cloud security engineer

Job Description

<p>CLOUD SECURITY ENGINEER</p><p>WINNIPEG, MB</p><p><em>Manitoba Hydro is consistently recognized as one of Manitoba's Top Employers</em></p><p><em>Great Benefits</em></p><ul><li>Competitive salary and benefits package.</li><li>Defined-benefit pension plan.</li><li>Nine-day work cycle which normally results in every other Monday off, providing for a balanced approach to work, family life</li></ul><p>and community. </p><ul><li>Flex-time and partially remote work schedule (providing the option to work remotely 3 days per 2 week period), depending on</li></ul><p>nature of work, operational requirements and work location.</p><p>Manitoba Hydro is a leader among energy companies in North America, recognized for providing highly reliable service and<br><br>exceptional customer satisfaction. Join our team of Manitoba's best as we continue to build a company that supports innovation,<br><br>commitment, and customer service, while actively supporting a diverse, equitable and inclusive workplace.</p><p>Under the general direction of the Cyber Security Director (CISO) and reporting to the Enterprise Cyber Security Program<br><br>Department Manager and as a recognized expert on cloud security, ensure the security of MH cloud services and integration with on<br><br>premise environments through leading Enterprise Cyber Security Program's (ECSP) cloud priorities, cloud security strategy and<br><br>design architecture, cloud security assessments, and cloud security risk management.</p><p><em>Responsibilities:</em></p><ul><li>Lead the Enterprise Cyber Security Program's (ECSP) cloud priorities: Lead the development of policies, standards,</li></ul><p>accountability structures, centralized services to support the implementation of Enterprise Cyber Security Program cloud<br><br>related priorities. Design mitigation plans and in collaboration with IT/OT areas create technical responses/guidelines to<br><br>support implementation of cloud security-related plans. Guide implementation of changes to meet the needs of a changing<br><br>environment (AI-cloud systems, major cloud-based projects such as SAP, AMI) including developing implementation plans for<br><br>new cloud technology or monitoring requirements.</p><ul><li>Lead cloud security strategy and design architecture: Create Manitoba Hydro's cloud security strategy and design</li></ul><p>architecture including reference architecture and multi-cloud security. Design the cloud security control requirements and<br><br>multi-cloud security requirements to support the specialist in deploying the actual cloud security control. Be accountable for<br><br>accurate records and reporting. Support the design, project management and approach to cloud security tools. Select<br><br>appropriate cloud security tools (potentially more than one vendor) and manage contracts including performance,<br><br>negotiations, implementation schedule/planning (project management), participate in change management committees and<br><br>design and implement change management for IT and enterprise/corporation depending on impact. Manage schedule for<br><br>renewal and updates. Guide design, implementation and contract components including cyber schedule, RFP schedule<br><br>drafting and approving, provide guidance on tender evaluation, design appropriate integration with monitoring tools and set<br><br>reminders and follow through on conducting audits according to contacts and Manitoba Hydro's needs. Design cloud criteria to<br><br>be added to project management scope for projects.</p><ul><li>Lead cloud related security assessments: Provide expert level input to and support the execution of assessment activities</li></ul><p>including maturity assessments, scenario assessments, penetration tests, threat risk assessments, enterprise technology<br><br>security assessments and other assessments as a means of determining current state and identifying opportunities for<br><br>improvement and enhancement. Develop cloud security assessment requirements, guidelines, practices, questionnaires and<br><br>potentially manage contract for security assessments of cloud systems. Design audit criteria, review cloud contracts to ensure<br><br>audit practices are followed, schedule audits, coordinate with contractors, engage in RFP for audit assessment and control<br><br>testing/pen testing, manage contracts including RFP review, payments, and project management of contracts.</p><ul><li>Lead cloud related cyber risk management: Lead the identification, assessment, tracking, and action initiation for</li></ul><p>enterprise-wide cloud security related risks.</p><ul><li>Lead cloud related updates for Governing committees: Prepare and deliver cloud related ECSP metrics and status</li></ul><p>updates.</p><ul><li>Keep abreast of cloud cybersecurity developments: Develop and maintain good working relationships with industry</li></ul><p>MANITOBA HYDRO IS COMMITTED TO DIVERSITY AND EMPLOYMENT EQUITY</p><p>Reference Code: CO </p><p>contacts for the purpose of information exchange and to keep abreast of technology innovation and directions including<br><br>participation on committees. Develop and maintain good working relationships with contacts within D&T, Industrial Control<br><br>System teams, and interested parties throughout Manitoba Hydro including subsidiaries. Provide expert support for major<br><br>cloud-based systems such as SAP, AMI, etc.</p><ul><li>Support cyber security operations where required: Be point of contact for external cloud contract during and post incident</li></ul><p>for forensic and contract support (including breach of contract, etc). Support cyber event incident response and recovery as<br><br>part of the Incident Response Team. In the event of a significant cyber security incident, you may be called to support<br><br>response activities at any time during a 24-hour period to assure Manitoba Hydro system security and reliability.</p><p><em>Qualifications:</em></p><ul><li>Graduate in Engineering from a university of recognized standing, plus a minimum of seven years related experience,</li></ul><p>including two years related experience in network design related to Cyber Security, Operational Technology, or Information<br><br>Technology Infrastructure.</p><ul><li>Professional member in good standing with Engineers Geoscientists Manitoba (or willingness and ability to attain within a</li></ul><p>specified amount of time).</p><ul><li>Has or be willing to obtain certification within 12 months: ISAACA CSX Cybersecurity Practitioner (CSX-P) or (ICS)2 Entry</li><li>Level Cybersecurity certification; and maintain that certification in good standing. Professional certifications such as CCNA,</li></ul><p>CISSP, CISM, CRISC, OSCP, CEH, CGIH, GPE, SANS, etc would be an asset.</p><ul><li>Technical system design and support experience with Information Technology and infrastructure components (firewalls,</li></ul><p>routers, switches, NAT, etc).</p><ul><li>Possess an understanding of Cyber security concepts, controls, frameworks and standards including NIST and ISO.</li></ul><p>Knowledge of ICS Cyber Security Risk Management and NERC Critical Information Protection (CIP) Standards, Programs<br><br>and Procedures, CIP infrastructure components and CIP cyber assets. Familiarity with compliance standards, evidence<br><br>requirements and understanding audits and assessments.</p><ul><li>Strong written and verbal communication skills with a demonstrated ability to communicate effectively, deliver reports,</li></ul><p>recommendations, and presentations, and the ability to build and maintain harmonious working relationships with staff across<br><br>the enterprise at all levels.<br><br>Excellent organizational and interpersonal skills, including facilitation, and negotiation.</p><ul><li>Demonstrated creativity in resolving complex information technology issues, implementing new processes and products and</li></ul><p>redesigning work processes.</p><ul><li>Demonstrated initiative, and ability to prioritize, and achieve results in a timely manner.</li><li>Possess good analytical skills, be self-motivating, and possess mature judgment with the ability to make and implement sound</li></ul><p>decisions. </p><ul><li>Possess a valid Province of Manitoba Driver's Licence.</li><li>Must obtain and maintain a current Personnel Risk Assessment and a "Clear" security rating in accordance with Manitoba</li></ul><p>Hydro policy P513. </p><ul><li>Must complete Manitoba Hydro Standards of Conduct training.</li><li>Critical Infrastructure Protection (CIP) Training is required and must be completed prior to transfer date and renewed annually.</li></ul><p><em>Salary Range</em></p><p>Starting salary will be commensurate with qualifications and experience. The range for the classification is $51.34-$70.34 Hourly,<br><br>$98,380.88-$134,784.78 Annually.</p><p><em>Apply Now</em></p><p>Visit to learn more about this position and to apply online.</p><p>The deadline for applications is NOVEMBER 18, 2025.</p><p>We thank you for your interest and will contact you if you are selected for an interview.</p><p><em>This document is available in accessible formats upon request. Please let us know if you require any accommodations</em><br><br><em>during the recruitment process.</em></p><h2>IND1</h2>