Description
Reporting to Hydro One's Chief Security Officer, this role is accountable for cybersecurity operations, the associated security technology used to identify and mitigate cyber risk and the lifecycle management of those security technologies used within the enterprise at Hydro One. This includes working with the enterprise security architect in planning, acquisition, and managing the implementation of the technology. This role is also responsible for the effective and efficient operations of the 24/7 cyber incident responses processes including the hybrid operational model between Hydro One and our Managed Security Services Provider.
The role is accountable for ensuring Hydro One is appropriately positioned against an evolving cyber threat landscape from a security technology and operations perspective. As the landscape evolves, this role is required to ensure the security technologies and the associated processes evolve to ensure effective identification, mitigation and response to the current and future cyber-related events, threats and risks.
Specific Accountabilities
- Manage a team of security technology professionals
- The position is accountable for life cycle management of security technologies.
- Leverage security products and technologies to ensure the controls provide the required level of security protection and compliance.
- Identify new products to add to the security architect portfolio, ensuring Hydro One is positioned to identify and defend against threats and the evolving associated landscape.
- Work with the CSO and heads of Power Systems and Corporate Systems to make security product and technology acquisition decisions
- Requires vendor management and working with Supply Chain to ensure pricing structures, vendor governance and risk management practices are adhered to.
Operations Leadership Accountability
- Accountable for the configuration of the products and technologies to provide the organization with day to day security protection and compliance. This includes following up and investigating alerts, evolving the coverage of these products and technologies (updates, new use cases, installing on new platforms, identifying gaps in coverage etc.).
- Develop and instill a culture that day to day operations are important and a key element of managing cyber security risk, resilience and compliance.
- Further developing and operationalizing the organizations vulnerability management program, patch management program and penetration testing program.
- Approval of fire wall rule changes, extraordinary access control requests, and approval of operational readiness of all project prior to going "live".
- Security Incident Management
- Accountable for security incident management and managing an on call schedule 7 x 24 x 365
- Ensure the organization has the appropriate arrangements in place for incident and forensic services
- Ensure effective response processes and management of security events, incidents, emergencies and crisis to timely conclusion.
- Participate in mock drills and simulations for security incident management.
Project Leadership
- Accountable for driving a number of security technology projects to completion in a timely basis.
- Accountable for ensuring security technologies and operations are properly positioned as part of the project life cycle and the projects going live have all of the required security technologies and operations coverage.
- Ensure new systems are properly setup and being monitored to the right level.
- Certifying that new infrastructure has been hardened and patched prior to go live and tools are installed and monitored appropriately etc.,
Risk Management and Reporting
- Augment existing metrics to create an ongoing real time state of operational security, risk management and compliance for the organization.
- Position security risk and operational reporting within the context of the threats and risks facing the organization
Financial Management
- Manage the budget for the area and contribute to the 5 year Security Technology Operations Investment Plan.
Key Stakeholders
- This position works across the organization - key stakeholders include Architecture, Technology Management - Leadership, Project and Program Managers, Internal Audit, Risk Management, Compliance etc.
Selection Criteria
- University Degree in Computer Science, Business or another related discipline.
- CISSP Certification.
- 7-10 years related IT and Security Experience.
- Relevant Experience in a Management-Leadership Role - direct management responsibility for 5-8 security-technical staff.
- Experience managing third party Security and IT Providers.
- Demonstrated track record leading and implementing change across a complex matrix organization.
- Strong Project Delivery Skills - Ability to meet tight deadlines.
- 7 x 24 rotational on-call required for high priority security incidents.
- The ideal candidate would be able to receive a federal government security clearance that is Secret/Top Secret
Contact
Hydro One Inc.
483 Bay St
Toronto
Ontario Canada
www.HydroOne.com
From the same organization
31 May, 2026
28 Apr, 2026
28 Apr, 2026
