Senior Cyber Security Analyst

at  AESO

The Alberta Electric System Operator (AESO) is responsible for the safe, reliable, and economic planning and operation of the Alberta Interconnected Electric System. We provide open and non-discriminatory access to Alberta’s interconnected power grid and also facilitate Alberta’s competitive wholesale electricity market. The AESO strives to foster an inclusive, diverse and equitable workplace where people feel respected and welcomed for who they are, together we deliver high performance and innovative results.
Job Description
We are looking for a Senior Cybersecurity Analyst to join our growing team. You will focus on the tactical and operational aspects of cybersecurity to ensure cybersecurity risks are mitigated and industry best practices are implemented and executed. You will also develop security requirements and facilitate architectural development to support the Security & Governance Strategy. Teamwork, collaboration, leadership, and mentorship are essential to succeed as you will be expected to assist with the development and maturity of the team and security program.
This full-time opportunity offers a competitive salary, and a variable pay program. We also have paid vacation and flex time, health and dental benefits, mental health support, a defined contribution pension plan, and learning and development opportunities as part of your overall compensation package. We support a hybrid work environment, where the team is in the office on Tuesdays, Wednesdays, and Thursdays. Mondays and Fridays are flexible for where you work best. This role also includes an on-call rotation for incident response, with additional compensation.

Signs you will enjoy working in this team:

• You thrive in a fast-paced and dynamic environment and are looking for an opportunity to embark on transformative industry change.
• You enjoy working in a team of bright professionals and participating in lively debates.
• You embrace change and flexibility, being able to pivot and adapt with ease.
• You like working in a diverse atmosphere – our team celebrates our colleagues’ varied backgrounds, experiences, and perspectives.
• You have a curious mind and strong desire to continuously learn and take on new challenges.
• You have superior client service focus with strong experience engaging with stakeholders at both executive and business department levels.
• You are an excellent oral and written communicator, effectively translating highly technical information.
• You demonstrate an eye for detail and high organizational skills to meet tight deadlines within a complex and demanding organization.

Accountabilities include:

• Collaborate on day-to-day Cybersecurity Operations tasks including administration, configuration and management of security tools for the AESO (SIEM, Vulnerability Management, IDS/IPS etc.).
• Lead security incident investigations and assist in the management and maturity of the Cyber Security Incident Response Plan (CSIRP).
• Understand and interpret security-related laws and regulations (e.g., ARS CIP, NERC CIP), and voluntarily adopted standards (e.g., CSOX, ISO 27002).
• Contribute to and produce evidence for ARS CIP.
• Coordinate analysis of security advisories and assess for impact to AESO.
• Conduct Security Impact Assessments, vulnerability assessments, and security reviews to provide security recommendations for IT projects in accordance with the Service Delivery Life Cycle (SDLC).
• Provide technical expertise and recommendations (configuration, management, security risk, governance, technology implementation, etc.) while advising and consulting within the business on IT Projects.
• Consult and provide security subject matter expertise for AESO personnel and third parties.
• Participate in the development of content and delivery of the security awareness and training program.
• Respond to security audit action items that include providing supporting documentation to auditors, evaluating audit results for relevance/accuracy, and working with IT Infrastructure & Operations teams to develop and implement plan to remediate audit findings.
• Analyze enterprise business context (industry and market trends, threats, detect critical deficiencies, compliance frameworks, and business strategy) to derive the security architecture future state.
• Consult on application or infrastructure development projects to harmonize systems or infrastructure with the security architecture and identify when it is necessary to modify the security architecture to accommodate immediate or future project needs.
• Facilitate the research, evaluation and selection of hardware and software technology and product standards, as well as the design of standard configurations.
• Develop technical and architectural migration plans and recommend solutions to address the gaps between the current and future state, in alignment with IT budgets and capital projects.
• Assist with designing the governance activities associated with ensuring compliance with the enterprise security architecture.

You have:

• Completed CISSP/CISM or similar certification or are working towards completion.
• Post-secondary Certificate or Diploma in Information Technology, or equivalent.
• GCIH, GMON, CISA, CRISC, or other security-related certifications would be an asset.
• A minimum of 15 years’ experience in an IT discipline, with a minimum of 10 years of cyber security experience.
• Proficient with SIEM, network, endpoint, and other security-related tools.

Application deadline: October 30, 2024
If you are contacted for a pre-screening and/or interview, please advise of any accommodation measures required to enable you to fully participate. Information received relating to accommodation measures will be addressed confidentially.
The Alberta Electric System Operator is unable to accept unsolicited agency resumes.
The Alberta Electric System Operator, and its members, officers, employees and agents (collectively, the “AESO") is committed to protecting personal information provided to it. When you submit your personal information to the AESO for the purpose of pursuing employment with the AESO, the collection, use and disclosure of personal information is in accordance with the provisions of the Freedom of Information and Protection of Privacy Act (FOIP Act) of Alberta.
As noted, the AESO is mandated to maintain the safe and reliable operations of the provincial power grid. As part of meeting its obligations, the AESO may require the successful candidate to undergo a criminal background check for the position. This collection of personal information for the purposes of a check will be conducted in accordance with Section 33 of the FOIP Act

Please refer the Job description for details