Get Into Energy Jobs

Job Information

Liberty Utilities Senior Analyst, IT Security and Controls (Contract) in Oakville, Ontario

Senior Analyst, IT Security and Controls (Contract)


Title:Senior Analyst, IT Security and Controls (Contract)


Subsidiary:Liberty Utilities

Department:Corporate IT

Location:Oakville, ON


Zip/Postal Code:L6J 2X1


Our vision is to be the utility company most admired by customers, communities and investors for our people, passion and performance.

Length of Assignment: 12 Months


The Senior IT Security and Controls Analyst plays a pivotal role in defining and executing the enterprise’s cyber security strategy. The cyber security program is provide appropriate security assurance as well as meeting regulatory requirements such as SOX, NERC CIPS and PCI DSS. This individual is responsible for testing, detailing, evaluating, remediating, and improving internal controls and systems security policies for effectiveness and operational efficiency. The Senior IT Security and Controls Analyst will fulfill these duties by collaborating with internal and external audit teams, IT management, corporate customers, consultants, and other partners to ensure compliance with internal and external requirements are met. Strong knowledge of cloud security and governance frameworks is essential for this position.


Strategy & Planning

  • Review existing documentation of IT controls, business processes, policies, procedures, and management reports for efficiency and sustainability.

  • Draft new workflows, including impact statements on how revised processes shall be incorporated into daily tasks.

Operational Management

  • Review, document, evaluate, and test manual and automated computer controls throughout the corporate IT environment, including server, application, middleware, and client-side.

  • Develop and implement testing methodologies for application development, IT infrastructure, security, and availability.

  • Design and execute compliance tests of operating efficiency for IT systems and internal controls that address; coordinate required remediation.

  • Conduct risk assessments on business and operational processes, procedures, and policies.

  • Interpret audit results and make conclusions on the adequacy and reliability of controls; prepare and present reports as necessary.

  • Prioritize control projects based on severity of risk and non-compliance.

  • Communicate control strengths and weaknesses to internal audit; collaborate with internal audit to develop mitigation plans.

  • Apply COBIT, COSO, ITIL, ISO 27001, or NIST RMF frameworks to all documentation and remediation efforts.

  • Design and perform reengineering of processes and procedures in need of remediation.

  • Conduct gap analysis via testing and recommend specific actions to fix gaps in processes and/or process management.

  • Design improvement for internal controls such as segregation of duties, production change management, software management, security, incident handling, and transmission integrity.

  • Assist the internal audit team in delivering requests from external auditors and consultants.

  • Liaise with external auditors to facilitate the auditing process.

  • Design audit programs to ensure ongoing evaluation and validation of IT control efficiency.

Education & Experience

  • Minimum Bachelor’s degree in cyber security or information technology; or equivalent experience.

  • Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP) designations preferred. Certified Cloud Security Profession (CCSP) designation is seen as an asset

  • At least 5 years of security experience or prior work experience with a cloud service provider

  • Cybersecurity Certifications such as CISA, CISM, CRISC, or applicable GIAC certifications is seen as an asset

  • Audit and Control designs certifications seen as an asset

  • Experience with Single Sign-On (SSO), Multi Factor Authentications (MFA), and Identity Access Management (IAM), is seen as an asset

  • Experience with securing Enterprise Resource Management (ERM) solutions is seen as an asset

Other Requirements

  • Strong familiarity with governance and controls frameworks, such as COBIT, COSO, ITIL, ISO 27001, Fedramp and NIST RMF.

  • Direct knowledge of and exposure to regulatory requirements defined in SarbOx, Payment Card Industry Data Security Standards, and privacy regluations.

  • Demonstrable experience in testing, evaluating, and detailing controls for security and compliance.

  • Demonstrable understanding of assessing and crafting internal controls in an enterprise-level environment.

  • Expertise with flowcharting software tools (e.g. Visio).

  • Solid project management skills.

  • PC skills and hands-on experience building tools and presentations with Microsoft Word, Excel, PowerPoint, Project, and Access.

  • Knowledge of scripting language and software automation is helpful.

  • Experience with Governance, Risk and Compliance solutions is preferred

  • Strong understanding in business processes and business continuity

  • Strong technical and program level understanding (i.e. security programs)

  • Strong knowledge and understanding of Cybersecurity standards

  • Strong understanding of technological solutions, security controls and the ability to enforce recommendations

  • Strong knowledge and experience with Microsoft Active Directory, Cisco, Firewalls and Security Technologies

What we offer

  • Collaborative environment with a genuine flexible working policy

  • Free refreshments

  • Free parking, including free electrical charging

Algonquin Power & Utilities Corp is a North American diversified generation, transmission and distribution utility with $10+ billion of total assets. (APUC) delivers continuing growth through an expanding pipeline of renewable energy development projects, organic growth within its regulated distribution and transmission businesses, and the pursuit of accretive acquisitions.

The distribution business group (Liberty Utilities) provides rate regulated water, electricity and natural gas utility services to over 750,000+ customers in the United States. The transmission business group invests in rate regulated electric transmission and natural gas pipeline systems in the United States and Canada.

The generation business group (Liberty Power, formerly known as Algonquin Power) owns a portfolio of regulated and long term contracted North American based wind, solar, hydroelectric and thermal powered generating facilities representing more than 1.5+ GW of installed capacity.

We are focused on building a diverse and inclusive workforce. If you are excited about this role, and are not certain you meet the all the qualification requirements, we encourage you to apply to further investigate the opportunity.

We are an equal opportunity employer and value each person’s unique background, diversity, experiences, perspectives and talents. Full participation of all employees in a safe, healthy and respectful environment is key to individual and company success. We are committed to fully utilizing the abilities of all of our employees and expect each of our employees to honor this commitment in their daily responsibilities.

As part of our commitment, we work to ensure our application process is accessible to all candidates. If you require special assistance or accommodation during the hiring process, please notify the Talent Acquisition Team.