Apply now »

VP, Cyber & IT Security

Location: 

Pickering, ON, CA, L1W 3J2

Req ID:  46570

Status: Full Time, Permanent

Education Level: Bachelor’s degree in Computer Science, Engineering, Mathematics, Statistics or related field, or equivalent work experience.

Location(s): Pickering, On

Shifts(s): Days

Travel: Yes 25% - As required

Deadline to Apply: May 2, 2024

 

Electrify your career and help build a brighter tomorrow. 

 

Every generation has a challenge that defines them. At OPG, we are calling on all innovators, disruptors, thought leaders and change-makers. Join us to electrify life in one generation and build a sustainable future powered by our electricity, our ideas, and our people. Join OPG and make history. 

 

Whether you work in the skilled trades or are a business professional, a career at OPG is an opportunity to electrify your life on -- and off -- the job. 

 

ACCOMMODATIONS 

 

OPG is committed to fostering an inclusive, equitable, and accessible environment where all employees feel valued, respected, and supported. If you require accommodation during the application or interview process, please advise us as soon as possible so appropriate arrangements can be made. 

 

If you require information in a format that is accessible to you, please contact AODA@opg.com 

 

NEW CAMPUS: This position is moving to OPG Corporate Headquarters: In Summer 2025, OPG will officially welcome employees to our new Corporate Headquarters located at 1908 Colonel Sam Drive, Oshawa, Ontario. This new space will enable teamwork, collaboration and innovation that will help us to achieve our mission to electrify life in one generation

 

BE THE GENERATION to help build a brighter tomorrow.

 

JOB OVERVIEW

 

Reporting to the Chief Information Officer (CIO), the Vice President of Cyber Security is accountable for providing strategic leadership in safeguarding OPG's information assets across its digital ecosystem. The VP of Cyber Security will oversee the establishment and maintenance of robust cyber security programs encompassing both Information Technology (IT) and Operational Technology (OT), ensuring alignment with business objectives while mitigating risks.

 

The VP position requires a visionary leader with sound knowledge of business management and a working knowledge of cybersecurity technologies covering the business (IT) and Real Time / Process control / Operational Technology (OT) systems areas. The VP will proactively work with the CIO, IT/OT organizations (Nuclear and Renewable Generation (RG)), and Line of Business representatives to implement practices that meet agreed-on policies and standards for information security, while ensuring that OPG maintains a corporate cyber security vision. Working with these teams, Information Management (IM), Enterprise Risk Management, Security & Emergency Services (SES), Legal, Regulatory Affairs and others, the VP will solicit their involvement in achieving higher levels of enterprise cyber security. The VP should understand IT and must oversee a variety of cybersecurity and risk management activities related to IT to ensure the achievement of business outcomes where the business process is dependent on technology.

 

 

KEY ACCOUNTABILITIES 

 

  • The VP of Cyber and IT Security should understand and articulate the impact of cybersecurity on the organization and be able to communicate this to the OPG Board of Directors and other senior stakeholders (including ELT, provincial and federal government agencies, key energy industry stakeholders, committees and vendors and partners). He or she serves as the process owner of the appropriate second-line assurance activities not only related to confidentiality, integrity, and availability, but also to the safety, privacy and recovery of information owned or processed by the business in compliance with regulatory requirements. The VP understands that securing information assets and associated technology, applications, systems, and processes in the wider ecosystem in which the organization operates is as important as protecting information within the organization's perimeter. A key element of the VP’s role is working with Enterprise Risk Management and executive management to determine acceptable levels of risk for the organization.
  • Strategy, Governance & Planning:
  • Lead the information security division and act as the senior advisor to the organization to provide the overall corporate strategy with respect to cyber security for IT and OT.
  • Develop an information security vision and strategy that is aligned to organizational priorities and enables and facilitates the organization's business objectives, and ensure senior stakeholder buy-in and mandate.
  • Develop, implement, and monitor a strategic, comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy, and recovery of information assets owned, controlled or/and processed by the organization. This strategy must appropriately manage the risks associated in cyber-IT/OT while balancing fiscal responsibility.
  • Provide regular reporting on the status of the information security program to enterprise risk teams, senior business leaders and the board of directors as a key component of the strategic enterprise risk management program, thus supporting business outcomes.
  • Ensure the consistent application of IT security policies and standards across all technology projects, systems, and services, including privacy, risk management, compliance, and business continuity.
  • Create and manage a targeted information security awareness training program for all employees, contractors, and approved system users, and establish metrics to measure the effectiveness of this security training program for the different audiences.
  • Create and maintain the enterprise's cyber security documents (policies, standards, baselines, guidelines, and procedures) that meet or exceed regulatory and compliance requirements.
  • Create, maintain and assist in the execution of the enterprise's Business Continuity Plan and Disaster Recovery Plan, where appropriate.
  • Create and maintain the IT Emergency Response Plan and Governance, where appropriate.
  • Liaise with Supply Chain to ensure that information security requirements are included in vendor contracts.
  • Operational Management & Regulatory Compliance:
  • Keep abreast of developments in the areas of legal, regulatory, market, corporate requirements, technology developments and best practices in the IT/OT cyber security field. Ensure that OPG is compliant with regulation changes by analyzing and providing advice on cyber security related impacts of system changes.
  • Provide organizational ownership of Nuclear cyber security governance and program execution activities for Nuclear Business and Real-Time Process Control systems, including CNSC regulatory compliance on CSA N290.7-X compliance.
  • Provide organizational ownership of RG cyber security program execution activities, including reporting to Regulatory Affairs on NERC CIP compliance.
  • Provide executive level reporting on RG and Nuclear cyber security performance.
  • Ensure the confidentiality, integrity and availability of the data residing on or transmitted to/from/through enterprise workstations, servers, and other systems and in databases and other data repositories.
  • Supervise all investigations into problematic activity and provide on-going communication with senior management.
  • Supervise the design and execution of vulnerability assessments, penetration tests and security audits for IT and OT systems.
  • Coordinate Cyber Security's involvement in all matters related to Cyber Security governance.
  • Understand and communicate the impact of changes to Cyber Security postures, decisions, and strategies on the company's cyber security position to the company's executives and Board.
  • Represent OPG's interest on various external committees as it applies to IT and OT security.
  • Work with internal and external audit groups to ensure compliance of the business units with Cyber Security policy and standards.
  • Act as the approval authority for all changes to the Cyber Security policies, standards and procedures.
  • Provide specialized services to other business units in terms of forensic analysis of technology resources in support of investigations of alleged or potential breaches by staff and/or external groups or individuals.
  • Develop and manage an up-to-date information security management framework such as but not limited to: International Organization for Standardization (ISO) 2700X, ITIL, ISA-62443, COBIT/Risk IT and National Institute of Standards and Technology (NIST) Cybersecurity Framework, NERC CIP, CSA N290.7-X to integrate and normalize the varied and shifting requirements resulting from global laws, standards, and regulations.
  • Develop and maintain a document framework of continuously up-to-date OPG information security policies, standards and guidelines. Oversee the approval and publication of these information security policies and practices.
  • In collaboration with Information Management and Data Governance teams, create a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection of information assets.
  • Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the information security, and review it with stakeholders at the executive and Board levels.
  • Build the Network and Communicate the Vision
  • Provide input for the IT section of the company's Code of Business Conduct.
  • Create the necessary internal networks among the information security team and line-of-business executives, regulatory affairs, audit, physical security, legal and HR management teams to ensure alignment as required.
  • Build and nurture external networks consisting of industry peers, ecosystem partners, vendors and other relevant parties to address common trends, findings, incidents and cybersecurity risks.
  • Liaise with external agencies, such as law enforcement and other advisory bodies, as necessary, to ensure that the organization maintains a strong security posture and is kept well-abreast of the relevant threats identified by these agencies.
  • Liaise with the Enterprise Architecture team to build alignment between the security and enterprise (reference) architectures, thus ensuring that information security requirements are implicit in these architectures and security is built in by design.
  • Acquisition & Deployment:
  • Maintain up-to-date knowledge of the IT/OT cyber security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.
  • Select and recommend additional cyber security solutions or enhancements to existing solutions to improve overall enterprise cyber security as per the enterprise's existing procurement processes.
  • Oversee the deployment, integration, and initial configuration of all new cyber security solutions and of any enhancements to existing solutions in cyber accordance with standard best operating procedures generically and the enterprise's security documents specifically.
  • Manage the Cyber Security division and achieve approved program results by maintaining a team of staff who can produce the outputs required.
  • Be an active member of the CIO leadership team in defining and leading IT in OPG.
  • Determine the information security approach and operating model in consultation with stakeholders and aligned with the risk management approach including compliance monitoring of non-digital risk areas.
  • Set the appropriate context for department staff, other Cyber Security staff assisting the department, and contract employees.
  • Provide leadership to direct staff, other Security staff, third party service providers, and Line of Business representatives so that they collaborate with line management and with each other in pursuing goals.
  • Ensure staff is in compliance with all legal and regulatory requirements, and OPG policies.
  • Manage the budget for the information security function, monitoring and reporting discrepancies.
  • Provide a safe and healthy work environment that supports diversity.
  • Coordinate and lead initiatives within Cyber Security related to human resource practices.

 

EDUCATION

 

  • Bachelor’s degree in Computer Science, Engineering, Mathematics, Statistics or related field, or equivalent work experience

 

QUALIFICATIONS

 

We are seeking an innovative, strategic, and results driven project management leader who has the following:

 

  • 10-15 years of experience in Cyber Security, Information Security, IT Risk Management, Data Protection & Privacy, and Regulatory Compliance.
  • Coordinate critical, sensitive incidents spanning multiple geographies.
  • Supervise the activities of analyst(s) and engineer(s) with responsibility for repeatable quality, and investigative integrity.
  • Expert leader with Cyber Security best practices and current and emerging technology.
  • Outcome focused and drive for results; demonstrated solid judgement with a with proven track record of achieving success.
  • People orientated with strong interpersonal skills, adept at building and maintaining. positive, productive, and collaborative working relationships and partnership.
  • Experience in establishing credibility, confidence and earning trust.
  • Ability to communicate effectively, possess excellent oral and writing skills, and strong facilitation, negotiation, influencing and presentation skills.
  • Proficiency in MS Office (Word, Excel, Access, PowerPoint, Project, and Outlook).

 

The successful candidate will exhibit uncompromising integrity and commitment to upholding corporate values, and the OPG Code of Business Conduct. 

 

What Makes a Career at OPG Different? 

 

As Ontario’s largest clean energy generator, we’re building, expanding, and innovating the equipment and technology that keeps Ontario powered with clean, reliable energy.  

At OPG, our values are our strengths.  They are fundamental truths about our organization that don’t change: 

  

Safety – it’s our business 
Integrity – always lead with integrity 
Excellence – never satisfied with good enough  
Inclusion – working together for powerful outcomes 
Innovation - creativity accelerates possibility. 

 

Here's why OPG might just be the ideal workplace for you: 

  • Exceptional range of opportunities province-wide 
  • Long-term career growth and development opportunities 
  • Electricity is vital to the province and OPG’s clean electricity is helping decarbonize other sectors. 

 

Our promise to you: 

  • We care about the safety and the well-being of our employees. It is our utmost priority. 
  • A supportive work environment where you can be your best every day. 
  • Opportunities to stretch and develop. 
  • Offer different ways for you to give back to communities where we operate. 
  • Partner with Indigenous communities and support local businesses. 
  • We support employment equity, diversity and inclusion. 

 

Are you ready to start a career that has the power to electrify life on and off the job? Apply now. 

 

Period

Apply now »