Job Description

Can you see yourself being responsible for developing, implementing, and managing an effective cyber security program specifically tailored for nuclear facilities and operational technology (OT) environments? Does the idea of providing supervisory oversight to a team of nuclear cyber security professionals appeal to you? If you answered yes, then this may be the job for you!

What will you be doing

• Developing and maintaining a comprehensive cyber security program for our client's nuclear facilities and for the other operational technology environments on operated sites, including policies, procedures, and guidelines aligned with CSA N290.7-21, as well as industry best practices and regulatory requirements.
• Collaborating with cross-functional teams to design and implement effective security controls, including network monitoring, intrusion detection, access control, and incident response mechanisms, in accordance with CSA N290.7-21 guidelines.
• Maintaining interfaces with key programs (IT, Security, Training, etc.) to ensure the constant evolution of the program’s maturity.
• Developing and delivering training programs to raise awareness of cyber security risks and promote a culture of security among employees and contractors, in line with CSA N290.7-21 recommendations.
• Staying up to date with the latest cyber security threats, vulnerabilities, and mitigation strategies specific to the nuclear industry and incorporate them into the program, while aligning with CSA N290.7-21 requirements.
• Compiling and maintaining an inventory of Cyber Essential Asset and classify them according to CSA N290.7 requirements.
• Establishing the incident response team and the associated facilities, tools, and information needed to respond to incidents.
• Conducting regular assessments and audits to identify vulnerabilities and potential risks to nuclear cyber security systems and infrastructure, ensuring compliance with CSA N290.7-21.
• Leading the incident response efforts in the event of a cyber security breach, ensuring timely and effective resolution while minimizing impact on operations, adhering to CSA N290.7-21 guidelines.
• Monitoring and analyzing cyber security metrics and performance indicators to identify areas for improvement and track progress over time, as outlined in CSA N290.7-21.
• Providing supervisory oversight to a team of cyber security professionals, including assigning tasks, monitoring performance, and providing guidance and mentorship
• Establishing and maintaining relationships with relevant regulatory bodies and industry organizations to stay informed about emerging cyber security trends and regulatory changes, including updates to CSA N290.7-21.
• Collaborating with external vendors and consultants to leverage their expertise and resources for cyber security program enhancements, while ensuring alignment with CSA N290.7-21 requirements.
• Providing regular updates and reports to senior management and regulatory authorities, highlighting the status of the cyber security program, and recommending improvements as necessary, with a focus on CSA N290.7-21 compliance. 

What We Are Looking For

• Bachelor's or Master's degree in Cyber Security, Computer Science, Computer Engineering, or a related field.
• Relevant certifications, such as CISSP, CISM, or GIAC, are highly desirable.
• Minimum of 10 years of experience in Operational Technology (OT) cyber security, with specific expertise in nuclear or critical infrastructure protection preferred
• Proven experience in leading and managing cyber security programs, including policy development, risk assessment, and implementation of security controls.
• Strong knowledge of regulations, standards, and guidelines related to cyber security in Operational Technology environments employed in nuclear and other critical infrastructure such as IAEA, NIST, IEC, NERC, and NEI.
• Experience participating in implementation of a recognized industry standard (ISO 27001, N290, NIST) an asset.
• Excellent analytical, problem-solving, and decision-making skills, with the ability to prioritize and manage multiple tasks in a fast-paced environment.
• Strong communication and interpersonal skills, with the ability to effectively collaborate with diverse stakeholders and influence others to adopt security practices.
• Use interpersonal skills to effectively explain, negotiate, persuade, and build consensus among diverse stakeholders.
• Demonstrated ability to establish and maintain effective working relationships with all levels of personnel, both internal and external to the Company and troubleshoot/escalate issues effectively
• Strong knowledge of nuclear industry regulations, standards, and guidelines related to cyber security, including CSA N290.7-21.
• In-depth understanding of cyber security principles, technologies, and best practices, including network security, encryption, vulnerability assessment, and incident response, aligned with CSA N290.7-21.
• Strong knowledge of industrial control systems (ICS), supervisory control and data acquisition (SCADA) systems and other digital instrumentation and control technologies used broadly in Operational Technology and specifically within the nuclear industry.

Security clearance eligibility required: Level 2 Secret which has a minimum requirement of 7 years of verifiable history in Canada, Australia, New Zealand, United States and/or the United Kingdom. CNL implements security screening in accordance with the Treasury Board of Canada Secretariat “Standard on Security Screening” and the “Policy on Government Security”.