Share this Job

Cyber Security Specialist

Apply now »

Date: Jul 8, 2019

Location: Calgary, AB, CA

Company: TransAlta

Powering Possibilities …for Today & Tomorrow!

A leader in sustainable energy, TransAlta has over 100 years of experience generating power and is one of Canada’s top 50 Socially Responsible Companies since 2009, recognized as a global leader for sustainability and corporate responsibility standards. TransAlta operates 75 facilities in three countries; Australia, Canada, and United States.

TransAlta is committed to fostering a dynamic, productive and safe work environment. Our employees contribute to a diverse, open, and transparent culture with clear accountability, strong leadership and challenging opportunities for personal career growth.

Summary:
The Cyber Security and Risk Management Specialist role is a critical position within TransAlta’s Information Security team and is responsible for TransAlta’s Cyber Security Governance and Risk Management programs. Working closely with the IT team and other stakeholders across the business, the role will be responsible for building upon and enhancing existing cyber security governance and risk management programs, to help improve the overall security posture at TransAlta. 

 

The role drives the cyber security risk identification, risk analysis and risk management efforts for various Information Services, Systems, and Processes across the business. Additionally, the role has responsibility for providing leadership, guidance and direction for TransAlta’s cyber security incident management program.

Accountabilities:

  • Serve as a Subject Matter Expert (SME) by providing expertise and understanding of all aspects of the Information Security Governance and Risk Management landscape
  • Assists with the development and implementation of TransAlta’s IT and Cyber Security Strategy and roadmap.
  • Monitor, maintain and ensure continuous improvement of the effectiveness of controls associated with TransAlta’s information assets 
  • Proactively understand, assess and document key IT security risks and implement relevant controls to mitigate identified risks
  • Establish plans and protocols to protect TransAlta information and information systems against unauthorized access, modification and/or destruction
  • Define, implement and maintain corporate security policies and standards
  • Interacts with IT and business stakeholders to understand risks to critical infrastructure by defining potential business impact with the responsibility to apply effective mitigation strategies.
  • Provide leadership to the team responsible for detecting and minimizing the impact of security breaches to the business
  • Perform vulnerability assessment, risk analyses and security assessments
  • Perform cloud security risk assessment as part of cloud services adoption initiatives
  • Coordinate internal and external security audits
  • Coordinate cyber security incident response activities (including root cause analysis) in line with the incident management plan
  • Anticipate security alerts, incidents and disasters and minimize their likelihood of occurrence
  • Identify, recommend and help implement appropriate cyber security tools and countermeasures
  • Oversee the development and delivery of all security training and awareness campaigns across the business, while also monitoring and improving the overall Security Awareness Program 
  • Work with external vendors when required to implement security initiatives
  • Work to implement and upgrade security measures, recommend third party tools, maintain data and monitor security access
  • Work to reduce security threats and manage numerous other security related projects and initiatives
  • Threat Intelligence – Getting the info, analyzing and recommending actions to address any identified risks to the business
  • Work with local law enforcement and other internal and external stakeholders as may be required for incident response
  • Lead compliance testing and risk assessments within established control areas under various compliance programs that may include but not be limited to Sarbanes Oxley (SOX), NERC CIP, Health Insurance Portability and Accountability Act (HIPAA), and other assessments
  • Evaluate compliance with regulatory controls, adopted frameworks such as COBIT, NIST Cybersecurity Frameworks and ISO 27002
  • Support the risk evaluation and monitoring of Third-Party vendors by reviewing the appropriate governance and security controls, maintaining the documentation and reporting risks or concerns to stakeholders
  • Assist in preparation of control test-work instructions and plans
  • Perform the necessary quality checks on the artifacts and evidences received during the controls assessment to ensure their completeness and accuracy
  • Identify compliance issues and their root causes for review by manager
  • Prepare routine, formal written reports to communicate compliance assessment results to management, and make recommendations as appropriate
  • Develop and maintain positive relationships with customers and stakeholders
  • Conduct trainings as deemed necessary for ensuring the success of compliance programs
  • Collaborate with internal audit and external audit agencies to coordinate required compliance activities
  • Ensure an ongoing maintenance of the system of records, artifacts and work-papers used during compliance assessments
  • Participate in all reasonable work activities as may be deemed suitable and assigned by management
  • Provide technical guidance and coaching to less experienced staff

 

Qualifications:

  • Minimum of Bachelor’s degree in the field of Computer Science, Computer Information Systems, Information Systems Security Management, or Computer Engineering
  • Minimum of 5-10 years IT experience, with 4+ years in IT Security Governance and Risk Management
  • Certifications in one or more of the following: SANS GIAC courses, CEH, CISSP, OSCP, CISM, CISA, or tool-specific certifications
  • Experience with IT/Cyber security governance and risk management techniques and threat assessment methodologies 
  • Strong understanding and technical knowledge of risk, compliance and ability to define and operationalize cybersecurity processes
  • Experience with cloud services and performing cloud security risk assessments
  • Demonstrated strong management skills and the ability to develop, mentor and coach others 
  • Ability to weigh business needs against risk concerns and articulate issues to management 
  • Strong problem solving, organizational, and project management skills 
  • Effective communication, interpersonal, and relationship management skills 
  • Experience with or certification in use of GRC tools is a plus 
  • Knowledge of regulatory and compliance requirements including ISO 27002, and Sarbanes-Oxley. 
  • Knowledge of and use of SIEM tools (e.g. Splunk) a plus


Our comprehensive and flexible benefits, competitive compensation, incentive and rewards programs form the foundation of TransAlta’s excellent employment proposition.

Come on board!

Our commitment is to attract and retain the best talent. This position requires the successful completion of one or more background checks such as criminal, medical, or compliance.