Competition #
HW25-97E
Title
Cyber Security Analyst- GRC (Governance, Risk and Compliance)
Department
Corporate Services
Primary Function
The Cyber Security Analyst role is a position that plays a key role in identifying, implementing, managing, and maintaining information and operational technology security measures within the Halifax Water Corporate Services Department. This role will work with the Project Management Office, Engineering Information, Information Services and Technical Services, as directed by the Manager, Cyber Security Governance, Risk and Compliance (GRC).
Duties & Responsibilities
- Participate in the development and implementation of the cybersecurity program which includes all Halifax Water staff, technologies, services and processes.
- Lead Halifax Water’s response to cybersecurity threats as the first point of contact for all cyber security incident detection and mitigation.
- Monitor and identify security alerts of interest, perform preliminary investigation and notify stakeholders, ensure appropriate event monitoring and alarms are in place to quickly identify potential cybersecurity threats.
- Ensure threat information is communicated to all individuals with roles or responsibilities for OT & IT security, the system owner, and other Halifax Water management staff as needed.
- Assist in the selection and specification of all hardware and software assets that have the potential to impact the security of Halifax Water’s OT & IT systems.
- Assist in the development and maintenance of all cyber security policies, processes and procedures based on best practices in common frameworks such as NIST and ISO 27001/27002.
- Develop and maintain cyber security incident response plans, playbooks and contacts list
- Develop and implement a plan for annual security audits, including disabling employee logins that are determined to be compromised.
- Develop a vulnerability management strategy that includes procedures for OT & IT system and application patching, active and passive vulnerability assessments, vulnerability identification and analysis, and vulnerability remediation.
- Lead the vulnerability and patch management process and follow up to ensure all approved updates have been completed and documented in an acceptable timeframe.
- Participate in the review of operational/capital projects to ensure security policies, requirements and best practices are effectively applied.
- Make recommendations regarding identification and mitigation of cybersecurity related risks as part of Halifax Water’s Enterprise Risk Management Program.
- Manage cybersecurity contracts with vendors such as Vulnerability & Patch Management, Incident Response, Network Protection etc. Oversee the performance of cybersecurity consultants and provide recommendations to I&T Management.
- Ensure all technology projects meet Halifax Water cyber security requirements by participating in the selection and implementation of all new technology systems.
- Prepare reports about the status of the information security monitoring service including Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs)
- Oversee the Cybersecurity Awareness Program, ensuring Halifax Water employees understand cybersecurity threats and the process to report them.
- Implement cyber security awareness solutions as required, including arranging Halifax Water employees to attend advanced cybersecurity training when deemed required
Reporting Relationships
- Reports to: Manager, Cyber Security & Information Systems
- Supervises: Future: Provides leadership and assigns tasks to junior cyber specialists and contractors.
Minimum Qualifications
Education and Experience
- Education:
- An undergraduate degree including specialized training in information technology or post-Secondary diploma in Computer Science/Information, Technology/Electrical Engineering Technology (Other equivalent combinations of formal education and related experience may be considered).
- Experience:
- Two years' experience in Cybersecurity with an additional three years of broad experience in information services management or operational technology management including Infrastructure management, architecture, IT/OT service management and delivery, client services, systems development, computer networks, and systems management. A combination of equivalent education and experience may be considered.
- Hands on experience with the following:Strong understanding of enterprise operating systems (Windows)
- Strong understanding of modern security technologies (DLP, encryption, endpoint defense, perimeter defense)
- Strong understanding of identity and access management functions (IAM, PKI, PIM, PAM)
- Monitoring and evaluating systems for vulnerabilities and threats
- Strong knowledge and experience with network infrastructure, concept and data communication protocols (i.e., TCP/IP, HTTPS, SFTP)
- Virtualization technologies (VMware, Hyper-V, Azure VM’s)
- Hands on experience with the following:Strong understanding of enterprise operating systems (Windows)
- Hands on experience with the following preferred:
- Understanding of ICS security and other operational systems
- Enterprise security technology including firewalls and VPN
- Knowledge of security applications such as IDP, IPS, SEM, SIEM and anomaly detection tools
- Ability to read and understand packet captures
- Documenting analysis and assessment reports, architecture and network diagrams
- Endpoint detection solutions such as EDR, MDR
- Cloud security concepts including Azure and Office 365
- Server, application and network monitoring solutions
- Familiarity with the fundamental principles of ITIL and ticketing systems
- Two years' experience in Cybersecurity with an additional three years of broad experience in information services management or operational technology management including Infrastructure management, architecture, IT/OT service management and delivery, client services, systems development, computer networks, and systems management. A combination of equivalent education and experience may be considered.
Other Requirements
- Must have or be willing to achieve in the first 12 months of employment, certification in one of the following (or equivalent):
- Certified Information Systems Auditor (CISA)
- Certified Information Systems Security Professional (CISSP)
- Global Information Assurance Certification (GIAC)
- Certified Ethical Hacker (CEH)
- ITIL Foundation Certification is considered an asset.
- Understanding of NIST Framework and Certification process is considered an asset.
- Valid NS Drivers’ License and access to reliable transportation on an ongoing basis.
- Must be willing to undertake and maintain the following safety training:
- First Aid
- Globally Harmonized System (GHS) (Formerly WHMIS)
- Additional safety training as identified based on legislative and operational requirements
Knowledge, Skills and Abilities
- Strong motivational, leadership and interpersonal skills.
- Strong customer-service orientation.
- Ability to write business cases for new technology or for technology upgrades.
- Demonstrated ability to communicate effectively, both orally and in writing.
- Demonstrated ability to work within a team environment to accomplish organizational goals.
- Demonstrated ability to co-ordinate and organize the information services functions using the latest technology.
- Demonstrated ability to analyze client requirements, research, evaluate and implement software.
- Strong computer proficiency with Microsoft Office suite (Word, Excel, PowerPoint, Project, Visio)
- Ability to negotiate and collaborate with stakeholders, teams, vendors, and third-party service providers
- Strong verbal, written, and interpersonal communications skills
- Strong analytical & problem-solving skills
- Ability to work in a fluid team environment & managing multiple priorities.
How to Apply
Applicants who applied previously for this competition do not need to reapply.
Completed cover letters and application forms [PDF] or resumes, stating Competition #HW25-97E must be received by 12:00 p.m., June 13, 2025. Please forward to:
- Halifax Water
HR Department
P.O. Box 8388, RPO CSC
Halifax, NS
B3K 5M1
Fax
-
902-490-6934
Please note: Only applicants invited for an interview will be contacted.
Conditional Items Required for Employment:
- Satisfactory background check
- Satisfactory pre-employment testing
Halifax Water is an equal opportunity employer.
Halifax Water’s goal is to be a diverse workforce that is representative of the community we serve, at all job levels. Halifax Water believes a diverse workforce positively contributes to its success, and the success of our community. We encourage applications from qualified African Nova Scotians, LGBTQ+ community, racially visible persons, women in non-traditional positions, persons with disabilities and Indigenous persons. Halifax Water encourages applicants to self-identify in the cover letter.