Liberty Utilities Senior Analyst, IT Security and Controls (Contract) in Oakville, Ontario
Senior Analyst, IT Security and Controls (Contract)
Title:Senior Analyst, IT Security and Controls (Contract)
Zip/Postal Code:L6J 2X1
Our vision is to be the utility company most admired by customers, communities and investors for our people, passion and performance.
Length of Assignment: 12 Months
The Senior IT Security and Controls Analyst plays a pivotal role in defining and executing the enterprise’s cyber security strategy. The cyber security program is provide appropriate security assurance as well as meeting regulatory requirements such as SOX, NERC CIPS and PCI DSS. This individual is responsible for testing, detailing, evaluating, remediating, and improving internal controls and systems security policies for effectiveness and operational efficiency. The Senior IT Security and Controls Analyst will fulfill these duties by collaborating with internal and external audit teams, IT management, corporate customers, consultants, and other partners to ensure compliance with internal and external requirements are met. Strong knowledge of cloud security and governance frameworks is essential for this position.
Strategy & Planning
Review existing documentation of IT controls, business processes, policies, procedures, and management reports for efficiency and sustainability.
Draft new workflows, including impact statements on how revised processes shall be incorporated into daily tasks.
Review, document, evaluate, and test manual and automated computer controls throughout the corporate IT environment, including server, application, middleware, and client-side.
Develop and implement testing methodologies for application development, IT infrastructure, security, and availability.
Design and execute compliance tests of operating efficiency for IT systems and internal controls that address; coordinate required remediation.
Conduct risk assessments on business and operational processes, procedures, and policies.
Interpret audit results and make conclusions on the adequacy and reliability of controls; prepare and present reports as necessary.
Prioritize control projects based on severity of risk and non-compliance.
Communicate control strengths and weaknesses to internal audit; collaborate with internal audit to develop mitigation plans.
Apply COBIT, COSO, ITIL, ISO 27001, or NIST RMF frameworks to all documentation and remediation efforts.
Design and perform reengineering of processes and procedures in need of remediation.
Conduct gap analysis via testing and recommend specific actions to fix gaps in processes and/or process management.
Design improvement for internal controls such as segregation of duties, production change management, software management, security, incident handling, and transmission integrity.
Assist the internal audit team in delivering requests from external auditors and consultants.
Liaise with external auditors to facilitate the auditing process.
Design audit programs to ensure ongoing evaluation and validation of IT control efficiency.
Education & Experience
Minimum Bachelor’s degree in cyber security or information technology; or equivalent experience.
Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP) designations preferred. Certified Cloud Security Profession (CCSP) designation is seen as an asset
At least 5 years of security experience or prior work experience with a cloud service provider
Cybersecurity Certifications such as CISA, CISM, CRISC, or applicable GIAC certifications is seen as an asset
Audit and Control designs certifications seen as an asset
Experience with Single Sign-On (SSO), Multi Factor Authentications (MFA), and Identity Access Management (IAM), is seen as an asset
Experience with securing Enterprise Resource Management (ERM) solutions is seen as an asset
Strong familiarity with governance and controls frameworks, such as COBIT, COSO, ITIL, ISO 27001, Fedramp and NIST RMF.
Direct knowledge of and exposure to regulatory requirements defined in SarbOx, Payment Card Industry Data Security Standards, and privacy regluations.
Demonstrable experience in testing, evaluating, and detailing controls for security and compliance.
Demonstrable understanding of assessing and crafting internal controls in an enterprise-level environment.
Expertise with flowcharting software tools (e.g. Visio).
Solid project management skills.
PC skills and hands-on experience building tools and presentations with Microsoft Word, Excel, PowerPoint, Project, and Access.
Knowledge of scripting language and software automation is helpful.
Experience with Governance, Risk and Compliance solutions is preferred
Strong understanding in business processes and business continuity
Strong technical and program level understanding (i.e. security programs)
Strong knowledge and understanding of Cybersecurity standards
Strong understanding of technological solutions, security controls and the ability to enforce recommendations
Strong knowledge and experience with Microsoft Active Directory, Cisco, Firewalls and Security Technologies
What we offer
Collaborative environment with a genuine flexible working policy
Free parking, including free electrical charging
Algonquin Power & Utilities Corp is a North American diversified generation, transmission and distribution utility with $10+ billion of total assets. (APUC) delivers continuing growth through an expanding pipeline of renewable energy development projects, organic growth within its regulated distribution and transmission businesses, and the pursuit of accretive acquisitions.
The distribution business group (Liberty Utilities) provides rate regulated water, electricity and natural gas utility services to over 750,000+ customers in the United States. The transmission business group invests in rate regulated electric transmission and natural gas pipeline systems in the United States and Canada.
The generation business group (Liberty Power, formerly known as Algonquin Power) owns a portfolio of regulated and long term contracted North American based wind, solar, hydroelectric and thermal powered generating facilities representing more than 1.5+ GW of installed capacity.
We are focused on building a diverse and inclusive workforce. If you are excited about this role, and are not certain you meet the all the qualification requirements, we encourage you to apply to further investigate the opportunity.
We are an equal opportunity employer and value each person’s unique background, diversity, experiences, perspectives and talents. Full participation of all employees in a safe, healthy and respectful environment is key to individual and company success. We are committed to fully utilizing the abilities of all of our employees and expect each of our employees to honor this commitment in their daily responsibilities.
As part of our commitment, we work to ensure our application process is accessible to all candidates. If you require special assistance or accommodation during the hiring process, please notify the Talent Acquisition Team.