Job Title- Senior Threat, Risk, Vulnerability Assessment (TRVA) Cyber Analyst

Location- Calgary & Edmonton

The Senior Threat, Risk, Vulnerability Assessment (TRVA) Cyber Analyst will play a key role as part of a group of professionals responsible for operational services related to ATCO’s Cybersecurity program, facilitating cybersecurity assessment activities related to various compliance and regulatory requirements, and working with cross-functional teams throughout ATCO. This position reports to the Manager, Cyber Risk and Project Assessment. 

You will be responsible for overseeing cybersecurity compliance within ATCO companies, ensuring cyber risks are assessed for projects and vendors, and consulting on the development of security standards, procedures, and controls to manage risks, ensure compliance with applicable laws and regulations, and ATCO policies, and procedures within a federated IT organization.  

Do you have a solid understanding of the NIST Framework, and the evidence required to comply with the NIST Framework? This position is for you!

The scope of this role includes Information Security across all ATCO companies and geographies, Information Technology (IT) and Operational Technology (OT) environments. 

Always there. Anywhere. That’s us! A team committed to delivering inspired solutions for a better world. We care for our communities and each other, and we are committed to showing up for those who need us. We value and encourage diversity, and we have the courage to do the right thing, even when it’s hard. 

What Else You Get To Do

Perform assessments and report on cybersecurity risks Lead implementation of risk assessment practices across internal and vendor teams, ensuring that the risk assessment methodology is followed in those practices Validate the completeness and accuracy of risk assessment artifacts Manage the ATCO IT/OT and cyber risk register Provide advice in the development, implementation, and communication of risk-related policies and standards Provide cybersecurity risk-related guidance to employees, colleagues, and/or customers  Assist with the validation of the IT/OT risk posture through interviews with leaders as required Manage and drive automation of cybersecurity risk throughout its lifecycle Collaborate with both technical and non-technical teams, from legal, to engineering, to finance, to operations, to supply chain  Collaborates with ATCO leadership to develop corporate governance/policies for compliance within an IT federated model Support the development of cyber security standards and procedures in accordance with the NIST Framework), industry regulations, standards, and laws Assist in managing a compliance program for a portfolio of internal/external audits and certifications, ensuring documented and sustainable compliance practices across the company Assist with reports for leaders on the status compliance and mitigation activities. Provide training and support in understanding of the ACS with representatives within ATCO companies. Lead and socialize communication materials for the cybersecurity risk assessment methodology Minimizes legal risks by understanding current and proposed legislation, enforcing regulations, recommending new procedures, and complying with legal requirements across multiple jurisdictions 

Who You Are: 

Master’s or bachelor’s degree in computer science, Information Security, Computer Engineering is a requirement.  8 to 10 years of successful Cybersecurity risk management, analysis, and compliance experience in a multi-sourcing technology service provider delivery model’s company  Extensive knowledge of Vendor/Third-Party and project cyber security risk assessment management methodologies and frameworks.  Expert on risk assessment implementations, including the facilitation of risk treatment and recurrent monitoring of risks across internal and external vendor teams.  Proficiency in Microsoft Power Tools applied to Threat, Risk, Vulnerability Assessment functions.  Knowledge of legal and regulatory frameworks related to electronic discovery, data privacy, and information governance (e.g., PCI, GDPR, CCPA, FRCP).  Strong communication skills, both written and verbal, with the ability to effectively collaborate with cross-functional teams, including legal professionals, IT/OT personnel, and external vendors.  Ability to negotiate cybersecurity terms and requirements with vendors/contracts.  High ethical standards and a commitment to maintaining the confidentiality and integrity of sensitive information Experience with enterprise GRC tools. 

What We Offer: 

A culture based on caring, integrity, agility, collaboration, and striving for excellence Competitive compensation  Flex benefits  Tuition assistance program  Training and mentorship programs  Charitable donation matching

We would like to thank everyone for their application; however, only those being considered for an interview will be contacted.  Successful candidates may be required to complete a criminal background check and others screening as needed for the position.

Canadian Utilities is part of ATCO Ltd. ATCO delivers inspired solutions for a better world. We are a diversified global corporation with investments in the essential services of Structures & Logistics, Utilities, Energy Infrastructure, Retail Energy, Transportation and Commercial Real Estate. Learn more about how we build communities, energize industries and deliver customer-focused solutions like no other company in the world at www.atco.com.  
At ATCO, we support a diverse and inclusive environment that values the contributions and perspectives of everyone on the ATCO team. We believe the ATCO team is the foundation of our business and our most valuable asset across our global operations. Without each team members’ unique skills, strengths, and knowledge, we simply wouldn’t be able to achieve our fundamental vision of delivering life’s essential services to our customers around the world. 
ATCO is an equal opportunity employer, and we do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status