QUALIFICATIONS:

• A four-year degree in Computer Science or Engineering or related discipline from a university of recognized standing plus a
  minimum of six years related information technology (IT) or industrial control system (ICS) Support experience, including
  cyber risk management, governance, policy, risk reduction and mitigation, IT and ICS protection, and regulatory requirements
  related to cybersecurity

OR

• A two-year diploma in Electrical, Electronic, Computer Technology, related discipline from an institute of recognized standing

plus a minimum of eight years related information technology (IT) or industrial control system (ICS) Support experience,
including cyber risk management, governance, policy, risk reduction and mitigation, IT and ICS protection, and regulatory

requirements related to cybersecurity.

• Is certified or be willing to obtain certification as a Certified Information System Security Professional (CISSP) from (ISC)².

Certifications such as Cyber Security specific (CISM, CRISC, OSCP, CEH, CGIH, GPE, SANS, ISAACA CSX Cybersecurity
Practitioner (CSX-P)), technology specific (SIEM, XDR, etc.), etc.), network related (CCNA, etc.), cloud platform related
(M365, Azure, etc.), operating system related (Linux, Windows, Unix, Apple IOS), management related (PMP, emergency

management, etc.), software/application security, etc. would be an asset.

• In-depth understanding of Manitoba Hydro’s computing and network infrastructure (IT and ICS/CIP), and security programs,

processes, and technology.

• In-depth knowledge of best and industry-leading cyber risk management, cyber security concepts, controls, frameworks,

policies, standards, tools.

• Excellent written and verbal communication skills with a demonstrated ability to communicate and influence effectively, deliver

reports, recommendations, and presentations, and the ability to build and maintain harmonious working relationships with staff

across the enterprise at all levels.

• Excellent organizational and interpersonal skills, including teamwork, facilitation, and transfer of knowledge.
• Demonstrated ability to prioritize and execute on a large volume of critical work, and resolve complex issues, implementing

new systems and processes, with a focus on documentation and continuous improvement.

• Demonstrated initiative, and ability to prioritize, and achieve results in a timely manner.
• Demonstrated ability to work effectively at both a strategic and tactical level.
• Possess a valid Province of Manitoba Driver’s Licence.
• Must obtain and maintain a current Personnel Risk Assessment and a “Clear” security rating in accordance with Manitoba

Hydro policy P513.

• Must complete Manitoba Hydro Standards of Conduct training.
• Critical Infrastructure Protection (CIP) Training is required and must be renewed annually.
• Must maintain or be eligible for SECRET clearance from the Government of Canada.

• Support the Enterprise Cyber Security Program (ECSP): Be a lead in the design of the overall ECSP. Work closely with
  both Industrial Control System Program and Business Technology Asset Program representatives, and initiate, lead, oversee,
  and deliver security policies, standards, programs, roadmap, metrics, accountability structure, centralized services, and
  organizational change management for the ECSP. Oversee, drive progress on, lead, provide expert level input to, and monitor
  status of critical cyber security initiatives and programs across Manitoba Hydro. Initiate, justify, and lead the procurement and

management of ECSP related contracts.

• Support enterprise technology security assessments: Provide expert level input to and lead the identification and

execution of assessment activities including cyber maturity assessments, scenario assessments, penetration tests, threat risk
assessments, enterprise technology security assessments and other assessments as a means of determining current state

and identifying opportunities for improvement and enhancement.

• Support governing committees: Identify, prepare and deliver ECSP metrics and updates as a key supporting member of

cyber security governing committees. Provide expert level input and recommendations to committees to support effective

decision making.

• Support cyber security risk management: As a recognized corporate cyber security expert, identify enterprise cyber risks

and gaps, assess and prioritize risks, and recommend, justify, influence, initiate, develop and drive implementation of

mitigation activities.

• Provide mentorship and coaching: Provide coaching and mentoring to staff across the division and ECSP through various

forms (including information sharing presentations, documentation and process reviews, brainstorming, guidance, counsel
and coaching and technical training plan development and implementation). Play a lead role in documenting work processes

and continuous improvement initiatives.

• Support cyber security operations where required: Provide technical expertise to support incident response and recovery,

internal/external communications during events, and threat intelligence and vulnerability intake, triaging, action initiation, and
tracking. In the event of a significant cyber security incident, you may be called to support response activities at any time

during a 24-hour period to assure Manitoba Hydro system security and reliability.

• Keep abreast of cybersecurity developments outside of MH: Research, analyze and provide relevant and actionable