Classification: Information Systems R27

Union/Excluded: BCGEU

Security Screening: Required

Additional Info: An eligibility list to fill future vacancies may be established. Testing may be required. Lesser qualified applicants may be appointed at a lower level.

We are seeking a Senior Security Analyst to join our team in VICTORIA, British Columbia, Canada. 

Reporting to the Team Lead, IT Security, the Senior Security Analyst is responsible assisting in the delivery of the Information Security program by maintaining, monitoring and administering security tools, network, technology and services on behalf of the corporation. This role provides oversight of the security services provided by alternative service providers, ensuring all activity conforms to corporate security policy, standards and procedures and other relevant legislation, and meets the highest security standards for a variety of sensitive information.

Hybrid Work Model 
This position is located in our Victoria, BC office. You will have the flexibility to work part of the time on-campus and part of the time off-campus. The requirement for in-office presence is a minimum of 40% of your schedule in a month. Additional requirements are determined by the role functions and operational needs of each business area.  

Responsibilities

•    Develops, implements, and maintains a comprehensive data security framework/architecture to protect the confidentiality, integrity and availability of the organization's data and technology and advises on information technology disaster recovery and business continuity planning.

•    Provides technical leadership and policy direction for the organization in all aspects of information security and provides critical input on all systems applications at all stages of development and maintenance to ensure they meet security standards.

•    Reviews contracts for inclusion and adequacy of security clauses.

•    Develops information technology security policies, procedures and standards to protect sensitive data and to enable secure data transmission and storage. Plans, implements and enforces security policies, procedures, standards and technologies.

•    Identifies security incidents, ensures appropriate reporting according to policy, as well as planning mitigation and remediation.

•    Reviews security measures and updates ensuring they address new and emerging security threats.

•    Evaluates requests for security system changes and enhancements and recommends the appropriate course of action.

•    Plans information technology Threat and Risk Assessments with clients to determine specific security needs, address deficiencies and ensure that systems comply with audit requirements, quality plans and security standards.

•    Develops standards and procedures for responding to security incidents and ensures the application of corrective measures to prevent recurrence.

•    Perform threat hunting to detect and isolate threats and provide recommendations.

•    Act as designated lead on projects to ensure a successful transition to SOC for security monitoring services.

•    Maintain up-to-date understanding of security threats, countermeasures, security tools and network technologies

•    Advanced understanding of client-server applications, multi-tier web applications, relational databases, firewalls, VPNs, and enterprise Anti-Virus products.

•    Collaborate with different teams within the organization to ensure network security is considered and integrated into all aspects of the business.

•    Conducting security assessments through vulnerability testing and risk analysis.

•    Performing both internal and external security audits.

•    Analyzing security breaches to identify the root cause.

•    Continuously updating the company's incident response and disaster recovery plans.

•    Verifying the security of third-party vendors and collaborating with them to meet security requirements.

•    Work with the security team to perform tests and uncover network vulnerabilities.

•    Fix detected vulnerabilities to maintain a high-security standard.

•    Stay up-to-date on information technology trends and security standards.

Qualifications

Must have

•    Degree in Computer Science or related field and three years of recent, related experience; OR Diploma in computer science or related field and five years of recent, related experience; OR an equivalent combination of education, training and/or experience may be considered. Preference may be given to those with four years of recent, related experience.

•    Demonstrated experience with a security focus in a Microsoft environment.

•    Experience performing security audits, risk assessments and analysis.

•    Experience with Security Incident Management processes, tracking and reporting.

•    Experience working in a Security Operations Centre, or equivalent.

Nice to have:

•    Experience with NIST guidelines, incident response, and cloud security.

•    Experience working with security related technologies including SIEM, EDR, Vulnerability Management, and network security appliances (firewalls, IPS, routers, etc.).

•    Experience with vulnerability management solutions and knowledge of identity access management.

•    Professional designation as a Certified Information Systems Security Professional or Certified Information Security Manager, or equivalent.

Knowledge, Skills and Abilities

•    Ability to deliver subject matter expertise of Microsoft 365 with emphasis in security, architectural design, migration, management and support of implementations.

•    Ability to monitor network performance and integrity to ensure confidentiality, integrity, and availability of information.

•    Overall Microsoft 365 security expertise including strong knowledge of Azure Active Directory, Azure Information Protection, single sign-on and multi-factor authentication and related technologies.

•    Demonstrate consultative capabilities by providing value added information to users for connecting technology, security and the business value of Microsoft 365.

•    Drive Microsoft 365 security adoption and lead technical effort to enable Azure Information Protection.

•    Ability to lead and participate in ongoing Microsoft 365 security and strategy discussions.

•    Current knowledge of Microsoft 365, including changes & updates, roadmap & releases, and third-party solutions.

•    Strong knowledge and experience in; Exchange Online Protection, SharePoint Online, Intune (Conditional Access/MDM/MAM), OneDrive for Business, Microsoft 365 tenant, Permissions (Tenant/Security & Compliance Center/Exchange Online), Data Loss Prevention, Archiving, eDiscovery and Compliance.

•    Knowledge of document system configurations, standards and procedures.

•    Knowledge of all aspects of IT security including current technologies and best practices.

•    Knowledge of change management processes and project management methodologies.

•    Knowledge of the installation, configuration, maintenance and problem resolution of hardware, software, operating systems and network components.

Application requirements

Cover letter: Please do not submit a cover letter; it will not be reviewed.

Resume: A resume is required as part of your application. Ensure your resume includes your education, the start and end dates (month and year) of your employment, and any relevant information that relate to the job requirements.

Questionnaire: As part of the application process, you will be prompted to complete an online questionnaire to demonstrate how you meet the job requirements. Responses will be used to shortlist applicants against the job requirements. Please allow approximately 15 minutes to complete this questionnaire.

Applications will be accepted until 11:59 pm PST on the closing date. Late applications will not be considered.

Diversity & Inclusion

BC Pension Corporation is an equal opportunity employer committed to establishing an inclusive, equitable, and accessible environment for all. All qualified applicants will receive consideration for employment without regard to race, national origin, age, religion, disability, sexual orientation, gender identity or expression, marital status or any other basis protected by applicable law. 

We are committed to ensuring that reasonable accommodations are made available to persons with disabilities during the recruitment, assessment and selection processes and will provide reasonable accommodations upon request. If you require assistance or accommodation due to a disability, please email us at jobs@pensionsbc.ca.  

Thank you for your interest in working with us. We will let you know about your status in this competition as soon as possible. If you have questions about this opportunity, please email us at jobs@pensionsbc.ca.