Cyber Security Risk Specialist

BCLC exists to generate win-wins for the greater good.

For our people, our players, our communities, our industry, and our planet.

Lottery | Casino | Sports

Being a social purpose company, we are not only able to better align our business decisions with our purpose, but more importantly, we are committing to doing our part in creating a better world.

We bring our purpose to life by ensuring all our actions, behaviours and decisions create benefits for communities and the planet.

Motivated and guided by our social purpose, everything we do must benefit the greater good. And we encourage our employees, partners, players, industry and communities to engage with us on this ambition.

We want you to be where you feel you can do your best work. Most of our jobs can be done remotely providing you reside in BC.

For those who prefer working in a community with others, we have two beautiful offices in convenient locations:

2940 Virtual Way, Vancouver | 74 Seymour Street W, Kamloops

This is a Permanent, Full Time opportunity

Expected Salary Range: $84,981.00 - $106,227.00 - $132,784.00

Our typical hiring range will be +/- 5% of the midpoint shown above

Factors influencing this decision include qualifications and market conditions for the role

The Company

For over three decades, BCLC has delivered exceptional gambling entertainment for British Columbians. To fulfill our social purpose we have a vision to revolutionize gambling entertainment through engaging experiences that build and benefit communities. We operate national and provincial lotteries in partnership with 3500 retail partners, provide the games, technology & oversight to 37 brick & mortar casinos, and operate a safe secure and 100% legal online gambling presence PlayNow.com. In our recently completed fiscal year, BCLC generated a record $1.6 billion in net income to the Province of B.C. to support First Nations, local host governments, health care, education and community programs across the province.

JOB SUMMARY

The Cyber Security Specialist 3 role supports BCLC's Cyber Security program and supports projects and business operations by taking a lead role in identifying information security risks in high-complexity systems, recommending appropriate controls, and assisting with technical mitigation strategies with security operations and / or technology. The aim of the role is to sustain and improve BCLC's information security posture and thereby protect BCLC's information assets. The role conducts senior-level security assessments and incident investigations. Additionally, the role brings deep technical capabilities to support the Cyber Security program.

KEY ACCOUNTABILITIES

• Provides high-level recommendations to management for day-to-day activities associated with BCLC's procedures & systems for the Cyber Security program; working closely with internal stakeholders and external vendors to ensure alignment. Leads the development and continuous improvement of standards, policies, procedures, and methodologies, and identifies gaps and provides creative solutions to enhance departmental processes. Ensures compliance with corporate and industry standards and best practices.
• Serves as an expert on emerging information security trends and industry best practices and standards. Masters domain knowledge to reinforce an understanding of BCLC's key business systems and processes, identifying information security risks and leading the response to information security incidents. Develops and maintains field-specific information security strategies for consideration and input into overall Cyber Security program.
• Enhances and evolves the day-to-day monitoring of the integrity of systems and infrastructure components.
• Leads high-complexity information security compliance and risk assessments of processes, infrastructure and solutions, and shapes and recommends appropriate controls and assisting with technical mitigation strategies.
• Leads the Cyber Security team's investigation of and response to field incidents, ensuring that issues are dealt with in a timely manner. Makes tactical and strategic decisions to ensure an appropriate response to protect the security of BCLC systems and information, while working within defined policies, standards, and procedures. Conducts thorough forensic reviews of platforms, systems, and devices during and post incident, ensuring that data is properly handled, and chain of custody is preserved for potential presentation in court.
• Leads security testing activities such as penetration testing, application security testing, etc. Where instructed by management, leads enterprise vulnerability management function.
• Provides information on system configurations, accounts and information security practices to auditors and regulators as directed by the Cyber Security management team.
• Leads large / high-complexity projects as directed by the Cyber Security program, working collaboratively in a team environment analyzing solutions, processes, and infrastructure, and recommending appropriate information security controls. Develops recommendations for secure solutions, coordinating closely with enterprise architecture teams, enhancing the security architecture repository, and developing secure design patterns & principles. Leads the development and delivery of information security training programs.
• Develops strategic relationships with internal stakeholders, external vendors, industry partners, and auditors to promote collaborative and positive team environments. Develops strategic relationships with other industry peers to facilitate information exchange and partnering. Provides technical expertise and support to BCLC's privacy and compliance functions as appropriate.
• Provides instruction, training, and occasional work delegation to Cyber Security 1 and 2 roles and leads information security governance throughout the organization. Provides Subject Matter Expert (SME) coaching, mentoring and seasoned leadership on information security matters with domain owners from an enterprise perspective, evangelizing cyber security, and 'selling' the value of good information security risk management to the organization.
• Acts as a delegate for their leader as required.

QUALIFICATIONS

A combination of education, experience, and demonstrated skills may be considered.

EDUCATION & EXPERIENCE

• University / Bachelor's degree in a relevant discipline such as computing or information security;
• 4 to 6 years relevant and progressive experience in a relevant field such as computing or information security;
• Experience assessing and remediating information security issues in areas such as identity & access management, risk analysis / management, endpoint security, architecture, network security / penetration testing, application security testing, compliance testing or security operations;
• At least one information security certification, such as CISSP, CISM or GSEC, is required;
• Experience assessing the security of web, cloud computing, SaaS, and mobile applications;
• Experience producing information security metrics and reporting;
• Extensive experience with security tools, such as SIEM, file integrity monitoring and database monitoring;

KNOWLEDGE & TECHNICAL SKILLS

• Expert knowledge of networking fundamentals (e.g. TCP / IP, SSL / TLS, firewalls, IDS / IPS, etc.), information security frameworks, and security standards & regulations related to data privacy and security;
• Expert knowledge of and experience with Windows and / or Linux, especially in an enterprise environment (e.g. Active Directory, Group Policy, Red Hat Satellite, etc.);
• Proficient working with security tools, such as SIEM, file integrity monitoring, and database monitoring;
• Deep understanding of information security risk management, controls, and compliance;
• Advanced technical security skills (Application and OS hardening, vulnerability assessments, security audits, networking, IDS, firewalls, etc.);
• Enhanced technical writing skills; able to confidently and competently author complex, multi-faceted and strategic documentation for technical, management and executive audiences;
• Proficient user of Microsoft Office Suite: Word, Excel, Outlook, PowerPoint, etc.

COMPETENCIES

• Exceptional attention to detail and accuracy;
• Advanced business acumen;
• Advanced problem-solving skills spanning multiple technologies, with ability to think analytically and innovate accordingly;
• Advanced interpersonal and relationship-building skills;
• Advanced written and verbal communication and presentation skills, with ability to effectively convey technical and business concepts to technical, management and executive audiences, and facilitate clear collaboration within cross-functional teams;
• Advanced time management, organizational, and multi-tasking skills to manage multiple concurrent objectives, projects, groups, and activities, and support team leadership / management and enterprise-wide initiatives;
• Able to deal with highly sensitive matters with a high degree of tact and diplomacy.

BCLC has organizational Values that reflect the culture we strive to maintain. All employees are expected to ensure their actions, decisions, and interactions consistently align with BCLC's Values, Respect, Integrity, and Community.

• Building Trust;
• Customer Focus;
• Welcome change and adapt quickly;
• Hold oneself and others accountable for their behaviours.

Preference may be given to individuals who have the following:

• Experience with Python, Powershell, or another scripting language would be an asset;
• Experience with information security systems such as SOAR, EDR, DLP, is desirable;
• Technology administration certifications, such as MCSE, CCIE, RHCE (Network Security Engineer), CCNP, AWS Certified Advanced Networking, VCP-NV 2019, are an asset;
• EnCase® Certified Examiner (EnCE) and GIAC GCFE and / or GCFA forensic certifications (DFIR Engineer) are an asset;
• Experience in security controls and integrations related to Microsoft 365 or AWS implementations are an asset;
• Understanding of Agile methodology or experience working with a similar cross-functional team environment would be an asset;
• Understanding of B.C. gaming industry would be an asset.

WORKING CONDITIONS (IF APPLICABLE)

• Infrequent travel may be required for conferences, internal stakeholder and external vendor interactions, training, meetings with industry partners and / or auditors, on-site assessments / inspections, etc.

What's in it for you

• Defined benefit pension plan which provides a recurring income you can depend on for life throughout retirement
• We pride ourselves on our flexible working model which supports work-life integration and our 37.5 hour work week
• Professional development including education/certification sponsorship, in house leadership cohorts, LinkedIn Learning
• See all our rewards here
  

However you identify, or whatever your path in life, if you see something here that makes you excited to get to work every day, please apply. We hire people for skills, capabilities and potential, not just education and experience.

We value Respect, Integrity and Community, and we provide an inclusive environment where everyone can feel like they belong.

Our social purpose is much more than returning 100% of net income to the province in the form of healthcare & education programs, and community gaming grants. Check it out!

Did you know BCLC is an industry leader in player health and safe & responsible gambling? Find out more!

If you require accommodation so you can be at your best in the interview, please let us know: recruitment@bclc.com.

All candidates must be at least 19 years of age and legally eligible to work in Canada