Operational Technologies Cyber Security Specialist

Can you see yourself identifying, managing, implementing, and reporting on the threats, opportunities, requirements and operational elements of the use of Operational Technologies at CNL? Does the idea of performing reviews, assessments and audits, conducting research, and facilitating communication to internal and external stakeholders where necessary sound good to you? Are you looking for a role that will challenge you? If you answered yes, then this may be the job for you!

What will you be doing!

• Leading the implementation and operation of CNL’s Operational Technologies Cyber Security program.
• Coaching Management and staff on the requirements for, and the application Operational Technologies Cyber Security controls.
• Identifying, quantifying, and reporting on the risks related Operational Technologies Cyber Security.
• Developing materials and tools to effectively communicate risks and compliance status.
• Developing and/or overseeing the development and implementation of processes, tools, training, and other initiatives designed to improve the overall
• Operational Technologies Cyber Security posture and program maturity. This includes tracking and reporting the progress and success of these initiatives.
• Documenting, investigating, and reporting compliance and other issues and incidents.
• Establishing and maintaining Information Security process and governance documentation aligned with (ISA)/IEC 62443, N290.7, ISO 27001.
• Establishing and managing strong working relationships with multiple-level contacts across the Company to communicate and report on highly complex, sensitive, or privileged information.
• Conducting risk assessments and security compliance audits.
• Participating in internal and external audits, demonstrating how CNL’s Operational Technologies Cyber Security processes perform, developing action plans to respond to observations/findings, and addressing issues brought up by employees.
• Managing compliance testing and monitoring of current and future regulatory obligations, and other regulatory matters as required.
• Providing input into strategic and tactical plans to ensure that Operational Technologies Cyber Security requirements are foundational to current and future activities.
• Working with interfaces and business leaders to ensure Operational Technologies Cyber Security risk findings are reviewed and solutions are implemented.
• Anticipating mid-to-longer term needs on behalf of the Company, identifying opportunities for improving processes and capabilities, developing business cases to demonstrate the benefits of proceeding with the improvement.
• Liaising with relevant parties to commission activities relating to contingency planning, business continuity management, and event/disaster recovery.
• Maintaining engagement with all projects and initiatives in order to build automatic compliance with Operational Technologies Cyber Security requirements into all systems and processes.
• Developing formal and informal Change Management plans for Operational Technologies Cyber Security initiatives, and other initiatives that have a requirement for Information Security compliance.
• Maintaining an up-to-date communications plan, ensuring new information is balanced with reminders, and providing fair exposure to all areas of responsibility.
• Developing and maintaining communication and outreach resources (on the intranet, SharePoint online, ServiceCNL, etc.), ensuring that resources and messages are written and timed to maximize impacts.
• Overseeing vendor and/or contractor performance, tracking expenditures against scope, and taking appropriate actions to ensure deliverables are met and budgets respected.
• Providing input in the creation and setting of Division and Department objectives; setting objectives for own direct reports and/or providing objectives for employees delivering on information-centric initiatives.
• Providing leadership to interfacing/matrixed employees, supporting their efforts, and to CNL in matters of requirements and opportunities in order to influence decisions and projects.

What we are looking for:

• University degree in a relevant discipline (e.g. Information Technology, Computer Science, Business Administration), or 15 years of practical experience with increasing levels of responsibility. CISSP, CISA, CISM, or other relevant security-related designation(s) an asset.
• Extensive (8+ years) professional-level experience related to the management of Information Management & Technologies requirements, program and project implementation;
• Experience leading, coaching and negotiating with team members and leadership;
• Experience and leadership ability in core business operations functions such as strategic planning and implementation, management of databases, and internal compliance, in a complex, dynamic environment;
• Experience developing, implementing and monitoring operational improvements resulting in more efficient and effective processes, procedures and plans;
• Working experience with information security/Cyber Security technologies & platforms (MSSP solutions, next-gen firewalls, cloud security solutions, data loss prevention solutions, etc.);
• Experience with Information Security incident response and investigation support; and
• Experience using interpersonal skills to effectively explain, negotiate, persuade, and build consensus among diverse stakeholders; demonstrated ability to establish and maintain effective working relations with all levels of personnel, both internal and external to the Company and troubleshoot/ escalate issues effectively.
• Demonstrated ability to lead and motivate teams;
• Results oriented, high energy, and self-motivated;
• Proven ability to build and nurture constructive relationships and partnerships across internal organizations/groups, and with industry and external regulators;
• Demonstrated ability to develop well-informed advice and strategies that are sensitive to the various needs of multiple stakeholders and partners, reflecting the strategic direction of CNL, and positioning CNL for success; and
• Demonstrated ability to translate complex ideas and technical requirements into plain and easy to understand language.
• Advanced knowledge of Information Security principles and methods;
• Minimum of 5 years experience developing, supporting, maintaining an information security program oriented on Operational Technologies;
• Demonstrated capability to turn Information Security principles into practical processes and tools;
• Knowledge of industry best practices and standards (ISA/ IEC 62443, N290.7, ISO 27001);
• Knowledge of REGDOCS applicable to the Nuclear industry, including Physical Security and Protection of Information;
• Knowledge of computer networking concepts and protocols and network security methodologies;
• Knowledge of risk management processes (e.g. methods for assessing and mitigating risk);
• Knowledge of cyber threats and vulnerabilities;
• Knowledge of specific operational impacts of cybersecurity lapses.

Security clearance eligibility required: Level 2 Secret which has a minimum requirement of 7 years of verifiable history in Canada, Australia, New Zealand, United States and/or the United Kingdom. CNL implements security screening in accordance with the Treasury Board of Canada Secretariat “Standard on Security Screening” and the “Policy on Government Security”.

Why CNL?

Does working with a team across Canada to advance nuclear science and technology for a clean and secure world speak to you? We're reinventing ourselves to be the pace setters, so we can lead the charge in solving the problems that matter, like building the next generation of clean nuclear and hydrogen energy solutions, developing new and better-targeted cancer treatments, and continuing to lead the world in environmental remediation.

• Work-life balance is an integral part of our overall health and well-being; at CNL, we value this.

We offer a complete total rewards package:

• paid time off (vacation, sick, floater & personal);
• benefits effective day one, that’s right no waiting period;
• tuition support
• and a pension!

Location:

CNL works with employees across our Canadian locations to enable a hybrid workforce where possible. Our Hybrid employees work with their manager to establish expectations for when they will be on site vs when they are working from home.

About CNL:

CNL is Canada's premier nuclear science and technology organization and a world leader in developing nuclear technology for peaceful and innovative applications. Using our unique expertise, we are restoring and protecting the Environment, we are advancing clean energy technology, and our medical breakthroughs continue to improve the health of people around the world.

Our Priorities:

• Clean energy for today and tomorrow.
• Restore and protect the Environment.
• Contribute to the health of Canadians.

CNL is committed to providing an atmosphere free from barriers that promote equity, diversity and inclusion in achieving our mission. CNL welcomes and celebrates employees, stakeholders and partners of all racial, cultural, and ethnic identities.

CNL also supports a workplace environment and a corporate culture built on our Core Values: Respect, Teamwork, Accountability, Safety, Integrity and Excellence, which encourage equitable employment practices and career prospects inclusive of accommodations for all employees.

CNL is committed to being an equal-opportunity employer. If you require accommodation measures during any phase of the hiring process, please inform the Talent Acquisition Specialist with whom you are in contact. All information received in relation to accommodation requests will be kept confidential.

The Chalk River Laboratories site is located on the unceded and unsurrendered territory of the Algonquin Anishinaabe people. As an organization, CNL recognizes and appreciates their historic connection to this place. CNL also recognizes the contributions that First Nations, Métis, Inuit and other Indigenous Peoples have made, both in shaping and strengthening this community in particular, and this province and country as a whole.

#LI-HYBRID