Coast Capital Savings has a position open for a Senior Information Security Engineer at its Help Headquarters.
What’s the job?
The Senior Information Security Engineer is responsible for the operational security activities and the oversight activities of key security defense at Coast. The Senior Information Security Engineer is also responsible for technical security assessments and assurances of Coast’s information systems and applications as well as the security monitoring and technical components required in order to analyze and contain a security incident.
What you’ll get to do:
- Participate as part of the Change Advisory Board and/or designated approver in the review of major or significant changes as it pertains to the confidentiality, integrity, and availability of the production infrastructure.
- Review and advise on procedures at the technical system level by developing and maintaining security best practice guidelines, standards or policies, such as for securing servers, workstations, laptops, network devices, etc.
- Regularly conduct audits of privileged access accounts. Track privileged accounts. Document and report exceptions in a timely fashion.
- Regularly conduct security, penetration and vulnerability assessments on infrastructure, systems and applications.
- Follow up and regularly report on the remediation activities and progress made by the applicable ITG teams around identified vulnerabilities and risks
- Assist in the development, configuration and monitoring of SIEM and/or other security components in the alerting, analysis, and reporting of security events.
- Program Coordination Contribute to developing applicable and relevant metrics to measure the efficiency and effectiveness of the operation of security and of the program in order to improve and mature the security posture within the organization.
- Security Maintain knowledge and skills in order to stay current on emerging threats and issues, trends and technology solutions.
- Provide technical expertise, support and training to staff on security practices and during system level assessments.
- Assist with the risk analysis in the technical aspects of applications and infrastructure to ensure adequate levels of security are deployed at the system level.
- Responsible in the identification of potential vulnerabilities within systems, networks, DBs, applications and recommend suitable controls and countermeasures to mitigate such vulnerabilities.
- Coordinate regulatory and other audit requests with applicable ITG and business teams, as required.
- Under the general direction of the CSIRT Technical Lead, take actions as part of the CSIRT process in order to analyze, contain, eradicate, and recover from an information security incident, providing relevant updates along the way.
- Provide guidance to other IT operational teams around cyber threats and potential technical and non-technical mitigating controls.
Who are we looking for?
- 5-7 years of relevant experience in IT, preferably a number of years in hands on security, technical audit or public/private practice consulting.
- Bachelor’s degree or technical diploma in a related field. One or more Industry security certifications such as CISSP, CRISC, CISM and/or CISA One or more relevant SANS and/or technical vendor/industry certification required.
- Advanced knowledge and extensive experience in risk assessments, and identification of control strengths/weaknesses and opportunities for improvement of current/proposed infrastructures, systems, 3rd party ISP/ASP and cloud environments.
- Advanced working knowledge and understanding of technical and administrative controls for web, application, client/server, database and network security controls.
- Advanced knowledge of systems and application development, system integration methodologies, IT best practices, and information security.
- Broad based proficiency and some in-depth knowledge in a wide range of technologies along with a solid grasp of the trends and direction for emerging technologies.
- Advanced and experience in security and compliance audits, internal/external penetration analysis, and vulnerability research.
- Advanced experience with assessing and auditing network controls such as firewalls, IDS/IDP, DNS, VPN, 2-factor authentication, port/packet filtering, VLANs, physical and logical separation of network segments, security zoning, and traffic analysis.
- Advanced and extensive experience with administering security products and services, such as anti-virus, firewalls, DLP, SIEM, Web Security Gateways, email SPAM, etc.
- Hands on proficiency with Microsoft enterprise level products and Unix/Linux based environments and technologies.
- Proficiency through experience and tenacity to seek out pertinent information from vendors and 3rd parties in their capabilities and their relative strengths and weaknesses in terms of security.
- Proficient knowledge ISO 27001/2, COBIT and ITIL.
- Member of ISSA, ISACA or part of the local information security or assurance community would be an asset.
- Proficiency with NIST, SABSA, TOGAF and other industry best practices an asset
- Proficient knowledge of legislation and regulations affecting information security and the financial industry, BC PIPA / PIPEDA and PCI-DSS
- Knowledge of INTERAC, FICOM, and/or OSFI regulations an asset
- Ability to research, recommend and implement industry best practices.
- Ability to present ideas in business-friendly and user-friendly language.
Why join Coast Capital Savings?
Coast don’t mean to toot its own horn, but they say that…
- They improve Canadians’ financial well-being through providing simple financial help.
- Employees do what’s best for their members. Every day.
- They believe in being a great corporate citizen so we invest in our local communities by donating our time, money and expertise.
- Their employees take advantage of the many opportunities to grow their careers.
- Employees love having a cool place to work with modern LEED certified offices and being recognized with a virtual (and, at times, an actual) high-five.
- Their inspiring leaders help their employees develop their talents and encourage them to be their fabulous selves.
- They have a unique culture where they take their business seriously, but themselves, not so much.
- They are a Certified B Corp®. That certification reflects their strong commitment to social and environmental performance, accountability, and transparency.
- In 2019, they earned double kudos by being named one of BC’s Top Employers and one of Canada’s Best Managed Companies – two of the nation’s most coveted business awards.
Candidates can apply for this position through the Coast Capital Savings website.