CLOUD SECURITY ENGINEER
Top Benefits
About the role
CLOUD SECURITY ENGINEER
WINNIPEG, MB
Manitoba Hydro is consistently recognized as one of Manitoba's Top Employers!
Great Benefits
- Competitive salary and benefits package.
- Defined-benefit pension plan.
- Nine-day work cycle which normally results in every other Monday off, providing for a balanced approach to work, family life
and community.
- Flex-time and partially remote work schedule (providing the option to work remotely 3 days per 2 week period), depending on
nature of work, operational requirements and work location.
Manitoba Hydro is a leader among energy companies in North America, recognized for providing highly reliable service and
exceptional customer satisfaction. Join our team of Manitoba's best as we continue to build a company that supports innovation,
commitment, and customer service, while actively supporting a diverse, equitable and inclusive workplace.
Under the general direction of the Cyber Security Director (CISO) and reporting to the Enterprise Cyber Security Program
Department Manager and as a recognized expert on cloud security, ensure the security of MH cloud services and integration with on
premise environments through leading Enterprise Cyber Security Program's (ECSP) cloud priorities, cloud security strategy and
design architecture, cloud security assessments, and cloud security risk management.
Responsibilities:
- Lead the Enterprise Cyber Security Program's (ECSP) cloud priorities: Lead the development of policies, standards,
accountability structures, centralized services to support the implementation of Enterprise Cyber Security Program cloud
related priorities. Design mitigation plans and in collaboration with IT/OT areas create technical responses/guidelines to
support implementation of cloud security-related plans. Guide implementation of changes to meet the needs of a changing
environment (AI-cloud systems, major cloud-based projects such as SAP, AMI) including developing implementation plans for
new cloud technology or monitoring requirements.
- Lead cloud security strategy and design architecture: Create Manitoba Hydro's cloud security strategy and design
architecture including reference architecture and multi-cloud security. Design the cloud security control requirements and
multi-cloud security requirements to support the specialist in deploying the actual cloud security control. Be accountable for
accurate records and reporting. Support the design, project management and approach to cloud security tools. Select
appropriate cloud security tools (potentially more than one vendor) and manage contracts including performance,
negotiations, implementation schedule/planning (project management), participate in change management committees and
design and implement change management for IT and enterprise/corporation depending on impact. Manage schedule for
renewal and updates. Guide design, implementation and contract components including cyber schedule, RFP schedule
drafting and approving, provide guidance on tender evaluation, design appropriate integration with monitoring tools and set
reminders and follow through on conducting audits according to contacts and Manitoba Hydro's needs. Design cloud criteria to
be added to project management scope for projects.
- Lead cloud related security assessments: Provide expert level input to and support the execution of assessment activities
including maturity assessments, scenario assessments, penetration tests, threat risk assessments, enterprise technology
security assessments and other assessments as a means of determining current state and identifying opportunities for
improvement and enhancement. Develop cloud security assessment requirements, guidelines, practices, questionnaires and
potentially manage contract for security assessments of cloud systems. Design audit criteria, review cloud contracts to ensure
audit practices are followed, schedule audits, coordinate with contractors, engage in RFP for audit assessment and control
testing/pen testing, manage contracts including RFP review, payments, and project management of contracts.
- Lead cloud related cyber risk management: Lead the identification, assessment, tracking, and action initiation for
enterprise-wide cloud security related risks.
- Lead cloud related updates for Governing committees: Prepare and deliver cloud related ECSP metrics and status
updates.
- Keep abreast of cloud cybersecurity developments: Develop and maintain good working relationships with industry
MANITOBA HYDRO IS COMMITTED TO DIVERSITY AND EMPLOYMENT EQUITY
Reference Code: CO57078866-01
contacts for the purpose of information exchange and to keep abreast of technology innovation and directions including
participation on committees. Develop and maintain good working relationships with contacts within D&T, Industrial Control
System teams, and interested parties throughout Manitoba Hydro including subsidiaries. Provide expert support for major
cloud-based systems such as SAP, AMI, etc.
- Support cyber security operations where required: Be point of contact for external cloud contract during and post incident
for forensic and contract support (including breach of contract, etc). Support cyber event incident response and recovery as
part of the Incident Response Team. In the event of a significant cyber security incident, you may be called to support
response activities at any time during a 24-hour period to assure Manitoba Hydro system security and reliability.
Qualifications:
- Graduate in Engineering from a university of recognized standing, plus a minimum of seven years related experience,
including two years related experience in network design related to Cyber Security, Operational Technology, or Information
Technology Infrastructure.
-
Member in good standing with Engineers Geoscientists Manitoba.
-
Has or be willing to obtain certification within 12 months: ISAACA CSX Cybersecurity Practitioner (CSX-P) or (ICS)2 Entry
-
Level Cybersecurity certification; and maintain that certification in good standing. Professional certifications such as CCNA,
CISSP, CISM, CRISC, OSCP, CEH, CGIH, GPE, SANS, etc would be an asset.
- Technical system design and support experience with Information Technology and infrastructure components (firewalls,
routers, switches, NAT, etc).
- Possess an understanding of Cyber security concepts, controls, frameworks and standards including NIST and ISO.
Knowledge of ICS Cyber Security Risk Management and NERC Critical Information Protection (CIP) Standards, Programs
and Procedures, CIP infrastructure components and CIP cyber assets. Familiarity with compliance standards, evidence
requirements and understanding audits and assessments
- Strong written and verbal communication skills with a demonstrated ability to communicate effectively, deliver reports,
recommendations, and presentations, and the ability to build and maintain harmonious working relationships with staff across
the enterprise at all levels.
- Excellent organizational and interpersonal skills, including facilitation, and negotiation.
- Demonstrated creativity in resolving complex information technology issues, implementing new processes and products and
redesigning work processes.
- Demonstrated initiative, and ability to prioritize, and achieve results in a timely manner.
- Possess good analytical skills, be self-motivating, and possess mature judgment with the ability to make and implement sound
decisions.
- Possess a valid Province of Manitoba Driver's Licence.
- Must obtain and maintain a current Personnel Risk Assessment and a "Clear" security rating in accordance with Manitoba
Hydro policy P513.
- Must complete Manitoba Hydro Standards of Conduct training.
- Critical Infrastructure Protection (CIP) Training is required and must be completed prior to transfer date and renewed annually.
Salary Range
Starting salary will be commensurate with qualifications and experience. The range for the classification is $51.34-$70.34 Hourly,
$98,380.88-$134,784.78 Annually.
Apply Now!
Visit www.hydro.mb.ca/careers to learn more about this position and to apply online.
The deadline for applications is AUGUST 11, 2025.
We thank you for your interest and will contact you if you are selected for an interview.
This document is available in accessible formats upon request. Please let us know if you require any accommodations
during the recruitment process.
#IND1
About Manitoba Hydro
As Manitoba’s major energy utility, we: • Generate and distribute electricity around the province. • Distribute natural gas in the province. • Export electricity within Canada and the mid-western United States. • Offer a wide range of energy services and programs.
We are recognized within the industry for our reliability, prudent environmental practices, strong relationships with Indigenous peoples, and outstanding community support. Our employees make all these things possible.
CLOUD SECURITY ENGINEER
Top Benefits
About the role
CLOUD SECURITY ENGINEER
WINNIPEG, MB
Manitoba Hydro is consistently recognized as one of Manitoba's Top Employers!
Great Benefits
- Competitive salary and benefits package.
- Defined-benefit pension plan.
- Nine-day work cycle which normally results in every other Monday off, providing for a balanced approach to work, family life
and community.
- Flex-time and partially remote work schedule (providing the option to work remotely 3 days per 2 week period), depending on
nature of work, operational requirements and work location.
Manitoba Hydro is a leader among energy companies in North America, recognized for providing highly reliable service and
exceptional customer satisfaction. Join our team of Manitoba's best as we continue to build a company that supports innovation,
commitment, and customer service, while actively supporting a diverse, equitable and inclusive workplace.
Under the general direction of the Cyber Security Director (CISO) and reporting to the Enterprise Cyber Security Program
Department Manager and as a recognized expert on cloud security, ensure the security of MH cloud services and integration with on
premise environments through leading Enterprise Cyber Security Program's (ECSP) cloud priorities, cloud security strategy and
design architecture, cloud security assessments, and cloud security risk management.
Responsibilities:
- Lead the Enterprise Cyber Security Program's (ECSP) cloud priorities: Lead the development of policies, standards,
accountability structures, centralized services to support the implementation of Enterprise Cyber Security Program cloud
related priorities. Design mitigation plans and in collaboration with IT/OT areas create technical responses/guidelines to
support implementation of cloud security-related plans. Guide implementation of changes to meet the needs of a changing
environment (AI-cloud systems, major cloud-based projects such as SAP, AMI) including developing implementation plans for
new cloud technology or monitoring requirements.
- Lead cloud security strategy and design architecture: Create Manitoba Hydro's cloud security strategy and design
architecture including reference architecture and multi-cloud security. Design the cloud security control requirements and
multi-cloud security requirements to support the specialist in deploying the actual cloud security control. Be accountable for
accurate records and reporting. Support the design, project management and approach to cloud security tools. Select
appropriate cloud security tools (potentially more than one vendor) and manage contracts including performance,
negotiations, implementation schedule/planning (project management), participate in change management committees and
design and implement change management for IT and enterprise/corporation depending on impact. Manage schedule for
renewal and updates. Guide design, implementation and contract components including cyber schedule, RFP schedule
drafting and approving, provide guidance on tender evaluation, design appropriate integration with monitoring tools and set
reminders and follow through on conducting audits according to contacts and Manitoba Hydro's needs. Design cloud criteria to
be added to project management scope for projects.
- Lead cloud related security assessments: Provide expert level input to and support the execution of assessment activities
including maturity assessments, scenario assessments, penetration tests, threat risk assessments, enterprise technology
security assessments and other assessments as a means of determining current state and identifying opportunities for
improvement and enhancement. Develop cloud security assessment requirements, guidelines, practices, questionnaires and
potentially manage contract for security assessments of cloud systems. Design audit criteria, review cloud contracts to ensure
audit practices are followed, schedule audits, coordinate with contractors, engage in RFP for audit assessment and control
testing/pen testing, manage contracts including RFP review, payments, and project management of contracts.
- Lead cloud related cyber risk management: Lead the identification, assessment, tracking, and action initiation for
enterprise-wide cloud security related risks.
- Lead cloud related updates for Governing committees: Prepare and deliver cloud related ECSP metrics and status
updates.
- Keep abreast of cloud cybersecurity developments: Develop and maintain good working relationships with industry
MANITOBA HYDRO IS COMMITTED TO DIVERSITY AND EMPLOYMENT EQUITY
Reference Code: CO57078866-01
contacts for the purpose of information exchange and to keep abreast of technology innovation and directions including
participation on committees. Develop and maintain good working relationships with contacts within D&T, Industrial Control
System teams, and interested parties throughout Manitoba Hydro including subsidiaries. Provide expert support for major
cloud-based systems such as SAP, AMI, etc.
- Support cyber security operations where required: Be point of contact for external cloud contract during and post incident
for forensic and contract support (including breach of contract, etc). Support cyber event incident response and recovery as
part of the Incident Response Team. In the event of a significant cyber security incident, you may be called to support
response activities at any time during a 24-hour period to assure Manitoba Hydro system security and reliability.
Qualifications:
- Graduate in Engineering from a university of recognized standing, plus a minimum of seven years related experience,
including two years related experience in network design related to Cyber Security, Operational Technology, or Information
Technology Infrastructure.
-
Member in good standing with Engineers Geoscientists Manitoba.
-
Has or be willing to obtain certification within 12 months: ISAACA CSX Cybersecurity Practitioner (CSX-P) or (ICS)2 Entry
-
Level Cybersecurity certification; and maintain that certification in good standing. Professional certifications such as CCNA,
CISSP, CISM, CRISC, OSCP, CEH, CGIH, GPE, SANS, etc would be an asset.
- Technical system design and support experience with Information Technology and infrastructure components (firewalls,
routers, switches, NAT, etc).
- Possess an understanding of Cyber security concepts, controls, frameworks and standards including NIST and ISO.
Knowledge of ICS Cyber Security Risk Management and NERC Critical Information Protection (CIP) Standards, Programs
and Procedures, CIP infrastructure components and CIP cyber assets. Familiarity with compliance standards, evidence
requirements and understanding audits and assessments
- Strong written and verbal communication skills with a demonstrated ability to communicate effectively, deliver reports,
recommendations, and presentations, and the ability to build and maintain harmonious working relationships with staff across
the enterprise at all levels.
- Excellent organizational and interpersonal skills, including facilitation, and negotiation.
- Demonstrated creativity in resolving complex information technology issues, implementing new processes and products and
redesigning work processes.
- Demonstrated initiative, and ability to prioritize, and achieve results in a timely manner.
- Possess good analytical skills, be self-motivating, and possess mature judgment with the ability to make and implement sound
decisions.
- Possess a valid Province of Manitoba Driver's Licence.
- Must obtain and maintain a current Personnel Risk Assessment and a "Clear" security rating in accordance with Manitoba
Hydro policy P513.
- Must complete Manitoba Hydro Standards of Conduct training.
- Critical Infrastructure Protection (CIP) Training is required and must be completed prior to transfer date and renewed annually.
Salary Range
Starting salary will be commensurate with qualifications and experience. The range for the classification is $51.34-$70.34 Hourly,
$98,380.88-$134,784.78 Annually.
Apply Now!
Visit www.hydro.mb.ca/careers to learn more about this position and to apply online.
The deadline for applications is AUGUST 11, 2025.
We thank you for your interest and will contact you if you are selected for an interview.
This document is available in accessible formats upon request. Please let us know if you require any accommodations
during the recruitment process.
#IND1
About Manitoba Hydro
As Manitoba’s major energy utility, we: • Generate and distribute electricity around the province. • Distribute natural gas in the province. • Export electricity within Canada and the mid-western United States. • Offer a wide range of energy services and programs.
We are recognized within the industry for our reliability, prudent environmental practices, strong relationships with Indigenous peoples, and outstanding community support. Our employees make all these things possible.