Reference Code: CO57215108-01
external assessments, internal and NERC CIP audits as required.
- Establish incident response and communication plans:
- Coordinate and align with Cyber Security Operations Centre enterprise cyber security incident response and communication
plans.
- Create specalized centralized OT plans which provide clear and concise direction to other staff responding to or assisting in
the incident response.
- Develop communication strategies and guidelines to best enable enterprise wide coordination on centralized OT aspects of a
response, adherence to NERC CIP and CIS incident response requirements, and appropriate communication to impacted
departments and standard owners.
- Develop training, presentations, and exercises for these plans as required.
- This position leads CCTS Cyber Security program involvement and implementation of multiple security programs (ICS CSRM,
NERC CIP, Technology Security), provides assistance and consultation on several others, and is a recognized leader within
System Operations and Manitoba Hydro.
- Providing guidance and consulting assistance to all Manitoba Hydro System Operation Division staff and management on
overall Cyber Security risk, Cyber Security controls, governance, and best practices is also part of this position.
- Regularly communicate best practices and guidance to improve the over-all cyber security posture and culture of Systems
Operations division by presenting Cyber Security best practices that considers the unique differences and struggles OT
networks and operators have when improving Cyber Security.
- Lead the proactive security monitoring and reporting program using tools such as the SIEM system including leading the
centralized OT threat intellegance program. Evaluate incoming threat intelligence for applicability and severity and determine
appropriate counter-measures and mitigations necessary. Provide information to system SMEs and briefings to management
as required based on severity and likelihood of a threat.
- Responsible for network intrusion detection and prevention policy, procedures, and systems.
- Respond to and ensure root causes for suspected security breaches and failures are identified and fully addressed.
- Lead, plan, coordinate, and conduct cyber security incident response exercises and assessments.
- Develop cyber security playbooks. Lead implementation of SOAR (Security Orchestration Automation and Response).
- Provide round-the-clock support, as required, on an emergency basis to lead the response to a cyber security event.
- Receive and analyze security alerts from various sources.
- Apply DevSecOps principles wherever possible in the implementation, testing, and maintenance of supported infrastructure.
- Keep current on all cyber security related issues:
- Identify and establish contacts with industry peers and information sources to keep abreast of emerging and relevant cyber
security issues and risks.
- Conduct cyber security research.
- Represent MH as an OT cyber security expert on internal & external cyber security committees.
- This position will be responsible for mentoring junior staff and their understanding and development in the cyber security and
centralized OT areas.
- Provide 24-hour support (standby) to the System Control Centre as part of the EMS Infrastructure and Applications on call
rotation.
"Principal Duties are intended to be an accurate reflection of the main duties essential for this position. They are not designed to be
an exhaustive list of all duties, tasks and responsibilities."
Qualifications
- A four year degree in Computer Science or Computer Engineering from a university of recognized standing plus a minimum of
six years of directly related experience in the field of information/computer technology and cyber security.
OR
- A two year diploma in Computer Programming Technology from an institute of recognized standing plus a minimum of eight
years directly related experience in the field of information/computer technology and cyber security.
OR
- An equivalent combination of education and experience may be considered.
- Global Information Assurance or ICS2 Certification(s) would be considered an asset.
- Demonstrated initiative and ability to plan, organize, schedule and complete a high volume of work within strict timelines.
- Demonstrated ability to establish and maintain successful working relationships with external and internal contacts in multiple
departments and positions.
- Demonstrated ability to communicate effectively, both orally and in writing.
- Demonstrated advanced level knowledge of IT and OT systems and networks.
- Expert level knowledge of NERC CIP Standards, Programs and Procedures.
- Subject matter expert in cyber seucirty policies, practices, controls, and tools.
- Expert level knowledge and experience with Intrusion Detection Systems and Endpoint Detection & Response systems.
- Expert with Security Information and Event Management (SIEM) systems, Security Orchestration & Automated Response
(SOAR) platforms and threat intelligence platforms.
- Demonstrated commitment to continuous learning and keeping pace with changing technology and related best practices.
- Demonstrated forward thinking and ability to identify and implement continuous improvement.