The Senior Security Specialist will be a leader in the organization whose primary role is to be accountable for the cyber security policies, standards and guidelines that support the overall cyber security strategy. This role will be required to assist in the regular review and updating of the cyber security strategy and vision, incorporating relevant industry trends and information, as well as any internal learning. Reporting to the VP of Integrated Network Operations and Information Services and working closely with the Manager of Netcom, Manager of Physical Security, Director of IT, this individual will take their previous cyber security expertise and leverage their business acumen to mature and refine the cyber processes and implement operational improvements as required. This individual will be required to hire and develop a small security team to assist in the monitoring and assessment of cyber activity. Key to the success of this position will be the continuous improvement of processes for monitoring and the management reporting of appropriate metrics for all cyber incidents The Senior Security Specialist will be required to develop and implement appropriate metrics for key compliance requirements is also essential.
In addition this position will work collaboratively with other Information technology areas of the organization to ensure cyber policies remain effective and followed as future cyber technology is created, updated or retired from the system. Furthermore this role will play a key part in ensuring that application security is considered during all phases of the product lifecycle.
An additional requirement is to serve as a key resource to other team members in the context of information systems security and best practices, keeping an eye to aligning with NERC CIP requirements.
As part of the senior management team, provide leadership role in the continuous improvement of cyber security policies and processes for all AltaLink.
Develops long range cyber security roadmaps for AltaLink that supports the business strategy. Ensures adherence to Architect roadmap for all work within the scope of the corporate, operational and EMS networks
Be a leader and catalyst to evolve AltaLink’s cyber security culture.
Hire and manage a team of security analysis’s within 6 months of starting the role.
Approves vendors to ensure appropriate resources and scope for cyber projects. Engages outside consultants as appropriate for independent security audits or pen tests.
Manage the development and implementation of AltaLink’s NERC CIP program. Including representing AltaLink at any AESO or industry cyber meeting or work groups.
Ensure appropriate skills in team to provide the analysis of any cyber investigation of security breaches and make recommendations for process improvements
Define and manage the implementation of required monitoring, reporting and metrics for cyber security, including compliance.
Ensure the safe, secure and reliability of AltaLink’s networks and applications.
Ensure appropriate cyber training is in place for all required individuals throughout the organization.
Researches and collaborates with the Manager of Netcom to recommend new security technologies..
Develops and manages effective working relationships with other departments, groups .
Maintains external links to other companies in the industry to gain competitive assessments and share information, where appropriate.
Manages all implications of mandated and regulated security requirements such as the Alberta Reliability Standards, C-SOX, and Privacy standards.
Works closely with both internal and external auditors.
Leads and facilitates annual threat and vulnerability assessments.
Minimum of 10-15 years in the information security field, minimum of 8 years as a leader.
BS or BA degree or certification in computer science or related field preferred; or a corresponding number of years of experience in data security.
Certifications relating to the IT security and IT compliance and risk field such as: CISSP, CISM, CGEIT, CRISC would be an asset but not required
Knowledge and experience of:
Alberta Reliability Standards
Ability to understand, and clearly relate to other members of the organization, technical manuals, software specifications, hardware principals of operations, and general methods of systems software operations and security.
Ability to communicate effectively dealing with external suppliers.
Experience in consulting, conducting awareness training and written and oral communication.
Only the candidates being considered for an interview will be contacted. AltaLink - 2 years ago