Background
Enterprise Security is responsible for all aspects of security within the organization including cyber,
physical and personnel security. We operate with our partners in the SCADA and Automations teams to
provide security to the Industrial Control Systems Network along with our partners in Information
Systems to secure the corporate IT infrastructure. The Enterprise Security department is a newly formed
department within SaskEnergy and continues to expand its scope of practice.
1.2 Description of Requirements
Our client is seeking a Junior Governance, Risk & Compliance Analyst, with broad security and
governance-based backgrounds to join the Enterprise Security team. The preferred resource should
have a minimum of 3 years of recent and practical governance experience, and a minimum of 3 years
working as part of a security team. The resources will need to show a broad understanding of security
principles, practices, and security trends. The proposed resource(s) MUST have knowledge and
experience working in security governance, risk management, compliance, security awareness and
business continuity planning. Demonstrated hands-on proficiency in preparing and maintaining policies,
standards and procedures. Security Certifications such as CISM, CISA, ABCP and/or CISSP would be
considered an asset.
Relevant Skills and Experience
1. Proven experience in creating, maintaining, and updating governance frameworks
2. Background in Information Technology and/or Industrial Control Systems (ICS) and SCADA
environments
3. Strong track record in conducting third-party security risk assessments
4. Ability to perform comprehensive security compliance reviews and address identified concerns
5. Experience in developing and maintaining security processes, procedures, and documentation
6. Familiarity with industry standards and ability to recommend improvements to security policies
and practices
7. Skilled in conducting threat and risk assessments to identify and mitigate vulnerabilities
8. Experience supporting internal and external audits, including evidence collection and reporting
9. Proficiency in documenting, defining, and managing risks and risk exceptions
10. Demonstrate expertise in Governance, Risk, and Compliance (GRC) frameworks and tools
11. Experience monitoring and reporting on change management compliance
12. Ability to work effectively both independently and collaboratively within a team
13. Experience supporting cybersecurity awareness, training, and incentive programs
14. Strong communication and interpersonal skills
The Contract will be effective for an initial term commencing on the date of award and ending on March
31, 2027. After which, SaskEnergy will evaluate its ongoing requirements and may have the option to
renew the Contract for successive one (1) year terms, a maximum of four (4) times.