Work at an award-winning top employer! If you are looking for an empowering and progressive place to shape your future, then you’ve landed in the right place at BCAA. With our corporate Head Office in Burnaby and locations around BC, we offer a wide variety of opportunities all across the province. Share our purpose to empower British Columbians to move forward.
Full vaccination against COVID-19 is a precondition of new employment. A successful candidate offered employment at BCAA will need to provide proof of full vaccination prior to commencing employment. Exemptions permitted under applicable employment and human rights legislation.
BCAA has been named one of BC’s Top Employers 2022!
What BCAA offers you:
- It’s not in our nature to brag but we are proud of some of our achievements that recognize great employee culture. Some of our latest awards include being named as one of BC's Top Employers 2022, 2021, 2020, 2019 Platinum level Best Employer by AON and being recognized as a 2018 Outstanding Workplace by YWCA.
- Our team members get to make a difference in the lives of our Members and their communities every day.
- We pride ourselves in being open and transparent and in empowering our people to do great work while serving our Members.
- We enthusiastically support learning and advancement opportunities for our team members.
- We are an equal opportunity employer that’s committed to accessible, inclusive employment.
- Our Regular Full-Time & Part-Time+ (working 20 hours or more per week) status team members are eligible to participate in our amazing Total Rewards Program which offers: Extended Health and Dental, Vision Care, Life Insurance, RRSP matching with company contribution to your pension, access to Incentive Programs, Team Profit Sharing, Employee & Family Assistance Program and more.
- Team members at our Home Office also get to use our Shared EV (electric vehicle) Program, have access to our subsidized cafeteria and free fitness centre.
BCAA is looking for a Regular Full-Time Senior Security Analyst!
Please note that this role is based within the Burnaby, BC and will have a hybrid work environment model.
BCAA is a fast-evolving company with a vision centered on the ground-breaking capabilities of Cloud technologies as an opportunity for business enablement and driven advantage.
We are looking for an experienced Senior Security Analyst to provide authoritative level security consulting, technical planning, technical design/architecture, and operational direction for BCAA’s Security and Governance team. The Senior Security Analyst works with both technical and non-technical team members to identify, propose, and implement security measures for the organization.
Key Responsibilities:
Strategic:
- Develops security and governance strategies, policy and standards and ensures their relevance with scheduled reviews.
- Documents, implements, and runs Network and Application Security risk assessments of internal and partner systems and architecture.
- Manages and assists in the development and improvement of BCAA’s security awareness program.
- Collaborates and/or participates in the development of Security strategies, incorporating business requirements.
- Proactively researches, pilots, evaluates Security technologies and standards, identifies how they will integrate within the corporate network and recommends strategies.
Governance:
- Supervises and handles event management concerning the configuration of meaningful systems, including applications, servers, and user-based behavior.
- Leads all aspects of Managed Service engagements including configuration, monitoring, compliance, and strategic discussions.
- Actively participates in Governance, Change Review, New Initiatives along with all projects related to Security and Governance.
- Maintains current knowledge of applicable privacy laws and accreditation standards (i.e., PCI DSS, BCFSA and more), and supervises advancements in information privacy technologies to ensure organizational adaptation and compliance.
- Monitors and handles BCAA Identity Protection and provides recommendations for continuous improvement.
Operational:
- Acts as PCI ISA by leading all aspects of BCAA’s PCI DSS self-assessment certification.
- Develops network and data-flow diagrams with the help of other system-owners and keeps it up to date.
- Assists with leading BCAA Incident Response process and assists with performing table-top exercises.
- Investigate all Security incidents and provide input into post incident reviews including recommendations regarding remediation and prevention of recurrence.
- Coordinates phishing campaigns and recurring training to IT and non-IT personnel.
- Monitors and recommends security improvements to BCAA Cloud environment (MS Azure and AWS).
- Reviews change requests from the Security and Governance perspective and provides recommendations for improvements.
- Runs the Endpoint Detection and Response and, email security platforms
- Leads the Vulnerability Management program, including working with product owners to fulfill remediations.
- Supervise and audit internal and external access to IT systems and PCI/Critical environments.
- Participates in technical meetings and ensure alignment to BCAA Security principles, policies, and standard methodologies.
Qualifications:
Education and Experience:
- Bachelor’s Degree in Information Technology, Information Security.
- A minimum of 7 years dynamic experience working in Information Technology with demonstrated ability in Information Security.
Skills:
- Information Network Certification, CCENT/CCT, CCNA, CCDP, or other.
- Information Security Certification, Security+, CISSP, GIAC & PCI-related.
- Information Network or Security Vendor related certifications effective (Palo Alto, Cisco, Microsoft, AWS, Microfocus Fortify, etc.).
- Solid understanding of monitoring solutions (SIEM) such as Splunk or similar platforms.
- Solid understanding and hands-on experience working with Endpoint Detection and Response platforms
- Experience working with Security and Awareness and Phishing Simulation Platforms
- Strong knowledge of E-mail Security platforms (Cisco Email Security, Proofpoint, etc.).
- Strong knowledge of Internet and network security technologies such as: TCP/IP, firewalls, routers, switches, IDS/IPS, Web Proxy, VPN, Encryption technologies, hardening techniques, and forensics.
- Strong knowledge of third-party security or audit tools.
- Experience with forensics tools.
- Strong knowledge of vulnerability scanning tools like Qualys, Tenable, etc.
- Strong familiarity with Information Security frameworks, guidelines, and standards such as NIST, PCI & SANS Top 20 critical security controls.
- Ability to conduct or lead risk assessments.
- Understands information Network and Security concepts, protocols, “industry standard methodologies” and strategies related to enterprise Network and Security.
- Excellent oral, written, and interpersonal communication skills.
- Confirmed ability to work independently and cross-functionally business team members.
- Strong problem solving and decision-making skills.
- Must be focused, upbeat, meet commitments, willing to take ownership, have excellent judgment and integrity.