work closely with global teams and managed service partners to ensure the security of IT and OT assets. The role will manage and/or oversee several technologies, including security orchestration, automation, and response; data loss prevention; endpoint security; network security; network threat detection; vulnerability management; security incident and event management systems; VPN; privileged access management; and more. This position will be based in our Toronto Head Office and will be 4 days in office per week, with one flexible day available for employees to work from home.

• Implement and monitor the Global Cyber Security Program that governs all Northland entities, including Information Technology and Operations Technology.
• Implement procedures and technology changes to maintain and evolve Northland’s security maturity.
• Monitor and report on network security, system, and application security solutions to highlight areas of non-compliance and recommend improvements to practices and processes.
• Work closely with Managed Service Partners, IT/OT Infrastructure, and Project Management to provide organization direction and guidance on security best practices and compliance to policies.
• Collaborate with Managed Security Partners (SOC) to monitor and identify gaps in the current environment and implement necessary changes.
• Ensure data processing activities have sufficient data protection mechanisms.
• Audit security privileges to ensure least-privilege concepts are followed.
• Participate in ongoing IT/OT security audits for all Northland entities to ensure compliance to baseline requirements.
• Act as a key member of the cybersecurity incident response team to quickly identify, contain, and resolve incidents.
• Perform periodic maintenance of security systems to keep them up to date and able to identify and prevent threats.
• Perform and/or assist with periodic penetration tests.
• Manage the security orchestration, automation, and response system, and implement new automation use cases.
• Manage and maintain the privileged access management system.
• Handle reported phishing emails, ensuring that reported threats are effectively triaged and remediated.
• Provide evidence to support external audits of various departments and operational facilities.
• Review security reports and logging to identify potential risks or required adjustments.
• Manage the global vulnerability management and penetration testing program.
• Report on security trends, both internal and external, and recommend appropriate risk responses.
• Implement threat intelligence to enrich prevention and detection controls.
• Participate as required in project pipeline activity to ensure IT/OT acquisitions and implementations align with Northland IT/OT Security requirements.
• Establish and maintain written and in-person communications with key stakeholders on IT Security matters.
• Advise and assist on physical security controls selection, design, and implementation.

• Collaborative: You build relationships and enjoy working as a team player to get things done.
• Independent: You are an independent thinker and manage your own timescales and milestones to meet objectives. You know when you need to ask for help.
• Flexible: You are agile in your approach to work and hours, especially when collaborating with colleagues in other countries.
• Eager and adaptable: You are eager to learn, expand your skillset, and adapt to changing priorities in a fast-paced environment.
• A strong communicator: You have exceptional oral and written communication skills and can articulate analyses clearly.

• Undergraduate degree in Computer Science or related field; a post-secondary diploma with equivalent experience is acceptable.
• Thorough understanding of IT security principles with at least 5 years of experience in IT security; CISSP certification is required.
• Certifications in IT security, network administration, server administration, data protection, or industrial control systems are highly desirable.
• Good understanding of global Data Privacy laws including GDPR and PIPEDA.
• Knowledge of network design (LAN, WAN).
• Experience with Enterprise Infrastructure technologies and platforms such as firewalls, SIEM, SOAR, vulnerability management solutions, IDS/IPS, endpoint security, enterprise browsers, cloud solutions, and Office 365.
• Strong knowledge of Python, PowerShell and REST API principles.
• Knowledge of ISO 27000 series, NIST SP800-53, NIST CSF, and IT security best practices.
• Experience with NERC CIP and/or NIS2 is highly desired.
• Strong analysis, attention to detail, and communication skills.
• Ability to work effectively in a team-oriented, collaborative environment; hands-on in a dynamic, fast-paced setting.
• Demonstrates a passion for cybersecurity and critical infrastructure protection.

Our employees are the driving force behind our achievements. We are committed to recognizing contributions and empowering you to excel. Here’s why Northland is a place to thrive:

• Thoughtful benefits – Competitive RRSP matching of 8%; extended health, dental and vision benefits for you and your immediate family from day one; paid parental leave; accident and life insurance; disability benefits and more.
• Wellbeing first – Access to global Wellness Program and Employee Assistance Program, including mental health resources.
• Floating days and Birthdays off – Birthday off and three additional days off annually for other events important to you.

We hire talented and passionate people from diverse backgrounds. If you’re excited about a role but your past experience doesn’t align perfectly with this job description, we still encourage you to apply. Learn more about our diversity, inclusion and belonging commitments.

Disclaimer

This document is a guide. The duties, responsibilities, and requirements of the jobs as described herein are not inclusive and are subject to change.

Northland Power is an equal opportunity employer with a commitment to a fair, inclusive, and accessible environment. If you require accommodation during the hiring process, please notify a member of the HR Department.