Mandatory Requirements (Pass/Fail):
➢ Candidate must have at least (5) Five years Demonstrated experience in Cybersecurity Security
Governance, Risk and Compliance.
➢ Candidate must have at least (3) Three years Experience with Business Continuity and Disaster
Recovery Planning
➢ Candidate must have at least (3) Three years Experience developing Security polices, standards
and guidelines
➢ Candidate must have at least (3) Three years Experience with Audit and Regulatory monitoring
and compliance
➢ Candidate must have demonstrated experience developing and managing Cyber Security
awareness and training program.
➢ Candidate must have at least (3) Three years Security Certification (examples of but not limited
to CISSP, CISM, CISA, ABCP, MBCP)
➢ Candidate must be able to work and be located full-time on site at SaskEnergy Head Office in
Regina, Monday to Friday, 8 am to 5 pm.
Background
Enterprise Security is responsible for all aspects of security within the organization including cyber,
physical and personnel security. We operate with our partners in the SCADA and Automations teams to
provide security to the Industrial Control Systems Network along with our partners in Information
Systems to secure the corporate IT infrastructure. The Enterprise Security department is a newly formed
department within SaskEnergy and continues to expand its scope of practice.
1.2 Description of Requirements
SaskEnergy is seeking a Governance, Risk & Compliance and Business Continuity Program Analyst, with
broad security and governance-based backgrounds to join the Enterprise Security team. The preferred
resource should have a minimum of 5 years of recent and practical governance experience, and a
minimum of 5 years working as part of a security team. The resources will need to show a broad
understanding of security principles, practices, and security trends. The proposed resource(s) MUST
have experience working in security governance and business continuity, demonstrated experience in
governance risk and compliance, experience with regulations and standards, show what experience they
have with preparing and maintaining policies and standards, and Security Certification (CISSP, CISM,
CISA). Technical experience to coincide with the security governance experience would be considered an
Asset.
Relevant Skills and Experience
1. Proven experience in creating, maintaining, and updating governance frameworks
2. Background in Information Technology and/or Industrial Control Systems (ICS) and SCADA
environments
3. Strong track record in conducting third-party security risk assessments
4. Ability to perform comprehensive security compliance reviews and address identified concerns
5. Experience in developing and maintaining security processes, procedures, and documentation
6. Familiarity with industry standards and ability to recommend improvements to security policies
and practices
7. Skilled in conducting threat and risk assessments to identify and mitigate vulnerabilities
8. Experience supporting internal and external audits, including evidence collection and reporting
9. Proficiency in documenting, defining, and managing risks and risk exceptions
10. Demonstrate expertise in Governance, Risk, and Compliance (GRC) frameworks and tools
11. Experience monitoring and reporting on change management compliance
12. Ability to work effectively both independently and collaboratively within a team
13. Experience supporting cybersecurity awareness, training, and incentive programs
14. Strong communication and interpersonal skills