51640 - Rexdale - Regular Hiring Salary Range : $110,500.00 – $143,000.00 / year Accountabilities Proactively lead the implementation of governance initiatives, providing technical and business advice, as well as insight on governance processes. Preparing and maintaining risk register that identifies risk areas and themes to report on the activities for risks issues and remediation progress. Enhancing and maintaining the security risk assessment framework. Aligning and refining Cyber Security policies and standards with industry best practices, pertinent to regulations and standards bodies (NERC CIP, ISO 27001/2, PCI DSS, CIS, NIST Series). Prepare, track, maintain and report risk acceptances and security exceptions. Leverage expertise in Cyber Security Management to prepare and conduct security assessments for both planned initiatives and unplanned instances as required. Weigh business needs against security concerns to help guide the business to make practical and informed risk decisions. Review technical documents in line with company policies. Report and measure through metrics, the effectiveness of the technical controls (KPI/KRI) and propose compensating controls accordingly. Proactively contribute to security governance initiatives, providing technical and business advice, as well as insight on management processes. Implement and enforce the Cyber Security policies and standards with industry best practices, pertinent regulations and standards bodies (NERC CIP, ISO 27001/2, PCI DSS, CIS, NIST Series). Support the development and documentation of security processes to support risk management activities across the lifecycle in the SDLC, vendor management office, project management office, risk acceptance. Develop security requirements matrix mapped to organization’s policies and standards. Examine and interpret requirement documents and architecture diagrams and determine security risks to the organization as required. Collaborate with senior leaders and make informed, risk-based recommendations to enhance the security posture of the organization, products and services. Participate and support security related initiatives and serve as a key interface with external and internal auditors for security compliance related activities. Keep abreast of the cybersecurity threats and assess their potential impact to Hydro One's security posture. Lead and manage a team of (number of people) to achieve business objectives and goals. Provide guidance, support, and mentorship to team members to help them develop their skills and reach their full potential. Set performance expectations and goals for team members, and regularly provide feedback on their progress toward meeting those expectations. Manage the recruitment, onboarding, and training of new team members. Foster a positive and collaborative team environment that encourages open communication and teamwork. Identify and address any issues or conflicts within the team, and work to resolve them in a timely and effective manner. Collaborate with other teams and departments to ensure alignment and efficient execution of company initiatives. Develop and implement strategies to improve team performance, productivity, and engagement. Ensure compliance with company policies, procedures, and regulations. Conduct regular performance reviews and assessments, and make recommendations for promotions, transfers, or disciplinary actions as needed. Qualifications & Experience Bachelor's degree in computer science, information security, or a related field. Minimum 7 years in Cyber Security leadership/senior management/senior roles, preferably within the electric/energy utility sector or other large/multi-national organization. Security certification of one or more of the following: CISSP, CISA, CISM or other security certification. Strong knowledge of industry standards and best practices for cyber risk management, including NIST, ISO, and COBIT. Demonstrated ability to build and implement new processes for governance frameworks and processes. Experience in consulting stakeholders with complex business transformation, technical advisory, and cyber risk strategy underpinned by deeper subject matter expertise in one or more cybersecurity domains. Consistent record of developing and improving the security posture of enterprise and IC/OT organization. Strong leadership and analytical skills with a record of people development and technical delivery. Maintain in-depth awareness and understanding of current and emerging cyber security threat, risk and trends. Background in NERC CIP, CSAE3416 SOC 2, PCI DSS, and ITIL is an asset. Excellent communication skills, both verbal and written. Ability to collaborate effectively with cross-functional teams. If you are having difficulty using our online application system and you need an accommodation due to a disability, please email Hydro One will provide reasonable accommodation for qualified individuals with disabilities in the job application process. Deadline: May 26, 2026. #J-18808-Ljbffr