Security Analyst

Press Tab to Move to Skip to Content Link

Select how often (in days) to receive an alert:

Location: Toronto, ON, CA

50280-Regular Not Applicable

Representation: Management

Job code: 00739081

Pay information: 18 (Core Services)/ LEVEL 03

Hours of work (per week): 40 hr 5dy* 8hr

Shift work: No

Number of positions: 1

Town/City: Toronto, Ontario

Department: DIGITAL & TECHNOLOGY SOLUTIONS /SECURITY & INFRASTRUCTURE/CYBRSC GOVR

Join a diverse team of experienced Cybersecurity practitioners, and act as a subject matter expert for Information Security with the Lines of Business (LOB).

Focus on Cyber Governance & Risk Management as it relates to Information Technology (IT) and Operations Technology (OT) systems.

Translate technical cyber & information security requirements into business actions. Preserve and apply the security governance framework (based on NIST CSF &800-53) for the LOBs.

Work with different, potentially conflicting requirements (legal, regulatory, industry standards, security strategy) to distil realistic security requirements supporting the business strategy.

Conduct research to maintain and expand knowledge on the latest cyber security technologies and standards, as well as the threat and vulnerability landscape for Industrial Control Systems (ICS) in general, and the Electrical sector in Ontario.

You are an experienced Cyber Governance & Risk Management professional with extensive knowledge and experience in architecture of the following domains and their application to IT (and preferably OT) environments:

• Threat, Risk, and Compliance
• Security Governance and Policies

Identity and Access Management

Threat, Risk and Compliance

Vulnerability Management

Security Operations

Security Governance and Policies

Security Architecture

Specific Accountabilities may include:

Represent the Cyber Governance and Risk Management team as an advisor and expert Cyber Security SME to support the overall security program.

Seek industry trends and organizational knowledge to understand and implement executive risk management practices.

Provide recommendations for security architecture for all technology projects, new platforms – on premise or cloud-based and ensure alignment of technology solutions to established frameworks and security standards.

Provide consultation to operational teams as a governance & risk-focused senior cyber security advisor on security-related initiatives, solution selection, security architecture and security assessments

Provide governance & risk management insights through an ongoing process of gathering, analyzing and prioritizing actionable risk messages; develop content to support communication of the messages and enable technology teams to consume and apply the messages to their respective areas.

Contribute to the continuous improvement of processes and maturity of cyber governance & risk management program.

Manage various stakeholders across levels (including executives) and engage in resolution of risk issues.

Build and manage eƯective relationships with key stakeholders, team members, and other business, functional and support groups. Collaborate with senior leaders to ensure alignment of Cyber Security initiatives.

Support responses to various regulatory requests and audits

Support the compliance sustainment and continuous improvement efforts associated with Hydro One’s NERC CIP compliance program. Review NERC CIP related security incidents for systemic problems and opportunities for process improvements.

Experience and Skills Required:

Extensive experience of strategic development of standards, Cyber Security Risk Identification. Risk Quantification, and Mitigation techniques

• Familiarity with scenario-based risk analysis using common threat modelling techniques

Demonstrable experience in an advisor/consultant capacity representing Information Security

5-8+ years of information security experience in risk management and information security

Strong knowledge of NIST SP800-53 and NIST Cyber Security Framework

Sound understanding of the Ontario Cyber Security Framework

Familiarity with Risk Management Frameworks (ISO 27005, NIST 800-30/39 or ISF IRAM2 )

Demonstrated understanding of relevant standards and regulatory requirements (NERC CIP, Bill C-198, PCI, PIPEDA, etc.).

Knowledge of current trends in the cyber security industry

Knowledge of unique threats to the energy sector and its role within Canadian critical infrastructure

Excellent interpersonal, communication, and presentation skills applicable to a wide audience including senior and executive management

Excellent organization/project planning, time and organizational change skills across multiple functional groups and departments

Knowledge of metrics programs and security dashboard creation

Post-secondary education in Computer Science/Engineering, Cybersecurity or related field, or equivalent work experience

One or more of CISSP, CRISC, CISM or other relevant certifications would be an asset

Hydro One employees, you can apply online viathe Careers module in Success Factors.To accessSuccess Factors, click on the Talent Management link in the Applications drop-down menu on the HydroNet site.Otherwise, if you do not have Hydro One computer access, forward your application to Careers@HydroOne.com. In the event you are experiencing difficulties applying to this job please visit myHR.

"Employer of the year 2025"

Deadline: July 8, 2025

Questions about the posting should be directed to the hiring manager. If you are selected for an interview or further evaluation and require special accommodations please speak with the hiring manager.

NOTE: An Employee who is the successful applicant to a vacancy that results in a move between the Hydro One companies (Hydro One Networks, Hydro One Telecom and Hydro One Remotes) will have his/her EI and CPP deductions restarted. If as a result of the restart of these deductions the employee over contributes to EI and/or CPP, the employee will be eligible for a refund of the over contribution through their personal income tax return. For further details, please contact the HR Support Centre.

Job Segment: Telecom, Telecommunications, Cyber Security, Compliance, Risk Management, Technology, Security, Legal, Finance

2009-2022 Hydro One Networks Inc. All rights reserved