Senior Information Security Risk Officer


Toronto, ON, CA, M5G 1X6

Req ID:  42353

Status: Regular Full Time 

Working Conditions: Hybrid

Education Level: 4 years of Bachelor/University degree in Engineering, Computer Science, Information Technology or related field.

Location: Toronto, Whitby, or Pickering ON 

Number of Position(s): 2

Travel: less than 10%

Deadline to Apply: June 23rd, 2023


OPG continues to set the bar for environmental protection, community involvement and economic impact—all while safely keeping the lights on. 
Now we’ve set our sights on being a net-zero carbon company by 2040 and a catalyst to help the economies where we operate achieve net-zero by 2050.  

OPG operates a diverse portfolio of generation assets including nuclear, hydroelectric, biomass and solar. We are also a cleantech leader and innovator, offering challenging and unique work opportunities. Help us use our power to change the world.  


NEW CAMPUS: In late 2024, OPG is establishing our new campus at 1908 Colonel Sam Drive, Oshawa, Ontario. The new campus will provide a cutting-edge work environment that fosters collaboration and innovation. 


BE THE GENERATION to help build a brighter tomorrow.



Ontario Power Generation (OPG) is looking for dynamic, strategic and results-driven professionals to join our team in the role of Senior Information Security Risk Officer on our Cyber Security team at our Toronto, ON office.


Reporting to the Section Head, Information Systems, the Senior Information Security Risk Officer is responsible for performing cyber security assessments against industry frameworks, Third party Risk Management, Cyber Risk Management Program, Awareness and Training, oversight of Cyber Governance and Compliance activities, and support Cyber Security Innovation and technical projects.


This is an exciting opportunity to work in an environment where you will contribute to OPG’s public outreach, engagement and education efforts as part of the company’s commitment to growing its social license.


  • Perform policy gap and control assessments against standard Cyber Security frameworks.
  • Review policies, procedures, and processes to recommend enhancements and maintain oversight on Cyber Governance, Risk and Compliance process for IT and OT systems.
  • Ability to work on Big Data, SQL/Mongo DB Database, PowerBI Data Model etc. and analyze & develop executive level reports
  • Assist in developing and maintaining Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) for the Cyber Governance Security Program and initiatives. Provide advisory service to business units on governance, risk, and compliance best practices.
  • Advise OPG subsidiaries to develop sound Cyber Security practices and maturity to reduce risk to the overall OPG brand.
  • Support Cyber Security projects that drive efficiency and effectiveness of cyber security.
  • Represent OPG Cyber Security at external committees and forums.
  • Conduct various risk, control, maturity, and compliance assessments based on established security frameworks including but not limited to NIST CSF, CIS, ISO 27001, ISF, CSA N290.7, NERC-CIP, etc.
  • Meet with business stakeholders to identify top security risks. Evaluate and perform business level cyber risk assessments using established risk methodology and provide recommendations for improving security posture and resolving identified risk and issues.
  • Perform Third party Cyber risk assessments by working with vendors and ensure adherence to Cyber Security Terms and Conditions using a Risk based approach.
  • Assist in maturing the Third-Party Risk Management program by defining security controls based on the risk rating and tiers of the vendors.
  • Develop Security awareness training and assist in conducting phishing simulation campaigns and associated trainings.
  • Work with Cyber Security department and communications team to release security news updates and bulletins related to Cyber Security.
  • Develop and maintain risk registers, risk management framework, risk acceptance forms and maintain GRC tools to provide oversight for the Cyber Security program.
  • Working with Enterprise Risk for performing periodic risk reporting and develop Executive and Board level reports.
  • Support in building committee charters and interfacing with other internal/external stakeholders as part of Governance and Risk Committee meetings.
  • Report on control failures and ensure compliance for the Cyber Security department
  • Work with Internal and External Audit and Regulatory Affairs functions to facilitate information gathering and reporting.
  • Report on program efficiency such as vulnerability/patch management and program health reporting.
  • Other Duties as Required



  • Completed 4-year Bachelor degree in Engineering, Computer Science, Information Technology or related field. 
  • Completed or working towards at least one cyber security certification (i.e., ISC2, ISACA, SANS ICS, ICS-CERT, US-CERT, ISA, CybatiWorks, or other relevant certifications) is considered an asset



  • 6+ years of demonstrated hands-on experience in Cyber Risk, Consulting, and Third-Party Cyber Risk Management.
  • Advanced knowledge of Cyber Security best practices such as network and application security, mobile device security, Identity & Access Management
  • Strong understanding of security concepts and frameworks such as NIST, CIS, COSO, ISO 2700x, CSA N290.7 and NERC-CIP.
  • In-depth understanding of security best practices, risks and technologies, and the solutions to address those risks within the Cyber Security domain.
  • Phishing Simulation and Learning management tool, Python, Data Engineering, Automated Tasks Scheduling etc.
  • Extensive experience with the following information security concepts:
    • Security Operations (Investigations, Threat Hunting, Patching etc.)
    • Business Continuity,
    • Security Architecture,
    • Secure Cloud Architecture,
    • Incident Response,
    • Information Protection,
    • Access Control
  • Demonstrated experience with vulnerability assessments, threat vectors, methodologies, and social engineering techniques to ensure events are categorized correctly and remediated in a timely manner.
  • Knowledge of Information Systems Security Certification Consortium (ISC2), SysAdmin Audit Network and Security (SANS), or Information Systems Audit & Control Association (ISACA), to investigate threats to corporate information technology systems applications, and networks, and assess, evaluate and recommend additions, modifications or replacement.
  • Strong communication and presentation skills. Additional skills in MS SQL Server, Advanced MS Excel, Power BI, Power Automate, Power Apps, GRC tools (Audit board, Archer),
  • Strong communication skills, both oral and written, to prepare reports and communicate effectively with others.
  • Ability to work effectively and efficiently in a flexible hybrid office environment.


The successful candidate will exhibit uncompromising integrity and commitment to upholding corporate values, and the OPG Code of Business Conduct.



As Ontario’s largest clean energy generator, OPG offers an exciting combination of challenging opportunities and career diversity in a fast-paced work environment. Being an OPG employee means you can apply your knowledge, broaden your skills and make a valuable contribution to an organization that is vital to the province’s wellbeing.

At OPG, our values are our strengths.  They are fundamental truths about our organization that don’t change.  Safety. Integrity. Excellence. People and Citizenship.  

Here's why OPG might just be the ideal workplace for you:

  • Exceptional range of opportunities province-wide
  • Long-term career growth and development opportunities
  • Electricity is vital to the province and OPG’s clean electricity is helping decarbonize other sectors.


If you are looking to learn from others and be part of something important, and you are excited about the future of power generation, you will find the right fit at OPG.


Our promise to you:

  • We care about the safety and the well-being of our employees. It is our utmost priority.
  • A supportive work environment where you can be your best every day.
  • Opportunities to stretch and develop.
  • Offer different ways for you to give back to communities where we operate.
  • Partner with Indigenous communities and support local businesses.
  • We support employment equity, diversity and inclusion.



Please submit your application online at by 11:59 PM E.S.T., June 23, 2023.  OPG thanks all those who apply; however, only candidates considered for an interview will be contacted.



OPG is committed to fostering an inclusive, equitable, and accessible environment where all employees feel valued, respected, and supported. If you require accommodation during the application or interview process, please advise us as soon as possible so appropriate arrangements can be made.

If you require information in a format that is accessible to you, please contact