Cyber Security Operational Technology Senior Analyst

Overview:

Pembina Pipeline Corporation’s Calgary office is actively hiring for a Sr Analyst, Cyber Security Operational Technology (OT) to join our Cyber Security team. Reporting to the Manager, Cyber Security Ops & Identity Management, the Senior Analyst acts as a key technical liaison between Cyber Security and field teams, supporting the secure and reliable operation of Pembina’s Operational Technology (OT) systems.

Pembina's Information Services Unit manages and maintains the company's infrastructure, provides technical support, ensures data security and accessibility, implements new technology, strategies for future development, manages vendors, and ensures compliance with relevant laws and regulations. We depend on our talented people who are constantly looking for innovative ways to improve our processes and existing technologies. Our focus is to collaborate with our customers and colleagues to land cutting edge technologies to help improve the way we work, maximize productivity, and reduce cost which in turn contribute to the environmental solutions that help with our climate change challenges. We are building a diverse team of open-minded, adaptable and innovative people, to keep up with the changing world of technology.

Responsibilities may include but not limited to:

Cyber Security for OT Systems:

• Implement and maintain cyber security controls for OT environments, including industrial control systems (ICS), SCADA, and distributed control systems (DCS);
• Lead and support cyber security projects focused on safeguarding control systems and critical infrastructure, including system hardening, network segmentation, and threat detection;
• Collaborate with engineering and operations teams to design and implement secure architectures for OT systems; and
• Define and enforce secure remote access practices for vendors, integrators, and internal users, ensuring access to OT systems follows least privilege principles and is monitored appropriately.

Incident Response & Monitoring:

• Monitor, support, and lead cyber security incident response activities affecting OT systems, ensuring timely resolution and coordination with operations and engineering teams; and
• Assist in the integration of OT telemetry into enterprise monitoring and detection capabilities, providing expertise on OT-specific attack scenarios, risks, and response considerations.

Lifecycle Integration & Continuous Improvement:

• Embed cyber security requirements into the OT system lifecycle, including design, procurement, commissioning, and decommissioning;
• Identify opportunities for innovation and improvement in OT security practices through architecture, tooling, and process enhancements; and
• Stay current with emerging OT cyber security threats, vulnerabilities, technologies, and industry trends.

Vulnerability Management, Policy & Compliance:

• Conduct risk and vulnerability assessments for OT systems, including evaluating risks related to legacy systems, unsupported software, and industrial protocols, and recommend appropriate mitigation strategies;
• Develop remediation strategies that consider operational constraints, including the use of compensating controls where patching is not feasible;
• Ensure OT systems comply with Pembina’s cyber security policies, industry standards, and regulatory requirements, while supporting the development and enforcement of OT-specific security policies and procedures; and
• Support OT cyber security audits and assessments, while providing training and guidance to field teams to strengthen awareness of cyber security risks and best practices.

Other Responsibilities:

• Support Pembina’s safety culture of "Zero by Choice" and the “Life Saving Rules”. To read more about our Life Saving Rules, visit pembina.com/safety; and
• Participate and support a diverse and inclusive workplace.

Qualifications:

• Bachelor’s degree in Computer Science, Engineering or a related discipline, or an equivalent combination of education and experience;
• Extensive experience (between 5-10+ years) in cyber security, OT systems, or industrial control systems (ICS);
• Experience working on cyber security projects involving control systems and critical infrastructure is required;
• Relevant certifications (e.g., CISSP, GICSP, ISA/IEC 62443) are considered an asset, along with experience in the energy, oil and gas, or utilities sector;
• Demonstrated strong analytical and troubleshooting abilities, with in-depth knowledge of OT systems, including ICS, SCADA, DCS, and PLCs;
• Hands-on experience with OT security technologies, including firewalls, intrusion detection systems (IDS), endpoint protection, industrial firewalls, and passive network monitoring solutions;
• Strong understanding of OT network protocols (e.g., Modbus, OPC, Ethernet/IP) and experience designing secure architectures to protect control systems and critical infrastructure;
• Experience with ServiceNow, supporting OT incident response in collaboration with field operations teams, and contributing to broader governance, risk, and compliance (GRC) functions considered an asset;
• Familiarity with cyber security frameworks such as NIST CSF, IEC 62443, and ISO 27001;
• Familiarity with industrial control system vendors (e.g., Rockwell, Siemens, Schneider Electric, Honeywell) and experience implementing and managing cybersecurity tools;
• Excellent communication and interpersonal skills to effectively collaborate with technical and non-technical teams;
• Demonstrates a strong commitment to continuous improvement and innovation, supported by excellent analytical and problem-solving abilities;
• Passionate about cybersecurity and continuous learning, with a proactive, self-motivated approach and strong ability to collaborate effectively while managing priorities and deadlines; and
• Demonstrated ability to advance cybersecurity initiatives focused on protecting control systems and critical infrastructure, ensuring the resilience of Pembina’s operations against evolving cyber threats.

Pembina’s Flexible Work Standard provides the option for eligible employees to work remotely on Fridays