Coast Capital Savings is looking to hire for two positions at its headquarters in Surrey, BC. The position described below is for a Senior Information Security Engineer.
What’s the job?
The Senior Information Security Engineer is responsible for leading technical aspects of the security operations and oversight of key security defenses. The Senior Information Security Engineer is also responsible for leading the technical security assessments and assurances of Coast’s information systems and applications as well as the security monitoring and acts as the technical lead in the components required in order to analyze and contain a security incident.
What you’ll get to do:
- Lead and provide security subject matter expertise in the planning and implementation in the operational security elements for the organization.
- Participate as part of the Change Advisory Board and/or designated approver in the review of major or significant changes as it pertains to the confidentiality, integrity, and availability of the production infrastructure.
- Responsible for the development, configuration and monitoring of SIEM and/or other security components in the alerting, analysis, and reporting of security events.
- Coordinate with 3rd party security partners and vendors, including a 3rd party SOC.
- Follow up and regularly report on the remediation activities and progress made by the applicable ITG teams in the identified vulnerabilities and risks
- Regularly, as well as where material changes to the production environment occur, review and assess all IT systems and infrastructure components to provide assurance of their proper and secure configuration and operations.
- Perform as the CSIRT Technical Lead in order to properly analyze, contain, eradicate, and recover an information security incident, providing relevant updates to the CSIRT Manager along the way.
- Contribute to developing applicable and relevant metrics to measure the efficiency and effectiveness of the operation of security and of the program in order to improve and mature the security posture within the organization.
- Maintain knowledge and skills in order to stay current on emerging threats and issues, trends and technology solutions.
- Provide risk analysis in the technical aspects of applications and infrastructure to ensure adequate levels of security are deployed at the system level.
- Provide technical expertise, support and training to staff on security practices.
- Lead in the identification of potential vulnerabilities within systems, networks, DBs, applications and recommend suitable controls and countermeasures to mitigate such vulnerabilities.
- Review the implementation and operation of security systems and their corresponding or associated software to ensure they operate as designed.
- Coordinate regulatory and other audit requests with applicable ITG and business teams, as required.
- Perform specialized security penetration testing or vulnerability assessment testing, where and when required.
- Provide guidance to other IT operational teams around cyber threats and potential technical and non-technical mitigating controls.
Who are we looking for?
- Minimum 7 – 9 Years of Job Related Experience
- Bachelor's Degree or a diploma requiring 3 - 4 years of full-time study.
- Expertise and extensive experience with administering security products and services, such as anti-virus, firewalls, DLP, SIEM, Web Security Gateways, email SPAM, etc.
- Expert Working knowledge of systems and application development, system integration methodologies, IT best practices, and information security.
- Expert hands on and working knowledge and understanding of technical and administrative controls for web, application, client/server, database and network security controls with previous hands on experience.
- Expert knowledge and extensive experience in risk assessments and identification of control strengths/weaknesses and opportunities for improvement of current/proposed infrastructures, systems, 3rd party ISP/ASP and cloud environments.
- Expertise and extensive experience in security and compliance audits, internal/external penetration analysis, and vulnerability research.
- Expertise and extensive experience with assessing and auditing network controls such as firewalls, IDS/IDP, DNS, VPN, 2-factor authentication, port/packet filtering, VLANs, physical and logical separation of network segments, security zoning, and
- Broad based proficiency and some in-depth advanced knowledge in a wide range of technologies along with a solid grasp of the trends and direction for emerging technologies.
- Hands on proficiency experience with Microsoft enterprise level products and Unix/Linux based environments and technologies.
- Proficient through experience and tenacity to seek out pertinent information from vendors and 3rd parties in their capabilities and their relative strengths and weaknesses in terms of security.
- Advanced to expert working knowledge and in the application of ISO 27001/2, COBIT, and ITIL. Proficiency with NIST, SABSA, TOGAF, and other industry best practices would be an asset.
- Proficient to advanced along with knowledge of legislation and regulations affecting information security and the financial industry, such as INTERAC, FICOM, OSFI, BC PIPA / PIPEDA, and PCI-DSS. Experience with and knowledge of INTERAC, FICOM, and
- Member of ISACA or part of the local information security or assurance community would be an asset.
- Excellent organizational skills.
- Ability to set and manage priorities judiciously.
- Excellent written and oral communication skills.
- Ability to present ideas in business-friendly and user-friendly language.
- Exceptionally self-motivated and directed.
- Keen attention to detail.
- Superior analytical, evaluative, and problem-solving abilities.
- Ability to motivate in a team-oriented, collaborative environment.
- Ability to research, recommend and implement industry best practices.
Why join Coast Capital Savings?
We don’t mean to toot our own horn, but…
- We improve Canadians’ financial well-being through providing simple financial help.
- Employees do what’s best for our members. Every day.
- We believe in being a great corporate citizen so we invest in our local communities by donating our time, money and expertise.
- Our employees take advantage of the many opportunities to grow their careers.
- Employees love having a cool place to work, which includes wearing their jeans on Fridays & Saturdays and being recognized with a virtual (and, at times, an actual) high-five.
- Our inspiring leaders help our employees develop their talents and encourage them to be their fabulous selves.
- We have a unique culture where we take our business seriously, but ourselves, not so much.
- In 2017, we earned double kudos by being named one of BC’s Top Employers and one of Canada’s Best Managed Companies – two of the nation’s most coveted business ads, may we add.
Candidates can apply for this position through the Coast Capital Savings website.
This entry was posted on January 21, 2019