Job Posting Start Date:
2025-04-22
Job Posting End Date:
2025-05-13
At Bruce Power, you’ll experience the meaningful work of advancing Ontario’s clean energy future and medical isotope innovation while contributing to a culture of excellence. Step into an inclusive and dynamic environment that values collaboration, encourages bold ideas and empowers you to make a real difference.
From safely delivering clean, reliable power to families and businesses across the province and cancer-fighting medical isotopes around the world to supporting challenging and innovative nuclear projects like our multi-year Life Extension Program, we offer interesting and impactful opportunities. Ongoing training and development are part of every job, providing constant growth and skill-building potential.
Be a part of the team — our future is bright!
In support of achieving excellence and business results through safe, reliable operations, our Information Security Division is currently hiring for a Cyber & Information Security Specialist.
Our Cyber & Information Security team is dedicated to safeguarding Bruce Power's digital assets and ensuring the security of our information systems. We focus on prevent, detect, and respond capabilities to continuously improve security measures and collaborate across the enterprise to improve the reliability and security of our systems.
The Cyber & Information Security Specialist leads one or more domains in Information Security, collaborating with various business lines to ensure program effectiveness. They maintain expertise as the discipline and associated threats evolve. The specialist participates in best practice entities, sharing and ingesting OPEX, and supports the Chief Information Security Officer in integrating the security domains into a unified company program.
This is a permanent, full-time position which offers a competitive benefits, compensation and pension package and is located on site in Tiverton, Ontario.
Key Responsibilities:
* Support the Chief Information Security Officer (CISO) by providing routine, transparent, and timely reports and presentations on program status, health, key decisions, and risks.
* Stay current with Information Security risk models and contribute to the CISO Threat-Risk Assessment process to identify Information Security gaps at Bruce Power.
* Ensure external and internal audits and inspections are executed against the Information Security program, acting as an expert in audit engagements and addressing gaps through the corrective action process.
* Work with the CISO and stakeholders to establish and monitor information security performance and health measures, including Key Performance Indicators (KPI) for the employee’s area of responsibility.
Act as Subject Matter Expert within a specific designated security area of expertise, including:
* Understand the Bruce Power business model and changing market conditions to effectively assess security area risk.
* Ensure high human performance standards are established and maintained through corrective actions to mitigate the risk of latent Information Security errors.
* Stay conversant with current and emerging information security trends nationally and internationally, developing novel solutions to apply these principles to Bruce Power in a secure yet cost-effective manner.
* Act as a national and international expert, participating in bodies to share OPEX and influence the development of approaches to advance Information Security to meet existing and emerging threats.
* Participate in standard and regulation committees and the consultation process, representing the interests of Bruce Power.
* Act as an expert on relevant information security regulations and standards within Bruce Power, engaging stakeholders to analyze the impact of regulation or standard changes on Bruce Power’s business model and developing novel approaches to implementing practices securely and cost-effectively.
* Oversee internal Information Security continuous improvement activities, including observations, trends, and conducting interviews.
* Coordinate and facilitate routine meetings with oversight and perform function leads/teams to ensure a cohesive and consistent approach to the implementation and continual improvement of the information security discipline program.
* Act as the lead and subject matter expert for the employee’s information security area of focus, providing advice, guidance, and instruction to workers and suppliers on the interpretation and explanation of commensurate information security policies, practices, procedures, and regulations.
* Review and provide expert input on program standards and procedures.
* Provide leadership to Information Security team members in executing Information Security tasks.
* Champion, refine, and develop standards, procedures, and processes for the Cyber & Information Security team
Knowledge and Skills:
* Broad knowledge and understanding of Information Security domains, including Security and Risk Management, Asset Security, Security Architecture and Engineering, Communications and Network Security, Identity and Access Management, Security Assessment and Testing, Security Operations, Software Development Security, and Information Protection.
* Ability to influence leaders and drive change while working across all levels of the organization.
* Excellent analytic, interpersonal, and communication skills to influence and engage colleagues, along with a broad understanding of the businesses they support.
* Familiarity with Bruce Power Managed System methodologies.
* Experience with the following is an asset: SIEM/SOAR platforms, Threat Intelligence and Monitoring platforms, Identity & Access Management, Endpoint Detection & Response, Vulnerability Management; business knowledge of technology and security needs for key business functions including Operations, Maintenance, Engineering, IT, HR, Finance, Projects, Supply Chain; on-premise application infrastructure, Cloud hosting models, implementation and support of commercial off the shelf and custom applications on desktops, servers; and Managed Task / Service contracts
Education and Experience:
* A four-year university degree in a related field such as Computer Science/Information Systems, or a related degree with additional qualifications such as CISSP.
* 8 to 10 years of Information Security experience.
* Experience working with Information Security standards, methodologies, and best practices.
* Proven experience in building strong partnerships with key stakeholders, including managers and staff throughout the business.
* Experience in defining Information Security strategies and approaches to mitigate risks, from prevention through to Incident Response.
* Hands-on experience with Information Security tools.
Are you ready for a change?
Please complete the online application and attach a cover letter and resume, indicating your education and experience as it relates to this opportunity. We look forward to receiving your application and will be in contact with you, should you be selected for an interview.
The successful candidate will be selected based on related and required education, experience, knowledge and skills, a competency-based interview, and background reference checks.
As one of Canada’s Best Diversity Employers, Bruce Power is committed to promoting a culture of diversity, equity and inclusion where workers feel valued for their uniqueness and are recognized for their individual differences, talents and skills. Diversity, equity and inclusion is critical to our business as we recognize that our people are our greatest resource. To support our inclusive workplace culture, we welcome and encourage everyone to apply.
#J-18808-Ljbffr