Located on the traditional, ancestral and unceded lands of the xʷməθkʷəy̓əm (Musqueam), YVR is made up of a team of diverse people who are working collaboratively to Connect BC proudly to the World. Safety is at the core of everything we do; we’re innovative, fun, and we invest in our people. With high engagement scores, an abundance of learning and development opportunities, and a holistic approach to wellness, we’re looking for someone to join our team.
Vancouver Airport Authority strives for a workplace that reflects the diversity of the communities we serve. We support the Employment Equity Act and take measures to ensure fair employment practices and treatment of employees across our organization. We welcome applications from all qualified candidates, including women, Aboriginal peoples, persons with disabilities and members of visible minorities. We encourage applicants to self-identify with a designated group(s) to support our team in filling gaps in areas where we can be more diverse. We are also happy to provide reasonable accommodations throughout the selection process and while working at YVR. If you require support applying online because you are a person with a disability, please contact us at 604-303-3152 or email@example.com.
We have a permanent, full-time opportunity for an Information Security Specialist
in the Innovation and Technology Group. The successful candidate will be a security advocate with IT teams, business stakeholders and end users to design, integrate, and advance Information Security in alignment with the Airport Authority’s business objectives while meeting its compliance, legal and regulatory requirements.
Reporting to the Manager, Technology Services (Cyber Security), the Information Security Specialist will be responsible for security operations and administration and providing IT security support and guidance to ensure that YVR’s technical infrastructure and applications meet and/or exceed the defined security policies.Key Responsibilities Include
Key Qualifications Include
- Provide technical support and system administration on various security technology such as security information event monitoring (SIEM), vulnerability management, privilege access management, data protection platforms and multi-factor authentication
- Monitor and analyze technical security controls to detect, report and remediate security incidents
- Serve as internal technical point of contact with external managed security monitoring service in incident handling response for information security incidents
- Manage, measure, and audit the Managed Security Services vendor to established contractual and compliance requirements for security monitoring
- Providing on-call support on a scheduled basis to ensure that any high severity security incidents are resolved in the most expedited manner
- Provide technical risk assessment, security support and guidance for IT projects/solutions/requests to ensure security controls are reasonably deployed to mitigate risks
- Participate in change advisory board to review and evaluate planned technology changes in terms of information security risks
- Manage, conduct and optimize vulnerability scans on IT infrastructure and systems
- Assess and provide data with recommendations and see to completion for monthly patching to mitigate/remediate organizational risk
- Research and track information about current security threats, potential vulnerabilities from trusted news sources/external feeds to develop communication plans and/or programs to raise awareness and assess overall enterprise risk exposure as well initiate remediation/mitigation
- Collect, generate, monitor and analyze IT operations security metrics to measure the effectiveness of the IT security management processes
- Assist and participate in security technical planning, assessment and implementation
- Assist in regularly assessing the strength of YVR’s IT security governance and current processes, procedures and technical controls against NIST 800-53, PCI-DSS and industry best practices, and propose, develop and implement projects and initiatives to remediate control gaps to reduce overall enterprise risk
- BSc in Computer Science or similar bachelor’s degree in a related field with a minimum of 5+ years equivalent of Information Security work experience; or an equivalent combination of training and experience
- Professional Information Security certifications such as Certified Information Systems Security Professional (CISSP), or GIAC Security Essentials (GSEC) are an asset and preferred
- 5+ years’ experience with security related appliances such as firewalls, SIEM, IPS, PAM, 2FA, proxy servers with a broad technical knowledge of enterprise-class network and operating system platforms
- Strong leadership and organizational skills, proven by on-time, on-budget delivery of complex, multidisciplinary projects
- Knowledge of security, privacy and IT governance frameworks and legislation, such as NIST 800-53, ISO27001, PCI-DSS, privacy legislation
- Excellent written, verbal and interpersonal skills
- Excellent analytical skills and attention to detail
- Proven team player
- Resourcefulness to produce high quality results without supervision and direction
- Ability to manage priorities under tight deadlines
This position is open to both Vancouver Airport Authority employees and external candidates. Previous job performance will be taken into consideration for all internal candidates that apply for this position.
Health and safety are at the core of how we operate at YVR. We are committed to ensuring a safe workplace for our workforce and protecting the health and safety of our employees, passengers, partners and community by taking reasonable, preventative measures to reduce the risks associated with COVID-19. All employees are required to be fully vaccinated against COVID-19 unless a valid exemption is granted for those unable to be vaccinated.