It Compliance Analyst

A workplace powered by you

At BC Hydro, we’re working towards creating a cleaner and more sustainable future for all British Columbians and need
people like you to help us. A career at BC Hydro is meaningful and provides you the opportunity to be part of a talented,
inclusive, and diverse team. We offer a healthy work-life balance, competitive wages, a comprehensive benefits package,
and training opportunities to support you in your career growth. We're proud to be ranked as one of B.C.'s Top Employers
and one of Canada's Best Diversity Employers.
We invite you to join us as we build an even cleaner B.C. We welcome applications from all qualified job seekers. If you’re a
person with a disability, please let us know as adjustments can be made to help support you in your application process.

IT Compliance Analyst

Number of positions: 2 Job Location: Dunsmuir 08

Employment type: Permanent Region: Lower Mainland

Hours of work: Full-time (37.5 hrs/wk) Flexible Work Role: Hybrid

Annual salary: $ 68,700.00 - 74,000.00

What you'll do

• Oversees the review of compliance workflows (such as Critical Infrastructure Protection (CIP) change requests, patch

management and vulnerability assessments) in the compliance management system to ensure adherence to timelines and
established procedures. Identifies compliance issues with documentation and reviews with internal teams or external
service providers to negotiate solutions and provide recommendations for next steps. Approves or declines compliance
workflows for accuracy and completeness for next steps in the process.

• Identifies, develops and implements new or revised compliance processes/procedures (such as access management,

Transient Cyber Assets (TCA)). Solicits feedback from applicable stakeholders. Recommends process/procedural
improvements to address concerns and gaps. Develops and maintains documentation in knowledge management
repositories. Reviews and publishes knowledge articles to business-facing knowledge bases.

• Coordinates the access management review process by: preparing quarterly and annual access review reports; verifying

the business justification to maintain access for access holders with BC Hydro managers; reviewing access revocation
records from various systems; and preparing compliance documentation as required.

• Coordinates the external vendor TCA authorization process for usage and security controls of devices by: reviewing

authorization requests for quality and accuracy; approving or declining authorization requests; conducting random audits on
the security controls of TCA devices to ensure compliance with policies and procedures; following-up with external vendors
to resolve compliance issues; and rejecting devices and removing users from access groups for non-compliance with BC
Hydro’s security control and compliance requirements.

• Coordinates the collection of compliance documentation for the annual certification process or audits. Monitors progress of

completing the Reliability Standard Audit Worksheets (RSAW). Populates or reviews RSAW and related compliance
documentation and narratives for accuracy and completeness. Follows-up with internal teams and external service
providers on areas requiring clarification or action.

• Recommends minor enhancements to enterprise compliance access management systems to IT Compliance Analyst

Work Leader. Under guidance of IT Compliance Analyst Work Leader, works with IT System Developers to implement
minor enhancements. Carries out user acceptance testing to ensure minor enhancements meet functional and operational
efficiency and effectiveness requirements.

• Prepares training materials and conducts formal/informal training sessions and presentations on compliance programs,

compliance processes and procedures to internal teams, co-op students and external service providers.

• Assists management with NERC CIP incident investigations by: preparing the documentation related to incident; carrying

out root cause mapping analysis of incident under management’s direction and guidance; maintaining evidence
documentation upon completion of investigation; recommending process improvements to stakeholders as part of mitigation
solutions; and advising of risks with meeting deadlines.

• Monitors and responds to enquiries sent to email inboxes. Forwards to appropriate team members as required.

• Prepares status reports of completed and outstanding compliance documentation reviews.
  

What you bring

• Degree in Information Technology, Engineering, Business Administration or related fields; plus two (2) years of experience

in IT audit related activities (e.g. gathering, developing and reviewing audit evidence documents) or cybersecurity related
activities.
OR

• Diploma in Information Technology, Engineering, Business Administration or related fields; plus four (4) years of

experience in IT audit related activities (e.g. gathering, developing and reviewing audit evidence documents) or
cybersecurity related activities.

• Demonstrated experience developing and maintaining business processes and procedures.

• Requires in-house NERC CIP training to be completed within the first week of starting in the job.

• Security related certification (such as CompTIA Security+, Certified Information Systems Security Professional (CISSP),

Certified Information Systems Auditor (CISA)) considered an asset.

What we offer

• A comprehensive benefits package
• A minimum of 15 paid vacation days
• A lifetime pension
• Flexible work model, depending on your role type
• Training and development courses

For more information on the benefits we offer, visit bchydro.com/benefits.

What else you should know

This position is affiliated with the Movement of United Professionals union (MoveUP/COPE). http://moveuptogether.ca

• This posting is for Two (2) Full Time Regular positions

• Security related certification (such as CompTIA Security+, Certified Information Systems Security Professional (CISSP),

Certified Information Systems Auditor (CISA)) considered an asset
Don't forget to update your Candidate Profile with your current resume and copies of your certifications. If applicable,
include your Trades Qualification. This will ensure we have all the necessary information to assess your application without
any delays.

Date Posted: 2024-01-09 Closing Date: 2024-01-20

For internal use 51566035