Loading...
Share this Job
Apply now »

Senior IT Security and Controls Advisor

Our purpose is sustaining energy and water for life, and it is demonstrated in everything we do as a business, and as an employee team.

Purpose

The role of the Senior IT Security and Controls Advisor is to prepare, contribute and document for each system; a business impact assessment, risk assessments and CSET control assessment and selection to ensure the readiness of each of the individual systems into the overall Customer First program implementation. 

The Senior IT Security and Controls Advisor will work closely with Liberty Utilities Security and Controls team and the relative project teams and will be primarily responsible to coordinate the LU specific Security related assessments.  He/She will produce appropriate status and documentation including scheduling, status reporting, and issues tracking, which will lead to the go-live signoffs of key stakeholders. 

The Senior IT Security and Controls Advisor will help to support the Security and Controls teams Methodology requirements for those ongoing projects:
- perform Data Classification,
- determine system Availability requirements,
- understand how the systems interface with other systems including the data transfer protocols and how data is encrypted,
- determine how users’ access and authenticate on to the system (including how Roles and Authorizations are managed),
- confirm the Controls in place,
- validate any Privacy requirements and
- document the assessments, which is required to support the Customer First Program.
The Senior IT Security and Controls Advisor will report into the Liberty Utilities Security and Controls Manager.
 

Accountabilities

• Work with LU Security and Controls team and the individual project teams to plan, deliver, manage issues and document the business impact assessment for all in-scope systems

• Work with LU Security and Controls team and the individual project teams to plan, deliver, manage issues and document the privacy assessment for all in-scope systems
• Develop and manage a detailed CSET control assessment/selection for all in-scope systems
• Contribute to the implementation of SAP modules and tools as needed e.g. Process Control
• Attend daily, weekly and monthly meetings as required to support the Security and Controls team
• Provide updates on a consistent basis on the progress of the assessments to the team and call out any issues identified
• Utilize best practices, techniques, and standards throughout the assessments
• Monitor progress and make adjustments as needed
• Manage issues and risks with Security and Controls Manager and Project teams
• Organize and/or develop presentations to the wider businesses, which may include lunch & learn, training sessions, and general update presentations.
• Consult with key stakeholders of varying technical ability and subject matter expertise to include identifying and evaluating implementation options, risks and benefits, complexity, and flexibility of the various options, and discussing approach and recommendations with stakeholders where appropriate.
• Review existing documentation of IT controls, business processes, policies, procedures, and management reports for efficiency and sustainability. Update existing documentation where required and effectively communicate updates to required parties.
• Conduct risk assessments on business and operational processes, procedures, and policies.
• Ability to independently assess risk at all levels and communicate control strengths and weaknesses to management
• Educate and collaborate with management, develop mitigation plans and procedures for control improvements
• Design and perform reengineering of IT controls, processes and procedures in need of remediation.
• Interpret audit results and make conclusions on the adequacy and reliability of controls; prepare and present reports as necessary.
• Conduct gap analysis via testing and recommend specific actions to fix gaps in processes to management.
• Design audit programs to ensure ongoing evaluation and validation of IT control efficiency.
• Design improvement for internal controls such as segregation of duties, production change management, software management, security, incident handling, and transmission integrity.

Education and Experience

• Strong knowledge of cloud security and governance frameworks is essential for this position.
• Strong familiarity with governance and controls frameworks, such as COBIT, COSO, ITIL, ISO 27001, Fedramp and NIST RMF.
• Experience with regulatory requirements defined in Sarbanes Oxley (SOX), Payment Card Industry Data Security Standards (PCIDSS), and privacy regulations.
• Certified Information Systems Auditor (CISA), CISM, CRISC, Certified Information Systems Security Professional (CISSP) designations preferred and seen as an asset. Certified Cloud Security Profession (CCSP) designation is seen as an asset
• At least 5 years of internal audit experience or prior work experience with a Big 4 consulting/auditing firm (PriceWaterhouseCoopers, Deloitte, Ernst & Young, KPMG).
• At least 5 years of security experience or prior work experience with a cloud service provider
• Strong technical knowledge and understanding of security programs and Cybersecurity standards
• Strong understanding of technological solutions, security controls and the ability to enforce recommendations
• Detail-oriented, organized and can effectively communicate at all levels
 

Algonquin Power & Utilities Corp. is a growing renewable energy and utility company with over $15 billion1 of assets across North America and internationally.

For more than 30 years, Algonquin has demonstrated an unwavering commitment to delivering clean energy and water solutions. Our rapid growth has led both our regulated utility services and renewable energy business groups into different geographies and commodities, but our purpose remains unchanged – Sustaining Energy and Water for Life.

Through our operating business (Liberty), we provide regulated electricity, water, and natural gas utility services to over 1 million customer connections, primarily in North America. And, our growing portfolio of clean, renewable wind, solar, hydro and thermal power generation facilities represent over 3 GW of renewable generation capacity in operation and under construction.1

With our robust, diversified, and growing presence in communities across North America and internationally, we are continually demonstrating our “Think Global, Act Local” business model.

What we offer

Collaborative environment with a genuine flexible working policy

Share purchase/match plan

Defined Contribution savings plan

Top Talent Program

Volunteer paid days off

Employee Assistance Program

Achievement fund

Free parking, including free electrical charging

 

We are focused on building a diverse and inclusive workforce.  If you are excited about this role and are not certain you meet the all the qualification requirements, we encourage you to apply to further investigate the opportunity.

We are an equal opportunity employer and value each person’s unique background, diversity, experiences, perspectives and talents. Full participation of all employees in a safe, healthy and respectful environment is key to individual and company success. We are committed to fully utilizing the abilities of all of our employees and expect each of our employees to honor this commitment in their daily responsibilities.

Apply now »