Apply now »
Date:  Sep 27, 2024
Location: 

Calgary, AB, CA

Company:  TransAlta
Job Type:  Full time - Salaried
Work Arrangement:  Hybrid

WHO WE ARE

 

“Energizing the Future.”

 

TransAlta owns, operates, and develops a diverse fleet of electrical generation assets in Canada, the United States and Australia, providing municipalities, industries, and businesses with safe, low-cost, and reliable clean electricity. For over 111 years, TransAlta has been a responsible operator and proud community-member where its employees work and live. We are committed to fostering a dynamic, productive, and safe work environment. Our employees contribute to a diverse, open, and transparent culture with clear accountabilities, strong leadership, and challenging opportunities for personal career growth.

 

For more information about TransAlta, visit our website at, www.transalta.com.

 

ABOUT THE ROLE

 

This OT Cybersecurity Specialist role, reporting to the Manager, Cybersecurity and Risk Management, plays a critical role in the development, implementation, and operation of a comprehensive IT/OT cybersecurity program. This position requires expertise in managing OT cyber asset management solutions, security logging and monitoring systems, patch and vulnerability management, secure baseline and hardening, and backup & recovery technologies in OT settings. The ideal candidate will also be adept at integrating and operationalizing these systems and processes to ensure the security and resilience of our OT infrastructure.

 

WHAT YOU WILL DO

 

Cybersecurity Governance, Risk Management, and Compliance

 

  • Serve as an OT cybersecurity generalist and Subject Matter Expert (SME) by providing expertise and understanding of all aspects of the Cybersecurity Governance and Risk Management landscape (Including specific expertise around Supply Chain Risk Management).
  • Assist with the development and implementation of TransAlta’s IT/OT Cybersecurity program, strategy, and roadmap, in alignment with industry standard frameworks. (e.g., NIST CSF, CIS Controls) and business objectives.
  • Assist in the development and maintenance of corporate cybersecurity policies, standards, and procedures.
  • Support the risk evaluation and monitoring of third-party vendors by reviewing the appropriate governance and security controls, maintaining the documentation, and reporting risks or concerns to stakeholders.
  • Monitor, maintain, and ensure continuous improvement of the effectiveness of controls associated with TransAlta’s assets. 
  • Proactively understand, assess, and document key cybersecurity risks and implement relevant controls to mitigate identified risks.
  • Assist in establishing plans and protocols to protect TransAlta information and information systems against cyber threats and attacks.
  • Participate in the assessment, identification, recommendation, and assist in the implementation of appropriate cyber security countermeasures, as well as the coordination and participation in internal and external security audits.
  • Assist in cloud and third-party vendor security risk assessments as part of supply chain procurement and services risk management.
  • Develop and maintain positive relationships, instilling confidence and rapport with business stakeholders, IT/OT operations, and external vendors.

 

Cybersecurity Operations and Monitoring

 

  • Work with the CyberSOC team to monitor Threat Intelligence feeds, news, and indicators of compromise, providing advisory on risk treatment and response actions.
  • Work with internal and external stakeholders/customers to implement security initiatives and provide security advisory on different projects.
  • Assist in cybersecurity incident response activities as part of the incident management plan.
  • Assist in our cybersecurity training and awareness campaigns across the business, while developing new and innovative ways to improve the overall security awareness program.
  • Participate in ongoing internal and external audits and coordinate required compliance (e.g., NERC-CIP / ARS) activities along with evidence collection.
  • Assist in the development and maintenance of cyber security metrics and Key Performance Indicators to demonstrate the progress and value proposition of cybersecurity.
  • Participate in the enterprise patch and vulnerability management process to ensure security patches and vulnerabilities identified within the organization, are appropriately managed and treated.
  • Participate in the performance of technical vulnerability scanning, assessments, analysis and assist in the determination of risk treatment options in collaboration with the patch and vulnerability management team.
  • Participate in all reasonable work activities as may be deemed suitable and assigned by management.

 

WHAT WE NEED FROM YOU

 

  • Minimum of bachelor’s degree in the field of Computer Science, Computer Information Systems, Information Systems Security Management, or Computer Engineering.
  • Minimum of 5-7 years of cybersecurity experience, with 3-5 years in OT cybersecurity and risk management.
  • A minimum of one or more of the following security certifications: CISSP, CISM, relevant GIAC certifications (e.g., GICSP, GRID).
  • Experience with IT/Cybersecurity governance and risk management frameworks and threat assessment methodologies (e.g., NIST CSF, NERC-CIP, CIS Controls).
  • Experience with C-SCRM frameworks and practices is an asset (e.g., NIST SP 800-161 Rev. 1).
  • Strong understanding and technical IT knowledge, with foundational cyber risk, compliance, and ability to define and operationalize cybersecurity processes.
  • Proficiency in key IT/OT technologies and protocols, including TLS, SSH, HTTPS, SD-WAN, VLANs, Zero Trust Architecture, SSO, MFA, and VPNs.
  • Ability to weigh business needs against risk concerns and articulate issues to management.
  • Proficient problem solving, organizational, and time management skills.
  • Effective communication, interpersonal, and work relationship management skills.

 

Nice to Haves 

 

  • Any ISA certifications
  • Foundational knowledge of regulatory and compliance requirements (e.g., Privacy, NERC-CIP / ARS)
  • Knowledge and experience with Security Training & Awareness, SIEM, CASB, Azure Security, and Asset management tools (e.g., KnowBe4, Azure Sentinel, Defender XDR, Verve)
  • Familiarity or experience with adversarial tactics and techniques

 

Become part of our TransAlta team today! We look forward to reviewing your application. All applications will be reviewed in a timely manner to the best of our abilities. We appreciate your patience and understanding during the recruitment process.

 

Our Commitment to Equity, Diversity, and Inclusion

 

It is our collective mission to ensure that every single employee feels a sense of inclusion and belonging and can show up to work as their true authentic self. TransAlta is committed to hiring a diverse workforce including women, Indigenous Peoples, persons with disabilities, members of visible minorities, and members of the LGBTQ2+ community. TransAlta believes that diversity enhances the quality of its performance, is an essential element to effective corporate governance, and cultivates a strong workplace culture.

Apply now »