Cyber Security Risk Specialist

at  BCLC

JOB SUMMARY

The Cyber Security Specialist 3 role supports BCLC’s Cyber Security program and supports projects and business operations by taking a lead role in identifying information security risks in high-complexity systems, recommending appropriate controls, and assisting with technical mitigation strategies with security operations and / or technology. The aim of the role is to sustain and improve BCLC’s information security posture and thereby protect BCLC’s information assets. The role conducts senior-level security assessments and incident investigations. Additionally, the role brings deep technical capabilities to support the Cyber Security program.

KEY ACCOUNTABILITIES

• Provides high-level recommendations to management for day-to-day activities associated with BCLC’s procedures & systems for the Cyber Security program; working closely with internal stakeholders and external vendors to ensure alignment. Leads the development and continuous improvement of standards, policies, procedures, and methodologies, and identifies gaps and provides creative solutions to enhance departmental processes. Ensures compliance with corporate and industry standards and best practices.
• Serves as an expert on emerging information security trends and industry best practices and standards. Masters domain knowledge to reinforce an understanding of BCLC’s key business systems and processes, identifying information security risks and leading the response to information security incidents. Develops and maintains field-specific information security strategies for consideration and input into overall Cyber Security program.
• Enhances and evolves the day-to-day monitoring of the integrity of systems and infrastructure components.
• Leads high-complexity information security compliance and risk assessments of processes, infrastructure and solutions, and shapes and recommends appropriate controls and assisting with technical mitigation strategies.
• Leads the Cyber Security team’s investigation of and response to field incidents, ensuring that issues are dealt with in a timely manner. Makes tactical and strategic decisions to ensure an appropriate response to protect the security of BCLC systems and information, while working within defined policies, standards, and procedures. Conducts thorough forensic reviews of platforms, systems, and devices during and post incident, ensuring that data is properly handled, and chain of custody is preserved for potential presentation in court.
• Leads security testing activities such as penetration testing, application security testing, etc. Where instructed by management, leads enterprise vulnerability management function.
• Provides information on system configurations, accounts and information security practices to auditors and regulators as directed by the Cyber Security management team.
• Leads large / high-complexity projects as directed by the Cyber Security program, working collaboratively in a team environment analyzing solutions, processes, and infrastructure, and recommending appropriate information security controls. Develops recommendations for secure solutions, coordinating closely with enterprise architecture teams, enhancing the security architecture repository, and developing secure design patterns & principles. Leads the development and delivery of information security training programs.
• Develops strategic relationships with internal stakeholders, external vendors, industry partners, and auditors to promote collaborative and positive team environments. Develops strategic relationships with other industry peers to facilitate information exchange and partnering. Provides technical expertise and support to BCLC’s privacy and compliance functions as appropriate.
• Provides instruction, training, and occasional work delegation to Cyber Security 1 and 2 roles and leads information security governance throughout the organization. Provides Subject Matter Expert (SME) coaching, mentoring and seasoned leadership on information security matters with domain owners from an enterprise perspective, evangelizing cyber security, and ‘selling’ the value of good information security risk management to the organization.
• Acts as a delegate for their leader as required.

QUALIFICATIONS

A combination of education, experience, and demonstrated skills may be considered.

EDUCATION & EXPERIENCE

• University / Bachelor’s degree in a relevant discipline such as computing or information security;
• 4 to 6 years relevant and progressive experience in a relevant field such as computing or information security;
• Experience assessing and remediating information security issues in areas such as identity & access management, risk analysis / management, endpoint security, architecture, network security / penetration testing, application security testing, compliance testing or security operations;
• At least one information security certification, such as CISSP, CISM or GSEC, is required;
• Experience assessing the security of web, cloud computing, SaaS, and mobile applications;
• Experience producing information security metrics and reporting;
• Extensive experience with security tools, such as SIEM, file integrity monitoring and database monitoring;

KNOWLEDGE & TECHNICAL SKILLS

• Expert knowledge of networking fundamentals (e.g. TCP / IP, SSL / TLS, firewalls, IDS / IPS, etc.), information security frameworks, and security standards & regulations related to data privacy and security;
• Expert knowledge of and experience with Windows and / or Linux, especially in an enterprise environment (e.g. Active Directory, Group Policy, Red Hat Satellite, etc.);
• Proficient working with security tools, such as SIEM, file integrity monitoring, and database monitoring;
• Deep understanding of information security risk management, controls, and compliance;
• Advanced technical security skills (Application and OS hardening, vulnerability assessments, security audits, networking, IDS, firewalls, etc.);
• Enhanced technical writing skills; able to confidently and competently author complex, multi-faceted and strategic documentation for technical, management and executive audiences;
• Proficient user of Microsoft Office Suite: Word, Excel, Outlook, PowerPoint, etc.

HOWEVER YOU IDENTIFY, OR WHATEVER YOUR PATH IN LIFE, IF YOU SEE SOMETHING HERE THAT MAKES YOU EXCITED TO GET TO WORK EVERY DAY, PLEASE APPLY. WE HIRE PEOPLE FOR SKILLS, CAPABILITIES AND POTENTIAL, NOT JUST EDUCATION AND EXPERIENCE.

We value Respect, Integrity and Community, and we provide an inclusive environment where everyone can feel like they belong.
Our social purpose is much more than returning 100% of net income to the province in the form of healthcare & education programs, and community gaming grants. Check it out!
Did you know BCLC is an industry leader in player health and safe & responsible gambling? Find out more!
If you require accommodation so you can be at your best in the interview, please let us know: recruitment@bclc.com.

Please refer the Job description for details