QUALIFICATIONS:

• Graduate in Engineering from a university of recognized standing, plus a minimum of seven years related experience,
  including two years related experience in Cyber Security, Operational Technology, or Information Technology Infrastructure

support.

• Member in good standing with Engineers Geoscientists Manitoba
• Has or be willing to obtain certification within 12 months: ISAACA CSX Cybersecurity Practitioner (CSX-P) or (ICS)2 Entry
• Level Cybersecurity certification; and maintain that certification in good standing. Professional certifications such as CISSP,

CISM, CRISC, OSCP, CEH, CGIH, GPE, SANS, etc would be an asset.

• Possess an understanding of Cyber security concepts, controls, frameworks and standards including NIST and ISO.

Knowledge of ICS Cyber Security Risk Management and NERC Critical Information Protection (CIP) Standards, Programs
and Procedures, CIP infrastructure components and CIP cyber assets. Familiarity with compliance standards, evidence

requirements and understanding audits and assessments.

• Technical expertise in analyzing network-specific threat event data, evaluating malicious activity, documenting unusual files

and data, and identifying tactics, techniques and procedures used by attackers to drive development of corporate-wide

standards, policies, procedures, guidelines and design criteria.

• Familiarity with business needs and commitment to delivering high-quality, prompt and efficient service to the business.
• Technical system support experience with Information Technology, Operational Technology and infrastructure components.
• Strong written and verbal communication skills with a demonstrated ability to communicate effectively, deliver reports,

recommendations, and presentations, and the ability to build and maintain harmonious working relationships with staff across

the enterprise at all levels.

• Excellent organizational and interpersonal skills, including facilitation, and negotiation.
• Demonstrated creativity in resolving complex information technology issues, implementing new processes and products and

redesigning work processes.

• Demonstrated initiative, and ability to prioritize, and achieve results in a timely manner.
• Possess good analytical skills, be self-motivating, and possess mature judgment with the ability to make and implement sound

decisions.

• Possess a valid Province of Manitoba Driver’s License.
• Must obtain and maintain a current Personnel Risk Assessment and a “Clear” security rating in accordance with Manitoba

Hydro policy P513.

• Must complete Manitoba Hydro Standards of Conduct training.
• Critical Infrastructure Protection (CIP) Training is required and must be completed prior to transfer date and renewed annually.

• Lead the establishment of corporate policies and standards for design, implementation, and sustainment of network security
  controls: Protect IT and OT network technology assets from cyberattacks. Identify and address instances of potential
  non-compliance of standards and policies. Update standards and programs associated with network security based on cyber
  threat landscape, utility best practice and in response to threat intelligence and known vulnerabilities. Support network design

teams as required to support mitigations required due to threat intelligence.

• Design corporate strategies, guidelines, configurations and hardened baselines: In collaboration with network design teams

across the corporation apply utility best practice for configuring firewalls, intrusion detection systems, and other security
systems to enforce access control policies and prevent unauthorized access. Identify and implement detection and response

telemetry, alert thresholds, and response plans for network security.

• Sustain network cyber security maturity: Research emerging threats and vulnerabilities to aid in the identification of network

incidents, and supports the creation of new architecture, policies, standards, and guidance to address them. Support the
creation of network-specific business continuity/disaster recovery plans, to include conducting disaster recovery tests,
publishing test results, and making changes necessary to address deficiencies. Create and support testing requirements for
new computers, software, switch hardware and routers before implementation to ensure security requirements are met.
Develop IT/OT segregation strategy, guidelines and security-related design criteria and oversee periodic IT/OT network

separation testing. Coordinate strategy and design criteria updates resulting from such testing.

• Organizational change management: In cases where network resources are to be changed; plan, deliver, and lead required

organizational change management activities including awareness and training.

• Provide mentorship and coaching: Provide coaching and mentoring to staff across the division and ECSP through various

forms (including information sharing presentations, documentation and process reviews, brainstorming, guidance, counsel
and coaching and technical training plan development and implementation). Play a lead role in documenting work processes

and continuous improvement.

• Support the Enterprise Cyber Security Program: Assist in the delivery of the enterprise cyber security program including

implementing projects, policies, standards and technology to assist in increasing the cybersecurity maturity of Manitoba Hydro

to utility average and maintaining at or above average network security maturity.

• Support cyber security operations where required: Support cyber event incident response and recovery as part of the Incident

Response Team. In the event of a significant cyber security incident, you may be called to support response activities at any
time during a 24-hour period to assure Manitoba Hydro system security and reliability.