CYBER SECURITY ANALYST

CYBER SECURITY ANALYST
WINNIPEG, MB

Manitoba Hydro is consistently recognized as one of Manitoba's Top Employers!

Great Benefits
- Competitive salary and benefits package.
- Defined-benefit pension plan.
- Nine-day work cycle which normally results in every other Monday off, providing for a balanced approach to work, family life and community.
- Flex-time and partially remote work schedule (providing the option to work remotely 3 days per 2 week period), depending on nature of work, operational requirements and work location.

Manitoba Hydro is a leader among energy companies in North America, recognized for providing highly reliable service and exceptional customer satisfaction. Join our team of Manitoba's best as we continue to build a company that supports innovation, commitment, and customer service, while actively supporting a diverse, equitable and inclusive workplace.

Under the general direction of the Enterprise Cyber Security Program Department, be part of a team that partners with stakeholders across Manitoba Hydro to manage cyber security risk. The position will support security programs, conduct security risk assessments, provide security guidance to project teams, and help build corporate security culture and commitment through awareness programs.

Responsibilities:
- Contribute to the development, implementation, sustainment, and continuous improvement of cyber security programs including (but not limited) to threat intelligence, policy management, NERC CIP, Industrial Control System Cyber Security Risk Management, incident response and disaster recovery, and application security.
- Conduct security risk assessments on applications to prevent vulnerabilities and entry points that attackers can exploit.
- Contribute to security risk identification, assessment, and mitigation strategies to resolve vulnerabilities and recommend and support security changes to system or system components as needed.
- Participate on project teams to provide security guidance and ensure security controls and requirements are ‘baked in' and addressed during the project.
- Lead or assist with various cyber security awareness program initiatives including cyber security awareness training, and simulated phishing campaigns.
- Assist with the third-party Enterprise Technology Security Assessment and manage the resulting recommendations and action plans.
- Direct activities of external suppliers and support establishing and overseeing monitoring, selection and termination of suppliers.
- Develop and maintain good working relationships with industry contacts for the purpose of information exchange and to keep abreast of technology innovation and directions. Develop and maintain good working relationships with contacts within D&T, ICS teams, and stakeholders throughout Manitoba Hydro including subsidiaries.
- Support the development, implementation, maintenance, and improvement of D&T's overall NERC Critical Infrastructure Protection (CIP) processes and procedures and Industrial Control System Cyber Security Risk Management initiatives.

Qualifications:
A four-year degree in Computer Science or related discipline from a university of recognized standing plus a minimum of three years related information technology (IT) or industrial control system (ICS) Support experience of which at least one year must be in a system support role.
OR
A two-year diploma in Electrical, Electronic, or Computer Technology from an institute of recognized standing plus a minimum of five years related IT or ICS Support experience of which at least three years must be in a system support role.
- Entry level cyber security certification(s) with organizations such as ISACA or ISC 2 would be an asset.
- General understanding of technology and how it is deployed to support the Enterprise including information technology (IT), operational technology (OT) and industrial control systems (ICS).
- Knowledge of ICS Cyber Security Risk Management and NERC Critical Information Protection (CIP) Standards, Programs and Procedures, CIP infrastructure components and CIP cyber assets.
- Strong oral and written communication skills and able to communicate effectively to all levels of management and staff. Demonstrated ability to build good working relationships and work effectively in team environments.
- Excellent organizational and interpersonal skills.
- Demonstrated creativity in resolving information technology issues, implementing new processes and products and redesigning work processes. Demonstrated focus on documentation and continuous improvement.
- Demonstrated initiative, and ability to prioritize, and achieve results in a timely manner
- Possess strong analytical skills, be self-motivating, and possess mature judgment with the ability to make and implement sound decisions.
- Obtain and maintain a current Personnel Risk Assessment and a "Clear" security rating in accordance with Manitoba Hydro policy P513.
- NERC CIP Training is required, must be completed prior to transfer date, and renewed annually.

Salary Range
Starting salary will be commensurate with qualifications and experience.
The range for the classification is $39.27-$54.35 Hourly, $75,242.70-$104,154.96 Annually.

Apply Now!
Visit www.hydro.mb.ca/careers to learn more about this position and to apply online.
The deadline for applications is APRIL 22, 2025.
We thank you for your interest and will contact you if you are selected for an interview.

This document is available in accessible formats upon request. Please let us know if you require any accommodations during the recruitment process.