Sr. Cyber Risk Analyst (toronto / Hybrid), Toronto, Ontario Power Generation

Published 2022-06-28
Expires 2022-07-28
ID #1063684337
Sr. Cyber Risk Analyst (toronto / Hybrid), Toronto, Ontario Power Generation
Canada, Ontario, Toronto,
Published June 28, 2022

Job details:

Job type: Full time
Contract type: Permanent
Salary type: Monthly
Occupation: Sr. cyber risk analyst (toronto / hybrid)

⇐ Previous job

Next job ⇒     


Status: Regular Full Time

Education Level: 4 years of Bachelor/University degree in Engineering, Computer Science, Information Technology or related field.

Location: Toronto, ON (Hybrid working arrangement)

Number of Position(s): 1

Travel: less than 10%

Deadline to Apply: July 3, 2022

OPG continues to set the bar for environmental protection, community involvement and economic impact—all while safely keeping the lights on.
Now we’ve set our sights on being a net-zero carbon company by 2040 and a catalyst to help the economies where we operate achieve net-zero by 2050.

OPG operates a diverse portfolio of generation assets including nuclear, hydroelectric, biomass and solar. We are also a clean tech leader and innovator, offering challenging and unique work opportunities. Help us use our power to change the world.

In 2025, Ontario Power Generation (OPG) is establishing a new corporate headquarters on a campus setting in the Municipality of Clarington located within Durham Region. The new campus will include the existing Darlington Energy Complex located just south of Highway 401 and a new building to be constructed on adjacent land presently owned by OPG.

BE THE GENERATION to help build a brighter tomorrow.


Ontario Power Generation (OPG) is looking for dynamic, strategic and results-driven professionals to join our team in the role of Sr. Cyber Risk Analyst on our Cyber Security team at our Toronto, ON office.

Reporting to the Section Head, Information Systems, the Sr. Cyber Risk Analyst is responsible for performing cyber security assessments against industry frameworks, Third party Risk Management, Cyber Risk Management Program, Awareness and Training, oversight of Cyber Governance and Compliance activities, and support Cyber Security Innovation and technical projects.

This is an exciting opportunity to work in an environment where you will contribute to OPG’s public outreach, engagement and education efforts as part of the company’s commitment to growing its social license.


Perform policy gap and control assessments against standard Cyber Security frameworks.
Review policies, procedures, and processes to recommend enhancements and maintain oversight on Cyber Governance, Risk and Compliance process for IT and OT systems.
Ability to work on Big Data, SQL/Mongo DB Database, PowerBI Data Model etc. and analyze & develop executive level reports
Assist in developing and maintaining Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) for the Cyber Governance Security Program and initiatives. Provide advisory service to business units on governance, risk, and compliance best practices.
Advise OPG subsidiaries to develop sound Cyber Security practices and maturity to reduce risk to the overall OPG brand.
Support Cyber Security projects that drive efficiency and effectiveness of cyber security.
Represent OPG Cyber Security at external committees and forums.
Conduct various risk, control, maturity, and compliance assessments based on established security frameworks including but not limited to NIST CSF, CIS, ISO 27001, ISF, CSA N290.7, NERC-CIP, etc.
Meet with business stakeholders to identify top security risks. Evaluate and perform business level cyber risk assessments using established risk methodology and provide recommendations for improving security posture and resolving identified risk and issues.
Perform Third party Cyber risk assessments by working with vendors and ensure adherence to Cyber Security Terms and Conditions using a Risk based approach.
Assist in maturing the Third-Party Risk Management program by defining security controls based on the risk rating and tiers of the vendors.
Develop Security awareness training and assist in conducting phishing simulation campaigns and associated trainings.
Work with Cyber Security department and communications team to release security news updates and bulletins related to Cyber Security.
Develop and maintain risk registers, risk management framework, risk acceptance forms and maintain GRC tools to provide oversight for the Cyber Security program.
Working with Enterprise Risk for performing periodic risk reporting and develop Executive and Board level reports.
Support in building committee charters and interfacing with other internal/external stakeholders as part of Governance and Risk Committee meetings.
Report on control failures and ensure compliance for the Cyber Security department
Work with Internal and External Audit and Regulatory Affairs functions to facilitate information gathering and reporting.
Report on program efficiency such as vulnerability/patch management and program health reporting.
Other Duties as Required


Completed 4-year Bachelor degree in Engineering, Computer Science, Information Technology or related field.
Completed or working towards at least one cyber security certification (i.e., ISC2, ISACA, SANS ICS, ICS-CERT, US-CERT, ISA, CybatiWorks, or other relevant certifications) is considered an asset


6+ years of demonstrated hands-on experience in Cyber Risk, Consulting, and Third-Party Cyber Risk Management.
Advanced knowledge of Cyber Security best practices such as network and application security, mobile device security, Identity & Access Management
Strong understanding of security concepts and frameworks such as NIST, CIS, COSO, ISO 2700x, CSA N290.7 and NERC-CIP.
In-depth understanding of security best practices, risks and technologies, and the solutions to address those risks within the Cyber Security domain.
Phishing Simulation and Learning management tool, Python, Data Engineering, Automated Tasks Scheduling etc.
Extensive experience with the following information security concepts: Security Operations (Investigations, Threat Hunting, Patching etc.) Business Continuity, Security Architecture, Secure Cloud Architecture, Incident Response, Information Protection, Access Control
Demonstrated experience with vulnerability assessments, threat vectors, methodologies, and social engineering techniques to ensure events are categorized correctly and remediated in a timely manner.
Knowledge of Information Systems Security Certification Consortium (ISC2), SysAdmin Audit Network and Security (SANS), or Information Systems Audit & Control Association (ISACA), to investigate threats to corporate information technology systems applications, and networks, and assess, evaluate and recommend additions, modifications or replacement.
Strong communication and presentation skills. Additional skills in MS SQL Server, Advanced MS Excel, Power BI, Power Automate, Power Apps, GRC tools (Audit board, Archer),
Strong communication skills, both oral and written, to prepare reports and communicate effectively with others.
Ability to work effectively and efficiently in a flexible hybrid office environment.

The successful candidate will exhibit uncompromising integrity and commitment to upholding corporate values, and the OPG Code of Business Conduct.


As Ontario’s largest clean energy generator, OPG offers an exciting combination of challenging opportunities and career diversity in a fast-paced work environment. Being an OPG employee means you can apply your knowledge, broaden your skills and make a valuable contribution to an organization that is vital to the province’s wellbeing.

At OPG, our values are our strengths. They are fundamental truths about our organization that don’t change. Safety. Integrity. Excellence. People and Citizenship.

Here's why OPG might just be the ideal workplace for you:

Exceptional range of opportunities province-wide
Long-term career growth and development opportunities
Electricity is vital to the province and OPG’s clean electricity is helping decarbonize other sectors.

If you are looking to learn from others and be part of something important, and you are excited about the future of power generation, you will find the right fit at OPG.

Our promise to you:

We care about the safety and the well-being of our employees. It is our utmost priority.
A supportive work environment where you can be your best every day.
Opportunities to stretch and develop.
Offer different ways for you to give back to communities where we operate.
Partner with Indigenous communities and support local businesses.
We support employment equity, diversity and inclusion.

⇐ Previous job

Next job ⇒     


Contact employer

    Employer's info

    Ontario Power Generation
    Registered on October 7, 2017


    Quick search:


    Type city or region


    Category info:

    Architecture is both the process and the product of planning, designing, and constructing buildings and other physical structures. Architectural works, in the material form of buildings, are often perceived as cultural symbols and as works of art. Historical civilizations are often identified with their surviving architectural achievements. The term architecture is also used metaphorically to refer to the design of organizations, software, and other abstract concepts. Construction is the process of constructing a building or infrastructure. Construction differs from manufacturing in that manufacturing typically involves mass production of similar items without a designated purchaser, while construction typically takes place on location for a known client. Construction as an industry comprises six to nine percent of the gross domestic product of developed countries. Construction starts with planning, design, and financing; and continues until the project is built and ready for use.

    Ontario is one of the thirteen provinces and territories of Canada. Located in Central Canada, it is Canada's most populous province, with 38.3 percent of the country's population, and is the second-largest province in total area. Ontario is the fourth-largest jurisdiction in total area when the territories of the Northwest Territories and Nunavut are included. It is home to the nation's capital city, Ottawa, and the nation's most populous city, Toronto, which is also Ontario's provincial capital. Ontario is bordered by the province of Manitoba to the west, Hudson Bay and James Bay to the north, and Quebec to the east and northeast, and to the south by the U.S. states of (from west to east) Minnesota, Michigan, Ohio, Pennsylvania, and New York. Almost all of Ontario's 2,700 km (1,678 mi) border with the United States follows inland waterways: from the westerly Lake of the Woods, eastward along the major rivers and lakes of the Great Lakes/Saint Lawrence River drainage system. These include Rainy River, Pigeon River, Lake Superior, St. Marys River, Lake Huron, St. Clair River, Lake St. Clair, Detroit River, Lake Erie, Niagara River, Lake Ontario and the St. Lawrence River from Kingston, to the Quebec boundary just east of Cornwall. There is only about 1 km (0.6 mi) of land border, made up of portages including Height of Land Portage on the Minnesota border.Ontario is sometimes conceptually divided into two regions, Northern Ontario and Southern Ontario. The great majority of Ontario's population and arable land is in the south. In contrast, the larger, northern part of Ontario is sparsely populated with cold winters and heavy forestation.

    Source: https://en.wikipedia.org/