ISL 27R - Senior Security Analyst, CISO Position Classification
Information Systems R27 Union
Burnaby, BC V3J 1N3 CA (Primary)Salary Range
$72,724.97 - $83,014.85 annually plus 9.9% Temporary Market Adjustment Close Date
5/24/2022 Job Type
Regular Full Time Temporary End Date Ministry/Organization
BC Public Service -> Liquor Distribution Branch Ministry Branch / Division
BC Liquor Distribution Branch Job Summary Senior Security Analyst, CISO
Information Systems R27
On November 1, 2021 the BC Public Service announced the COVID-19 Vaccination Policy that defines the conditions and expectations for BC Public Service employees regarding vaccination against COVID-19. Among other possible measures, proof of vaccination will be required. It is a term of acceptance of employment that you agree to comply with all vaccination requirements that apply to the public service. More information can be found here .
At the Liquor Distribution Branch (LDB) our vision of 'Service. Relationships. Results.' is all about providing a valued service, building strong relationships with our stakeholders, and achieving greater results for the province.
The LDB is one of two branches of government responsible for the cannabis and liquor industry of B.C. We operate the wholesale distribution of beverage alcohol and non-medical cannabis within the province, as well as the household retail brands of BC Liquor Stores and BC Cannabis Stores.
We employ nearly 5,000 people in over 200 communities and have hundreds of career opportunities spanning our entire wholesale, retail and corporate operations - from supply chain logistics, to high-tech solutions, and everything in between. The LDB has been named one of BC's Top Employers 12 times over for offering exceptional places to work, flexible work hours and earned days off, extended health and dental benefits, maternity and parental leave top-up payments, a pension program, in-house professional and leadership development, and subsidies for professional accreditation.
The information technology (IT) team is highly customer focused and directly supports four distinct lines of business: retail liquor, wholesale liquor, cannabis, and corporate. These line of business IT teams are supported overall by both a Chief Information Security Officer and a Chief Technical Officer and their respective departments to ensure the organization prioritizes security and innovation.
At present the technology team consists of more than 200 full-time employees and has also adopted a multi-sourcing strategy and leverages external expertise, Cloud SaaS based services and government shared services as appropriate.
The teams integrate, maintain and enhance more than 80 business systems on a hybrid on-premises and cloud infrastructure. These include:
- Merchandising and retail store systems that process 40 million plus customer transactions per year.
- Wholesale, distribution and warehouse systems that enable the movement of 17 million plus cases per year.
- Corporate finance systems to service an annual budget of approximately $3 billion and HR and payroll systems to service more than 5000 employees.
The CISO Department is a highly specialized team which is responsible for the securing the organization against the ever-evolving cybersecurity threat landscape and is structured accordingly to the National Institute of Standards & Technology's Cybersecurity Framework (NIST CSF) which has five domains of responsibilities:
- Identify: Develop an organizational understanding to manage cybersecurity risks to the systems, data, people, assets, and capabilities.
- Protect: Develop and implement appropriate safeguards and mitigation strategies to ensure delivery of critical business services.
- Detect: Develop and implement appropriate processes, procedures, and automated systems to detect any occurrence of a cybersecurity event/incident.
- Respond: Develop and implement appropriate processes, procedures, and systems to respond to any detected cybersecurity event/incident including the collection and preservation of evidence of said incident.
- Recover: Develop and implement appropriate processes, procedures, and systems to maintain and execute plans for systems resiliency, recovery, and restoration of any capabilities and/or services impaired by a cybersecurity event/incident.
Advising senior management, the Senior Security Analyst works with business stakeholders and leads the implementation of key branch security strategies and projects. This position comes with a high degree of authority and autonomous decision making. The Senior Security Analyst is responsible for assessing security risks and identifying control requirements and is focused on creating solutions to address control needs.
The Senior Security Analyst in collaboration with IT project teams, architects, and administrators, assesses systems, applications, HW/SW and provides security advice and recommendations to LDB business and IT leadership during the design, development, deployment and maintenance of security and other systems and platforms. The Senior Security Analyst also leads initiatives to improve the LDB's information security policies and standards and address the changing scope of security threats and computer technologies. The Senior Security Analyst works closely with business leaders and technical teams to ensure information security is an integral component of business processes and IT applications.
The work involves considerable complexity, multiple applications and a wide variety of technologies. The Senior Security Analyst operates within a wide scope of responsibility and all activities of NIST domains, leading the LDB's security and risk management program to ensure the protection of IT information assets across LDB's entire operation.
A criminal record check is required.
Working conditions include the need to work outside of core hours, as and when required. Some weekend work may be required to implement changes.Consider an IM/IT Career with the BC Public Service:
Are you interested in a career as a security professional? Jump start your Security Career - Province of British Columbia (gov.bc.ca)
For complete details about this opportunity, including accountabilities, please refer to the attached job description, also located in the Additional Information section at the bottom of the posting.
An eligibility list for permanent or temporary future opportunities may be established.Position Requirements:Education and Experience:
Degree in computer science, Cybersecurity, or related field with a minimum of 3 years of recent, related experience*
A combination of education, training and experience will be considered. i.e., 6 years of recent, related experience* with a diploma or certificate in Information Technology or related field.
*Recent, related experience must have occurred in the last 8 years and must include the following:
- Experience assessing and addressing software and hardware vulnerabilities.
- Experience leading Cybersecurity projects and/or initiatives.
- Experience with business analysis including working with business users and subject matter experts to produce business case, business and/or software requirements specification documents (BRD and/or SRS), gap analysis, business process design, and other analysis work products.
Preference may be given to candidates with any of the following experience:
How to Apply & Application Requirements:
- Experience Leading Security Threat Risk Assessments (STRA) including identifying and assessment of potential risks, documenting risk ratings and planned treatments and security audits i.e., penetration testing, PCI compliance audit, Segmentation audit etc.
- Industry standard certification including a Certified Information Systems Security Professional (CISSP) or Certified Information Systems Auditor (CISA) or Certified in Risk and Information Systems Control (CRISC) or equivalent.
- Certification in one or more technical disciplines such as CISCO, security (SANS, CSI or other accredited institutes) and/or certification in privacy or information management.
- Certification in business analysis (e.g., Certified Business Analysis Professional, Certified Competency in Business Analysis)
- Experience ensuring business processes comply with information security management policies and standards.
- Experience with a security focus in a Microsoft environment, preferably cloud environment i.e., Azure.
- Experience Leading Security Awareness i.e., developing email, internet and/or password policies and procedures, identifying trending cyber threats recognition and response training/education i.e., company communication on cybersecurity, phishing campaign.
- Experience with change management processes.
- Experience with Identity Access Management (IAM).
- Experience with network security, operations, and development.
- Experience with contributing to the development, implementation / installation, maintenance and operation, and problem resolution of enterprise systems, technologies (HW / SW) and/or network components.
- Experience with project management lifecycle including change management.
- Experience with reporting of vulnerabilities across the organization.
- Experience in identification and/or implementation of mitigation strategies.
- Experience working with security principles and/or controls measures across the organization.
- Experience with application design and development life cycle (SDLC)
- Demonstrated ongoing professional skills upgrading through the completion of course work.
In order to be considered for this position, your application must clearly demonstrate how you meet the education and experience as outlined in the Position Requirements section above. Applicants selected to move forward in the hiring process may be assessed on the knowledge, skills, abilities and competencies as outlined in the attached Job Description.
A cover letter is required as part of your application. The content and/or format of your cover letter may be evaluated as part of the assessment process.
Ensure your resume includes your educational accomplishments, employment history including start and end dates (month and year) of your employment, and any relevant information that relates to the job to which you are applying.
For specific position-related enquiries, please contact Vicky Hanlon, HR Advisor at 604-252-8537
Only applications submitted using the BC Public Service Recruitment System on this website will be accepted. For more information about how to create or update your profile, please refer to the attached Application Instructions or refer to the Job Application page on the MyHR website. If you are experiencing technical difficulty applying for a competition, please send an e-mail to BCPSA.Hiring.Centre@gov.bc.ca
before the stated closing time, and they will respond as soon as possible to assist you.Note
: Applications will be accepted until 11:00pm Pacific Time on the closing date of the competition.Job Category
Information Management/Information Technology
Information Technology Management and Executive