Apply now »
Date:  Sep 27, 2024
Location: 

Calgary, AB, CA

Company:  TransAlta
Job Type:  Full time - Salaried
Work Arrangement:  Hybrid

WHO WE ARE

 

“Energizing the Future.”

 

TransAlta owns, operates, and develops a diverse fleet of electrical generation assets in Canada, the United States and Australia, providing municipalities, industries, and businesses with safe, low-cost, and reliable clean electricity. For over 111 years, TransAlta has been a responsible operator and proud community-member where its employees work and live. We are committed to fostering a dynamic, productive, and safe work environment. Our employees contribute to a diverse, open, and transparent culture with clear accountabilities, strong leadership, and challenging opportunities for personal career growth.

 

For more information about TransAlta, visit our website at, www.transalta.com.

 

ABOUT THE ROLE

 

We are looking to hire a Cybersecurity Specialist to join our Cybersecurity and Risk Management team at TransAlta! As the Cybersecurity Specialist, you will work closely with the IT and OT teams and other stakeholders across the business. You will be responsible for sustaining and enhancing the cybersecurity and risk management program to help improve the overall security posture at TransAlta. The ideal candidate must be highly motivated and eager to learn and grow their knowledge, expertise, and capabilities.

 

WHAT YOU WILL DO

 

Cybersecurity Governance, Risk Management, and Compliance

 

  • Serve as an IT and OT cybersecurity generalist and Subject Matter Expert (SME) by providing expertise and understanding of all aspects of the Cybersecurity Governance and Risk Management landscape (Including specific expertise around Supply Chain Risk Management).
  • Assist with the development and implementation of TransAlta’s IT and Cybersecurity program, strategy, and roadmap, in alignment with industry standard frameworks. (e.g., NIST CSF, CIS Controls) and business objectives.
  • Assist in the development and maintenance of corporate cybersecurity policies, standards, and procedures.
  • Support the risk evaluation and monitoring of third-party vendors by reviewing the appropriate governance and security controls, maintaining the documentation, and reporting risks or concerns to stakeholders.
  • Monitor, maintain, and ensure continuous improvement of the effectiveness of controls associated with TransAlta’s assets. 
  • Proactively understand, assess, and document key cybersecurity risks and implement relevant controls to mitigate identified risks.
  • Assist in establishing plans and protocols to protect TransAlta information and information systems against cyber threats and attacks.
  • Participate in the assessment, identification, recommendation, and assist in the implementation of appropriate cyber security countermeasures, as well as the coordination and participation in internal and external security audits.
  • Assist in cloud and third-party vendor security risk assessments as part of supply chain procurement and services risk management.
  • Develop and maintain positive relationships, instilling confidence and rapport with business stakeholders, IT/OT operations, and external vendors.

 

Cybersecurity Operations and Monitoring

 

  • Work with the CyberSOC team to monitor Threat Intelligence feeds, news, and indicators of compromise, providing advisory on risk treatment and response actions.
  • Work with internal and external stakeholders/customers to implement security initiatives and provide security advisory on different projects.
  • Assist in cybersecurity incident response activities as part of the incident management plan.
  • Assist in the management and enhancement of our cloud security services and infrastructure. (e.g., Microsoft 365, Azure).
  • Run cybersecurity training and awareness campaigns across the business, while developing new and innovative ways to improve the overall security awareness program.
  • Participate in ongoing internal and external audits and coordinate required compliance activities along with evidence collection.
  • Assist in the development and maintenance of cyber security metrics and Key Performance Indicators to demonstrate the progress and value proposition of cyber security.
  • Participate in the enterprise patch and vulnerability management process to ensure security patches and vulnerabilities identified within the organization, are appropriately managed and treated.
  • Participate in the performance of technical vulnerability scanning, assessments, analysis and assist in the determination of risk treatment options in collaboration with the patch and vulnerability management team.
  • Participate in all reasonable work activities as may be deemed suitable and assigned by management.

 

WHAT WE NEED FROM YOU

 

  • Minimum of bachelor’s degree in the field of Computer Science, Computer Information Systems, Information Systems Security Management, or Computer Engineering.
  • Minimum of 5-7 years IT experience, with 3-5 years in Cybersecurity and Risk Management.
  • Minimum one or more of the following security certifications: ISC2-CISSP, ISACA CISM, CISA, SANS GSEC, Microsoft infrastructure and/or security certifications, OSCP etc.
  • Experience with IT/Cybersecurity governance and risk management frameworks and threat assessment methodologies (e.g., NIST CSF, NERC-CIP, CIS Controls).
  • Experience with C-SCRM frameworks and practices is an asset (e.g., NIST SP 800-161 Rev. 1).
  • Strong understanding and technical IT knowledge, with foundational cyber risk, compliance, and ability to define and operationalize cybersecurity processes.
  • Proficiency in key IT/OT technologies and protocols, including TLS, SSH, HTTPS, SD-WAN, VLANs, Zero Trust Architecture, SSO, MFA, and VPNs.
  • Ability to weigh business needs against risk concerns and articulate issues to management.
  • Strong problem solving, organizational, and time management skills.
  • Effective communication, interpersonal, and relationship management skills.

 

Nice to Haves 

 

  • Experience with cloud services and performing cloud security risk assessments.
  • Foundational knowledge of regulatory and compliance requirements (e.g., Privacy, NERC-CIP, SOX).
  • Knowledge and experience with Security Training & Awareness, SIEM, CASB, Azure Security tools (e.g., KnowBe4, Azure Sentinel, Defender XDR).
  • Experience in an OT (Operations Technology) environment.
  • Familiarity or experience with adversarial tactics and techniques (e.g., MITRE ATT&CK®).

 

Become part of our TransAlta team today! We look forward to reviewing your application. All applications will be reviewed in a timely manner to the best of our abilities. We appreciate your patience and understanding during the recruitment process.

 

Our Commitment to Equity, Diversity, and Inclusion

 

It is our collective mission to ensure that every single employee feels a sense of inclusion and belonging and can show up to work as their true authentic self. TransAlta is committed to hiring a diverse workforce including women, Indigenous Peoples, persons with disabilities, members of visible minorities, and members of the LGBTQ2+ community. TransAlta believes that diversity enhances the quality of its performance, is an essential element to effective corporate governance, and cultivates a strong workplace culture.

Apply now »