Get Into Energy Jobs

Job Information

Liberty Utilities Senior Analyst, IT Security and Controls (Contract) in Oakville, Ontario

Senior Analyst, IT Security and Controls (Contract)


Title:Senior Analyst, IT Security and Controls (Contract)


Subsidiary:Liberty Utilities

Department:Corporate IT

Location:Oakville, ON


Zip/Postal Code:L6J 2X1


Our vision is to be the utility company most admired by customers, communities and investors for our people, passion and performance.

Length of Assignment: 12 Months


The Senior IT Security and Controls Analyst plays a pivotal role in ensuring the enterprise’s compliance with the Sarbanes-Oxley Act/Bill 198 (SarbOx) as well as other regulatory requirements such as NERC CIPS and PCI DSS. This individual is responsible for testing, detailing, evaluating, remediating, and improving internal controls over financial reporting and systems security policies for effectiveness and operational efficiency. The Senior IT Security and Controls Analyst will fulfill these duties by collaborating with internal and external audit teams, IT management, corporate customers, consultants, and other partners to ensure compliance with internal and external requirements are met. Strong knowledge of governance frameworks is essential for this position.


Strategy & Planning

  • Review existing documentation of IT controls, business processes, policies, procedures, and management reports for efficiency and sustainability. Update existing documentation where required and communicate updates to required parties.

  • Draft new workflows, including impact statements on how revised processes shall be incorporated into daily tasks.

Operational Management

  • Review, document, evaluate, and test manual and automated IT controls throughout the corporate IT environment, including server, application, operations, middleware, and client-side.

  • Develop and implement testing methodologies for application development, IT infrastructure, IT operations, IT security, and availability.

  • Design and execute compliance tests of operating efficiency for IT systems and internal controls that address risk; coordinate required remediation.

  • Conduct risk assessments on business and operational processes, procedures, and policies.

  • Interpret audit results and make conclusions on the adequacy and reliability of controls; prepare and present reports as necessary.

  • Prioritize control projects based on severity of risk and non-compliance.

  • Communicate control strengths and weaknesses to internal audit; collaborate with internal audit to develop mitigation plans.

  • Apply COBIT, COSO, ITIL, ISO 27001, or NIST RMF frameworks to all documentation and remediation efforts.

  • Strong knowledge and experience to SOX

  • Design and perform reengineering of processes and procedures in need of remediation along with the responsible management identified.

  • Conduct gap analysis via testing and recommend specific actions to fix gaps in processes and/or process management.

  • Design improvement for internal controls such as segregation of duties, production change management, software management, security, incident handling, and transmission integrity.

  • Assist the internal audit team in delivering requests from external auditors and consultants.

  • Liaise with external auditors to facilitate the auditing process.

  • Design audit programs to ensure ongoing evaluation and validation of IT control efficiency.

Education & Experience

  • Minimum Bachelor’s degree in accounting, finance, or information technology; or equivalent experience.

  • Professional accounting designation (CA/CPA/CMA/CGA) preferred.

  • Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP) designations preferred.

  • At least 5 years of internal audit experience or prior work experience with a Big 4 consulting/auditing firm (PricewaterhouseCoopers, Deloitte, Ernst & Young, or KPMG)

Other Requirements

  • Strong familiarity with governance and controls frameworks, such as COBIT, COSO, ITIL, ISO 27001 and NIST RMF.

  • Direct knowledge of and exposure to SarbOx requirements, especially Sections 302, 404, and 409.

  • Demonstrable experience in testing, evaluating, and detailing controls for compliance.

  • Demonstrable understanding of assessing and crafting internal controls in an enterprise-level environment.

  • Expertise with flowcharting software tools (e.g. Visio).

  • Solid project management skills.

  • Solid IT change management and organizational skills.

  • Strong communication skills

  • PC skills and hands-on experience building tools and presentations with Microsoft Word, Excel, PowerPoint, Project, and Access.

  • Knowledge of scripting language and software automation is helpful.

  • Experience with Governance, Risk and Compliance management solutions is preferred.

  • Solid experience in testing, evaluating, and documenting controls for compliance.

  • Solid understanding of assessing and designing internal controls in an enterprise-level environment.

  • Experience with Identity Access Management solution implementation

What we offer

  • Collaborative environment with a genuine flexible working policy

  • Free refreshments

  • Free parking, including free electrical charging

Algonquin Power & Utilities Corp is a North American diversified generation, transmission and distribution utility with $10+ billion of total assets. (APUC) delivers continuing growth through an expanding pipeline of renewable energy development projects, organic growth within its regulated distribution and transmission businesses, and the pursuit of accretive acquisitions.

The distribution business group (Liberty Utilities) provides rate regulated water, electricity and natural gas utility services to over 750,000+ customers in the United States. The transmission business group invests in rate regulated electric transmission and natural gas pipeline systems in the United States and Canada.

The generation business group (Liberty Power, formerly known as Algonquin Power) owns a portfolio of regulated and long term contracted North American based wind, solar, hydroelectric and thermal powered generating facilities representing more than 1.5+ GW of installed capacity.

We are focused on building a diverse and inclusive workforce. If you are excited about this role, and are not certain you meet the all the qualification requirements, we encourage you to apply to further investigate the opportunity.

We are an equal opportunity employer and value each person’s unique background, diversity, experiences, perspectives and talents. Full participation of all employees in a safe, healthy and respectful environment is key to individual and company success. We are committed to fully utilizing the abilities of all of our employees and expect each of our employees to honor this commitment in their daily responsibilities.

As part of our commitment, we work to ensure our application process is accessible to all candidates. If you require special assistance or accommodation during the hiring process, please notify the Talent Acquisition Team.