Share this Job

IT/OT Governance Risk Compliance (GRC) Analyst - Regulatory Analyst


Toronto, ON, CA, M5G 1X6

Req ID:  20601




Status: Regular Full Time

Education Level: Bachelor’s degree in information technology or other related fields including computer science, or engineering (electrical, IT, Cyber Security and Networking).

Location: Toronto

Travel: 10%

Deadline to Apply: October 28, 2020


BE THE GENERATION to challenge and change.

At OPG, our values are our strengths. They are fundamental truths about us that don’t change. Safety. Integrity. Excellence. People and Citizenship.  We operate a diverse portfolio of generation assets including nuclear, hydroelectric, biomass and solar, and offer challenging and unique work opportunities. BE THE GENERATION to power tomorrow.


Job Overview

Ontario Power Generation Inc. (OPG) is looking for one (1) results-oriented professional to join our team in a full-time, permanent role of IT/OT Governance Risk Compliance (GRC) Analyst – Regulatory Analyst in our Toronto location.

The Regulatory Analyst is responsible for policy development, interpretation, implementation, monitoring, training and awareness, and compliance assessment/assurance related to OPG’s cyber security program for its operational technology (OT) assets within the North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) cyber security compliance framework.  This framework ensures the continuing reliability of the North American-wide critical interconnected electrical grid.


Reporting position: The Regulatory Analyst position is within OPG’s Regulatory Affairs Department, who along with the CIO and Cyber Security lines of business, also report to OPG’s CIP Senior Manager.


Key Accountabilities

  • Lead the company-wide NERC CIP cyber security compliance program by developing and implementing effective policies related to protected OT assets.
  • Maintain in-depth knowledge of regulatory cyber security requirements by participating in industry committees, working groups, and conferences, and develop communication plans to keep internal stakeholders informed of new and/or modified requirements.
  • Provide interpretation and analysis of regulatory cyber security requirements, including NERC CIP, to internal stakeholders.
  • Monitor, track, and trend OPG’s NERC CIP compliance posture using assessments, processes, and software tools as required.  Track and trend actions and timelines associated with outcomes of issues.
  • Assess and make programmatic recommendations to management to ensure OT activities, processes, and procedures within other company departments meet defined internal policies and NERC CIP standards.
  • Work with the CIO in assessing computer and OT hardware, software, and networking systems and make recommendations to the CIO and operations staff for compliance with NERC CIP standards.
  • Develop strategies and material (including coordinating and facilitating working group meetings) to address awareness and training of OPG’s NERC CIP cyber security program for all internal stakeholders.
  • Coordinate and facilitate security assessments and audits with Internal Audit, outside consultants, and regulatory enforcement agencies.  Track all related audits including scope of audits and timelines, and assist with preparation and submission of evidence and other related audit documentation.  Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships and provide guidance, evaluation and advocacy on audit responses.  Keep management and appropriate lines of business aware of proceedings throughout the audit.



  • Bachelor’s degree in information technology or other related fields including computer science, or engineering (electrical, IT, Cyber Security and Networking).
  • Information security related training or certifications such as CISSP or CRISC is considered an asset



  • 6+ years of advanced IT/OT skills with high level of cyber security experience and expertise.
  • Knowledge of IT/OT security risk management frameworks and compliance practices.
  • Knowledge of securing network technologies, including client and server operating systems, and industrial process control equipment/systems.
  • Understanding of regulations relating to NERC CIP standards.
  • Excellent interpersonal, communication, and presentation skills, including formal report writing experience.
  • Must have a strong customer service mindset and the ability to project that attitude to internal stakeholders within other lines of business.
  • Ability to develop cyber security policies and guidelines based on regulatory requirements, best practices and industry standards.
  • Experience or Familiarity with cyber security auditing processes


The successful candidate will exhibit uncompromising integrity and commitment to upholding corporate values, and the OPG Code of Business Conduct.



As Ontario’s largest clean energy generator, Ontario Power Generation (OPG) offers an exciting combination of challenging opportunities and career diversity in a work environment where safety is a fundamental value. Being an OPG employee means you can apply your knowledge, broaden your skills and make a valuable contribution to an organization that is vital to Ontario's success.


At OPG our values are our strengths.  They are fundamental truths about our organization that don’t change.  Safety. Integrity. Excellence. People and Citizenship.  


Here's why OPG might just be the ideal workplace for you:

  • Exceptional range of opportunities province-wide
  • Long-term career growth and development opportunities
  • Electricity is vital to the province


If you are looking to learn from others and be part of something important, and you are excited about the future of power generation, you will find the right fit at OPG.


Our promise to you

  • We care about the safety and the well-being of our employees. It is our utmost priority.
  • A supportive work environment where you can be your best every day.
  • Opportunities to stretch and develop in our diverse lines of business.
  • Provide spaces for innovative thinking and solutions,
  • Offer different ways for you to give back to communities where we operate.
  • We support employment equity and diversity.




Please submit your application online at by 11:59 PM E.S.T., October 28, 2020. OPG thanks all those who apply; however, only candidates considered for an interview will be contacted.



OPG is committed to fostering an inclusive, equitable, and accessible environment where all employees feel valued, respected, and supported. If you require accommodation during the application or interview process, please advise us as soon as possible so appropriate arrangements can be made. If you require technical support in a format that is accessible to you, please contact