Specialist, Vulnerability Management (FT, Perm)
Location: Kamloops, BC, CA
Job Function: Information Technology Overview:
BCLC's two offices are located on the traditional, ancestral and unceded lands of the xʷməθkʷəy̓əm (Musqueam Indian Band), Sḵwx̱wú7mesh (Squamish), and səlilwətaɬ (Tsleil-Waututh) Peoples in Vancouver and the Tk'emlúps te Secwépemc territory, situated within the Secwépemc Nation in Kamloops. We honour and respect the people, the territory, and the land we are part of.
Joining the Business Technology team at BCLC means you'll be working with cutting-edge technology to help build a world-class entertainment company. This is an engaged, innovative, capable group of talented individuals working in digital enablement, product delivery services, technology platform enablement, enterprise services, integrity and operations. This enables us to execute the purchase and validation of lottery tickets at over 3500 lottery retailers, manage a complex network of 12,000 slot machines and electronic table games across the province and provide the backbone for BCLC's eGaming platform, and much more.
We have offices in Kamloops and Vancouver and can also support 100% remote (from within British Columbia) for this position. Job Summary:
The Vulnerability Management (VM) Specialist role supports BCLC's Security Operations function to help protect BCLC's information assets against unauthorized/accidental alteration, loss, disclosure or destruction. This role champions an organization-wide technical vulnerability management program, classifying and translating technical vulnerabilities in terms of business risk.
The VM Specialist performs senior level duties supporting the organizations cyber security program, performs technical and risk-management assessments, and acts as a subject-matter expert on information security best practices. Key Accountabilities:
Minimum Required Qualifications: Education and Experience
- Performs and coordinates technical vulnerability assessments and penetration tests on BCLC systems as required and reports on the results to the management team and relevant business units. Co-ordinates with Quality Assurance, Application and Infrastructure teams to enhance organizational processes for technical vulnerability management.
- Develops software, scripts, tools and exploits used to assess the security of BCLC platforms. Assists with developing policies, standards, procedures and guidelines.
- Develops reports and presentations on vulnerabilities and remediation efforts, tracking and reporting progress to management.
- Proposes technical configurations to mitigate vulnerabilities across multiple platforms and operating systems.
- Completes information security assessments on key initiatives and high-profile projects and recommends activities to reduce or mitigate identified risks.
- Co-ordinates Payment Card Industry (PCI) activities, such as scans and assessments. Works on related projects as required.
- Provides technical information to auditors and regulators as directed by the Information Security management team.
- Acts as a subject-matter expert and mentors other departmental employees. Responds to complex requests and handles escalations for major issues.
- Maintains currency on trends and emerging issues; identifies requirements, options, implications, costs and develops recommendations, business cases, etc., on contentious or high profile information security matters. Promotes a culture of information security awareness throughout BCLC.
- A degree or diploma in computing or equivalent in a related discipline;
- Certifications in vulnerability assessment and penetration testing as GSEC or CEH, or equivalent technical experience;
- Certifications, such as CISSP, CRISC, CISM, CIPP and relevant other GIAC certifications, are desirable;
- 4-6 years of progressive experience in information security or equivalent experience in networking, Linux or windows administration. ;
- Experience performing technical vulnerability assessments, penetration tests and 'Red' team exercises.
- Experience assessing the security of cloud computing, SaaS and mobile applications;
- Experience producing information security metrics and reporting;
- Experience working with information security platforms: Vulnerability Scanners, Exploitation tools, SIEM, DLP, IDS/IPS is desirable;
- Payment Card Industry (PCI) experience is desirable;
- An equivalent combination of education and/or experience may be considered.
- Strong knowledge of information security frameworks, standards and regulations related to data privacy and security, including ISO 27002, PCI etc.;
- Strong knowledge and experience with penetration testing tools, Windows & Linux operating systems, networking controls and experience scripting in ruby & python,
- Strong knowledge of web, application and database security, and ability to identify and develop associated exploits including SQL injection, Cross Site Scripting, and Buffer Overflow attacks to validate vulnerabilities.
- Excellent oral and written communication skills, including the ability to write reports and document procedures;
- Proven ability to deal with highly sensitive matters with a high degree of tact and diplomacy;
- Excellent organizational skills with the ability to prioritize items;
- Excellent innovation in problem solving and analytical thinking;
- General business acumen;
- Excellent ability to manage relationships at all levels with customers, leaders, contractors and team members to effect change
For over three decades, BCLC has delivered exceptional gambling entertainment for British Columbians with the primary purpose of giving back to the province.
- Operate provincial, national and "Instant Win" in partnership with over 3500 lottery retailers across the province.
- Oversee 34 casino and community gaming centres across the province.
- Provide safe, secure and legal online gambling options including sports betting, casino style games and lottery.
In the fiscal year prior to the pandemic, we gave over $1.4 billion back to the province to support healthcare, education, community groups, and much more.
To help us achieve this goal, we aim to have the healthiest players in the world by establishing a higher standard of support with evidence-based player health programs.
To build a rich diverse workforce representing the communities which we serve, we welcome applications from people of all colours and cultures, persons with diverse abilities, and members of the 2SLGBTQIA+ community.
BCLC values work life balance and offers remote work options.
Relocation assistance is available for successful job candidates from outside BC.
If you are in need of accommodation or special assistance at any step of your application, please send an email with your request to email@example.com
For over more than a decade, we have been recognized as one of BC's Top Employers - and we are constantly seeking ways to improve our employee and player experience. To learn more about BCLC, please visit: https://corporate.bclc.com/
Ready to join our team? Please Note:
This opportunity will remain open until a qualified candidate pool has been established.
Candidates must be legally entitled to work in Canada and be 19 years of age to work at BCLC.
BCLC requires all employees to be fully vaccinated from Covid-19 (as defined by Health Canada). Full vaccination will be required before commencing employment with BCLC unless a legal exemption is obtained.