September 10th, 2021 meeting

DATE:September 10th, 2021
TIME:2:00pm to 4:00pm (PDT)
VENUE:Zoom Online meeting
RSVP Required – register at Zoom
TOPIC(S):Measuring how well you are managing Information Security
PRESENTER(S):  Walter B. Williams (CISSP, SSCP)

ABSTRACT

We create controls to manage the risk of a compromise of availability, integrity, confidentiality, privacy, control, authenticity, and utility to the organization for which we are responsible for. To understand if the controls are effective, you have to measure their performance against goals established for each control against the risk tolerance of the organization. This sounds good on paper, but is one of the hardest things to get right in the management of an information security program. We’ll examine what NIST, CIS, and ISO has to say regarding the measurement of our controls, and how to construct metrics. We’ll look at how to identify the applicable controls per each risk to your organization. We’ll construct metrics for completeness of implementation, for effectiveness, and for adverse impact to your organization for those controls and look at ways to map these back to the risks your organization is managing.

BIOGRAPHY

Walter has served as an infrastructure and security architect at firms as diverse as GTE Internetworking, State Street Corp, Teradyne, The Commerce Group and EMC. He has since moved to security leadership, where he’d served as at IdentityTruth, Passkey, Lattice Engines, and Monotype. He is an outspoken proponent of design before build, an advocate of frameworks and standards, and has spoken at Security B-Sides, Source Boston, Boston Application Security Conference, Rochester Security Summit, Wall of Sheep Village within DefCon, RiskSec Toronto and other venues . His articles on Security and Service Oriented Architecture have appeared in the Information Security Management Handbook, and he has a book with CRC press on the same topic. He has a book on How to Create an Information Security Program from Scratch which will be available for purchase on September 15. He sat on the board of directors for the New England ISSA chapter and was a member of the program committee for Metricons 8 and 10. He has a masters degree in Anthropology from Hunter College.

Job posting – Manager of Operations

The Ministry of Citizens’ Services of the BC Provincial Government is looking for a Manager of Operations.

Ministry of Citizens’ Services
Victoria

Manager of Operations
$ 77,700.20 – $ 110,000.05 annually

The Manager of Operations will oversee and manage the Access and Directory Management Services (ADMS) teams that provide the day-to-day operational support for the suite of Access and Directory Management service offerings that are used across the BC Government. This position will be responsible for leading teams of IT professionals within the unit that support identity, access, security, stability, availability, capacity, change and performance management services for ADMS’s systems and technologies.

The BC Public Service is committed to creating a diverse workplace to represent the population we serve and to better meet the needs of our citizens. Consider joining their team and being part of an innovative, inclusive and rewarding workplace.

The Indigenous Applicant Advisory Service is available to applicants that self-identify as Indigenous (First Nations, status or non-status, Métis, or Inuit) seeking work or already employed in the BC Public Service. For advice and guidance on applying and/or preparing for an interview for this opportunity, we invite applicants to connect with the Indigenous Applicant Advisor Amanda by email: IndigenousApplicants@gov.bc.ca or by phone: 778-698-1336.

Qualifications for this role include:

  • Certificate or higher in the computer science field OR an equivalent combination of education, training and experience may be considered.
  • Minimum two (2) years’ experience supervising technical staff. Preference may be given to applicants with experience supervising staff in a union environment.
  • Three (3) years’ experience in technical operations in a complex application environment, supporting a large, diverse, corporate business enterprise with critical system needs. Preference may be given to more years of experience.
  • Three (3) years’ experience leading and resolving complex staff and/or client issues. Preference may be given to more years of experience.
  • Minimum One (1) year experience delivering or supporting Identity and Access services.
  • Minimum One (1) year experience negotiating and managing information technology contracts.
  • Minimum One (1) year experience in a leadership role that ensure teams provide expert customer service support within a shared service model.
  • Preference may be given to applicants with:
    • Experience supporting technical application environments related to Identity and Access.
    • Experience supporting Identity and Access service offerings related to any of the following: MS Azure, MS Azure AD, SiteMinder, MFA, Azure Conditional Access, Keycloak.
    • Experience managing information technology contracts within a Government environment.
    • Diploma or higher in the computer science field.

For more information and to apply online by September 14, 2021, please go to:
https://bcpublicservice.hua.hrsmart.com/hr/ats/Posting/view/79300

August 13th, 2021 meeting

DATE:August 13th, 2021
TIME:2:00pm to 4:00pm (PDT)
VENUE:Zoom Online meeting
RSVP Required – register at Zoom
TOPIC(S):The Role of Physical Security in Cyber Security
PRESENTER(S):  Gerry Sieracki (CISSP, Director of Public Relations (ISC)² San Diego Chapter, TLO, ILO)

ABSTRACT

When people think of Cyber Security the first thing most people think of are items like ransomware, patching, vulnerabilities, and hacking. Often overlooked is the most basic, fundamental level of protection, physical. In today’s world we can no longer separate the requirements for physical and cyber security. They are both reliant on one another and you cannot have one without the other. This presentation will cover some thoughts on Physical Security, how it relates to Cyber Security, and some lived through examples of incidents I’ve encountered on the job. The goal is to spark some thought and conversation on Physical Security and how it relates to Cyber Security.

BIOGRAPHY

Gerry is a seasoned IT veteran with almost 25 years of progressively responsible work in IT. He currently works as a Network Administrator in the Critical Infrastructure Water Sector focusing on networking and cybersecurity. He has been the Project Lead for several major networking (LAN/WAN) and infrastructure upgrades. Gerry works closely with external agencies such as the FBI, DHS and the SD-LECC on cybersecurity issues.

Gerry earned his CISSP in May 2015. He is a member of Infragard, MS-ISAC (Multi State Information Sharing and Analysis Center), a TLO (Terror Liaison Officer), an ILO (Infrastructure Liaison Officer), and member of the Cyberhood Watch Water and Power Sector – Los Angeles/San Diego. Gerry is trained in the National Incident Management System (NIMS) and has additional training on physical security for Critical Infrastructure.

July 9th, 2021 meeting

DATE:July 9th, 2021
TIME:2:00pm to 4:00pm (PDT)
VENUE:Zoom Online meeting
RSVP Required – register at Zoom
TOPIC(S):Overview of the Canadian Supply Chain Security Landscape
PRESENTER(S):  Peter Hillier, CD, CISSP

ABSTRACT

Of the many cybersecurity challenges facing practitioners today, the very high risk Supply Chain security domain is among the most significant. Join us on July 9th as Peter Hillier maps out those challenges, asks why our Government is seemingly ignoring them and provides recommendations for both government and security practitioners alike to address a systems security engineered approach to the problem.

BIOGRAPHY

Peter Hillier served 20 years in the Intelligence and Security areas of the Canadian Armed Forces. He has spent over two decades dedicated to the evolution of the IT Security profession either through creating new services, writing, speaking, and participating in standards development. He is also a longtime professional mentor and Veterans advocate. He currently works under Hillier Information Protection Solutions Inc. and also provides Systems Security Engineering services, training, and R&D through SSEng Group Inc.

Job posting – Senior Security Analyst

The Public Guardian and Trustee of British Columbia (PGT) of the BC Provincial Government is looking for a Senior Security Analyst.

BC Public Service
Public Guardian and Trustee
Vancouver

Senior Security Analyst
$72,724.97 – $83,014.85 annually plus 9.9% Temporary Market Adjustment

The Public Guardian and Trustee of British Columbia (PGT) is committed and dedicated to a mission, vision and mandate that is to protect the legal, financial and personal and health care interests of adults who require assistance in decision making, to protect the legal and financial interests of children and to administer the estates of deceased and missing persons. Employees at the PGT provide quality service in a respectful work environment that demands accountability and integrity.

The Senior Security Analyst is one of several professional and talented IT professionals that maintain, enhance and protect the technology infrastructure for the PGT. Information and Technology Services is responsible for providing all technology, network, hardware, software, disaster recovery capabilities and support services independent of all government central agencies. The Senior Security Analyst is responsible for keeping the company’s security systems up to date and creating documentation and planning for all security-related activities and information.

The BC Public Service is an award-winning employer and offers employees competitive benefits, amazing learning opportunities and a chance to engage in rewarding work with exciting career development opportunities. For more information, please see the webpage titled “What The BC Public Service Offers”.

The BC Public Service is committed to creating a diverse workplace to represent the population we serve and to better meet the needs of our citizens. Consider joining their team and being part of an innovative, inclusive and rewarding workplace.

The Indigenous Applicant Advisory Service is available to applicants that self-identify as Indigenous (First Nations, status or non-status, Métis, or Inuit) seeking work or already employed in the BC Public Service. For advice and guidance on applying and/or preparing for an interview for this opportunity, we invite applicants to connect with the Indigenous Applicant Advisor Amanda by email: IndigenousApplicants@gov.bc.ca or by phone: 778-698-1336.

Qualifications for this role include:

  • Degree, diploma, certification or equivalent in the computer science field.
  • An equivalent combination of education and experience/training may be considered.
  • Professional designation as a Certified Information Systems Security Professional or Certified Information Security Manager, or equivalent.
  • Experience in a Microsoft environment with a security focus
  • Experience with vulnerability and penetration testing
  • Experience with risk assessment, analysis and development of risk mitigation strategies
  • Experience with risk and security policy development
  • Experience with maintaining a corporate IT risk register
  • Experience with security assessment of server and desktop products
  • Experience with security incident response and planning
  • Experience with security awareness training

For more information and to apply online by July 18, 2021, please go to: https://bcpublicservice.hua.hrsmart.com/hr/ats/Posting/view/77188

Job posting – Senior Security Analyst

The Ministry of Citizens’ Services of the BC Provincial Government is looking for a Senior Security Analyst for the BCDevExchange organization.

Ministry of Citizens’ Services
Multiple Locations

Senior Security Analyst $72,724.97 $83,014.85 annually plus 9.9% Temporary Market Adjustment

This is a virtual position that can be performed from any location in BC.

The BCDevExchange organization embraces experimentation, innovation and empowerment. By adopting the principles, values and practices of the BCDevExchange, partner government entities adapt their typical ways of working to better align with leading practice amongst technology companies and digital agencies. Our work centers around the Exchange Lab where we host digital delivery teams working to solve priority public challenges. Digital Delivery Teams learn and improve their product with direct feedback from users every few weeks and deliver substantial value within a year.

The Senior Security Analyst is part of a cross-functional team that is responsible for the support of DevOps Containerized Platforms, DevSecOps framework and service adoption in the government. This role provides expert level information security advice and monitoring for on-prem and cloud-based platforms as your primary persona, while creating information security context for site reliability purposes, changing operational cultures and supporting DevOps teams. This position requires big-picture thinking, strong knowledge of government administration, a broad and open view of the IM/IT environment, strong experience with information security frameworks and methodologies and a dedicated commitment to improving security posture.

The BC Public Service is an award-winning employer and offers employees competitive benefits, amazing learning opportunities and a chance to engage in rewarding work with exciting career development opportunities. For more information, please see the webpage titled “What The BC Public Service Offers”.

The BC Public Service is committed to creating a diverse workplace to represent the population we serve and to better meet the needs of our citizens. Consider joining their team and being part of an innovative, inclusive and rewarding workplace.

The Indigenous Applicant Advisory Service is available to applicants that self-identify as Indigenous (First Nations, status or non-status, Métis, or Inuit) seeking work or already employed in the BC Public Service. For advice and guidance on applying and/or preparing for an interview for this opportunity, we invite applicants to connect with the Indigenous Applicant Advisor Amanda by email: IndigenousApplicants@gov.bc.ca or by phone: 778-698-1336.

Qualifications for this role include:

  • Degree, diploma or certificate in Computer Science or related discipline or an equivalent combination of education, training and experience.
  • Experience conducting log review/monitoring.
  • Minimum 3 years’ experience identifying suspicious or malicious events.
  • Minimum 3 years’ experience using security monitoring tools, vulnerability scanning and conducting complex breach investigations.
  • Minimum 3 years’ experience conducting complex information security threat and risk assessments.

For more information and to apply online by July 5, 2021, please go to: https://bcpublicservice.hua.hrsmart.com/hr/ats/Posting/view/77456

Job posting — Senior Cyber Threat Analyst

Raymond James Ltd. is seeking a Senior Cyber Threat Analyst to work in their Burnaby office.

Responsibilities:

  • Mentors CTC analysts while contributing to the fulfillment of both the CTC’s mission and leadership’s vision;
  • Serves as a primary member of the Cyber Threat Center (CTC) who handles security events and incidents on a daily basis in a fast-paced environment;
  • Acts as an Incident Handler who can handle minor and major security incidents within the defined Computer Security Incident Response process;
  • Role embodies Cyber Network Defense and a successful Cyber Threat Analyst will be able to quickly analyze threats, understand risk, deploy effective countermeasures, make business critical incident response decisions, and work as part of a team of individuals dedicated to protecting the firm;
  • Maintains situational awareness for cyber threats across the global firm and take action where necessary;
  • Daily responsibilities include, but are not limited to:
    • Countermeasure deployment across various technologies
    • Malware and exploit analysis
    • Intrusion monitoring and response
    • Assessing alerts and notifications of event activity from intrusion detection systems and responding accordingly to the threat
    • Continuing content development of threat detection and prevention systems
    • Data analysis and threat research
  • Maintains knowledge of security principles and best practices. Must remain current with emerging threats and trends;
  • Assists teams in various security and privacy risk mitigation efforts; including incident response;
  • Leads or participates in information security related projects or in managing strategy;
  • Conduct forensic investigations for HR, Legal, or incident response related activities;
  • Develop new forensic detective and investigative capabilities using current technical
  • solutions;
  • Work with various business units and technical disciplines in a security consultant role for cyber threats; and
  • Shares in a weekly on-call rotation and acts as an escalation point for managed security services and associates of Raymond James.

Experience and Skills:

  • B.Sc. in Computer Science, Computer Engineering, MIS, or related degree and a minimum of three (3) years of related experience in Information Security or an equivalent combination of education, training and experience. Experience should include a minimum of two (2) years in conducting Cyber Network Defense and a minimum of three (3) years of experience with incident response methodologies, malware analysis, penetration testing, scripting and/or forensics;
  • Preferred experience includes a minimum of four (4) years in conducting Cyber Network Defense, a minimum of three (3) years of experience with incident response methodologies, malware analysis, penetration testing, scripting and/or forensics and four (4) years of experience with in-depth forensic and intrusion analysis;
  • Systems administrator experience in Linux, Unix, Windows or OSX operating systems;
  • Knowledge of networking and the common network protocols;
  • Demonstrated ability to create complex scripts, develop tools, or automate processes in PowerShell, Python or Bash;
  • One or more of the following certifications or the ability to obtain within 1 year:
    • OSCP – Offensive Security Certified Professional
    • OSCE – Offensive Security Certified Expert
    • GXPN – Exploit Researcher and Advanced Penetration Testing
    • GREM – GIAC Reverse Engineering Malware
    • GCFA – GIAC Certified Forensic Analyst
    • CCNP – Cisco Certified Network Professional
    • Knowledge of the following highly preferred:
  • Knowledge of vulnerabilities and a comfort in manipulating exploit code for analysis
    • Operating systems, such as Windows, Linux, or OSX
    • Forensic and analytical techniques
    • Networking and the common network protocols
    • Demonstrated ability to create complex scripts, develop tools, or automate processes
    • Demonstrated ability to perform static and dynamic malware analysis
    • Demonstrated ability to analyze large data sets and identify anomalies
    • Demonstrated ability to quickly create and deploy countermeasures under pressure
    • Familiarity with common infrastructure systems that can be used as enforcement points

Competencies:

  • Analysis: Identify and understand issues, problems and opportunities; compare data from different sources to draw conclusions;
  • Communication: Clearly convey information and ideas through a variety of media to individuals or groups in a manner that engages the audience and helps them understand and retain the message;
  • Exercising Judgment and Decision Making: Use effective approaches for choosing a course of action or developing appropriate solutions; recommend or take action that are consistent with available facts, constraints, and probable consequences;
  • Technical and Professional Knowledge: Demonstrate a satisfactory level of technical and professional skill, or knowledge, in position-related areas; remain current with developments and trends in areas of expertise;
  • Building Effective Relationships: Develop and use collaborative relationships to facilitate the accomplishment of work goals; and
  • Client Focus: Make internal and external clients, and their needs, a primary focus of actions; develop and sustain productive client relationships.

If you would like to join their team, please send a resume and covering letter, quoting the position and Job Posting # 21-191 by June 24, 2021 to:

Human Resources
Raymond James Ltd.,
2100 – 925 West Georgia Street
Vancouver BC V6C 3L2
Email: resumes@raymondjames.ca

Raymond James requires applicants to complete a background verification process prior to commencing employment, including but not limited to a credit and criminal record check.

Raymond James sincerely thanks all applicants who express an interest in this role: only those being directly considered will be contacted.

Raymond James recognizes the value of a diverse workforce and appreciates the unique skills and special contribution of each employee. They are committed to accessibility for candidates through all stages of the recruitment process. Should you require accommodation, please contact Human Resources via email at resumes@raymondjames.ca.

June 11th, 2021 meeting

DATE:June 11th, 2021
TIME:2:00pm to 4:00pm (PDT)
VENUE:Zoom Online meeting
RSVP Required – register at Zoom
TOPIC(S):Tear it Down and Start Over
PRESENTER(S):  Deb Radcliff

ABSTRACT

It’s time to cut our losses and replace our network computing model with something completely different.

As the tech industry pushes businesses into adopting their versions of digital transformation, the heart of all technology is still based on IP, which dates back to 1983. Trying to secure networks by adding layer after layer of security up and down the TCP/IP stack and down into the hardware layers is not working and will not scale. Even at the developer layer, where all this transformation is occurring, attackers are deep into their code repositories and loading malware through their build servers (such as in the SolarWinds Orion patch update that was introduced to 1800 downstream clients and infiltrated more than 100 high-level government intelligence and tech agencies in the US).

We need to figure out a new way to network. What do we replace IP with that is both more efficient and naturally secure (versus trusting the way IP is)? That should be the biggest question on everyone’s mind who’s working toward digital transformation.

Will AI come to the rescue or is it just another technology that can be used against us? What about Quantum networking? Can we move data faster than light more securely than IP transport? Can we somehow return ownership of data to the humans behind that data in the process?

In this session, Deb Radcliff raises provocative questions about future networking and access technologies. So be prepared to answer questions. For example, will we ever actually replace IP? Is AI truly autonomous? Would you take a human chip implant if it were the only means to access your data? If so, what would be your security requirements?

Radcliff will also tell stories of how she became the industry’s first beat reporter starting in 1996 after assisting Jon Littman with research for his best-selling book, “The Fugitive Game,” about hacker on the run, Kevin Mitnick. She will share her experiences and the many colorful characters she’s met from the days before we had cybercops and information security programs.

These characters and experiences are also fictionalized in book I of her cyberthriller series, Breaking Backbones: Information is power, which takes place in the near future (available at Amazon, her publisher (free shipping), and all booksellers). In it, hackers rise up against GlobeCom who takes over the world through human chip implants. She’s nearing completion of book II, “Information Should Be Free,” part of which delves into super smart AI and future networking—and that’s why she’ll be picking your brains around these tough subjects.

BIOGRAPHY

Deb Radcliff is an author, speaker and analyst with extensive background in cybersecurity and cybercrime reporting. In 1996, after researching a best-selling book about computer hacker, Kevin Mitnick authored by Jon Littman, she decided to make cybercrime a beat. At first, she relied on gray and white hat hackers to give her the scoop on hacking techniques and then she built relationships with newly-minted cyberagents and leaders at the FBI, several agencies within DoD, the Secret Service, CIA, NYPD and many other local and federal agencies. Her articles are cited in numerous research papers and college textbooks, and she’s won two Neal Awards for investigative reporting and was runner up for a third. She’s spoken at West Point, HOPE 2000 and other events, and is currently speaking regularly in online venues. She also stood up an Analyst Program at SANS Institute and ran it for 15 years until April 2020.

Today, as a cybersecurity analyst and author, she writes for CSO and manages her own blog OnlineCrimeBytes, runs the Shift Left Academy content program. In April 2021, Radcliff published her first cyberthriller book, Breaking Backbones: Information is Power. The book is part one in a three-part fictional series set in the not-too-distant future when a powerful entity called GlobeCom takes over the world through human chip implants and the hackers mount a coordinated defense to break GlobeCom’s network backbone.

Job posting — Incident Response Cyber Threat Analyst

Raymond James Ltd. is seeking an Incident Response Cyber Threat Analyst to work in their Burnaby office.

Raymond James Ltd. is Canada’s leading independent investment dealer offering high quality investment products and services to Canadians seeking customized solutions to their wealth management needs.

The financial services industry is constantly under attack by sophisticated cyber adversaries that range from nation states to criminals. In response, the Raymond James Cyber Threat Center (CTC) is charged with ensuring all equities are secure against all tiers of adversaries. We are the central hub for Computer Network Operations and are on the front lines of security incident response, threat hunting, and intelligence. This analyst will be working with emerging technologies to solve challenging security problems in a fast-paced and continuously evolving environment, while helping steer the direction and evolution of the team. This highly visible team within the organization evaluates threats to the environment and dynamically adjusts to the ever-changing threat landscape by applying practical security knowledge to developing new detective measures to protect the firm.

Specifically this individual will:

  • Serve as a primary member of the Cyber Threat Center (CTC) who handles security events and incidents on a daily basis in a fast-paced environment;
  • Act as an Incident Handler who can handle minor and major security incidents within the defined Computer Security Incident Response process;
  • As part of the Cyber Network Defense be able to quickly analyze threats, understand risk, deploy effective countermeasures, make business critical incident response decisions, and work as part of a team of individuals dedicated to protecting the firm;
  • Maintain situational awareness for cyber threats across the global firm and take action where necessary;
  • Maintain knowledge of security principles and best practices. Must remain current with emerging threats and trends;
  • Assist teams in various security and privacy risk mitigation efforts; including incident response;
  • Lead or participate in information security related projects or in managing strategy;
  • Conduct forensic investigations for HR, Legal, or incident response related activities;
  • Develop new forensic detective and investigative capabilities using current technical solutions;
  • Work with various business units and technical disciplines in a security consultant role for cyber threats;
  • Act as an escalation point for managed security services and associates of Raymond James.

Daily responsibilities include, but are not limited to:

  • Countermeasure deployment across various technologies;
  • Malware and exploit analysis;
  • Intrusion monitoring and response;
  • Assessing alerts and notifications of event activity from intrusion detection systems and responding accordingly to the threat;
  • Continuing content development of threat detection and prevention systems;
  • Data analysis and threat research;

Limited weekend after-hours / on-call cyber threat support rotation may be required.

To qualify for this opportunity, candidates must possess:

Experience and Skills:

  • B.Sc. in Computer Science, Computer Engineering, MIS, or related degree and a minimum of five (5) years in Information Technology, with at least three (3) years of related experience in Information Security or an equivalent combination of education, training and experience. Experience should include a minimum of two (2) years in conducting Cyber Network Defense and a minimum of three (3) years of experience with incident response methodologies, malware analysis, penetration testing, scripting and/or forensics;
  • Systems administrator experience in Linux, Unix, Windows or OSX operating systems;
  • Knowledge of networking and the common network protocols.
  • Demonstrated ability to create complex scripts, develop tools, or automate processes in PowerShell, Python or Bash;
  • One or more of the following certifications or the ability to obtain within 1 year:
    • CISSP: Certified Information Systems Security Professional
    • CCNA: Cisco Certified Network Associate
    • SANS: GCIH – Incident Handler
    • SANS: GCIA – Intrusion Analyst
  • Knowledge of the following highly preferred:
    • Knowledge of vulnerabilities and a comfort in manipulating exploit code for analysis;
    • Demonstrated ability to perform static and dynamic malware analysis;
    • Demonstrated ability to analyze large data sets and identify anomalies;
    • Demonstrated ability to quickly create and deploy countermeasures under pressure;
    • Familiarity with common infrastructure systems that can be used as enforcement points.

Competencies:

  • Analysis: Identify and understand issues, problems and opportunities; compare data from different sources to draw conclusions;
  • Communication: Clearly convey information and ideas through a variety of media to individuals or groups in a manner that engages the audience and helps them understand and retain the message;
  • Exercising Judgment and Decision Making: Use effective approaches for choosing a course of action or developing appropriate solutions; recommend or take action that are consistent with available facts, constraints, and probable consequences;
  • Technical and Professional Knowledge: Demonstrate a satisfactory level of technical and professional skill, or knowledge, in position-related areas; remain current with developments and trends in areas of expertise;
  • Building Effective Relationships: Develop and use collaborative relationships to facilitate the accomplishment of work goals;
  • Client Focus: Make internal and external clients, and their needs, a primary focus of actions; develop and sustain productive client relationships.
  • NOTE: This role is required to work a permanent 2 p.m. to 10 p.m shift Monday – Friday in their Burnaby office. Paid parking is provided.

This is a permanent full-time position with a competitive compensation and benefits package.

If you would like to join the Raymond James team, please send a resume and covering letter, quoting the position and Job Posting # 21-176 by June 18, 2021 to:

Human Resources
Raymond James Ltd.,
E-mail: resumes@raymondjames.ca

To be considered for employment candidates will be required to provide proof of citizenship, permanent residency or eligibility to work in Canada with no restrictions. Raymond James requires applicants to complete a background verification process prior to commencing employment with the company, including but not limited to a credit and criminal record check. Employment is contingent on the satisfactory completion of a pre-employment background check.

Raymond James sincerely thanks all applicants who express an interest in this role: only those being directly considered will be contacted.

Raymond James recognizes the value of a diverse workforce and appreciates the unique skills and special contribution of each employee. We are committed to accessibility for candidates through all stages of the recruitment process. Should you require accommodation, please contact Human Resources via email at resumes@raymondjames.ca.

Job Posting — Senior Business Systems Analyst (Information Security)

The Information Risk Management team within the Information Services Division the Insurance Corporation of British Columbia (ICBC) is currently looking for a Senior Business Systems Analyst (Information Security).

The position supports Information Risk Management to ensure ICBC meets business, legal, and stakeholder requirements for information security while managing costs. The successful candidate will be expected to function as a senior member of the Information Risk Management team, providing leadership and mentoring to team members while acting with minimal direction from the Manager.

In this role you will be working closely with business and technology stakeholders to identify business needs as they pertain to information security and seek alignment with policies, standards and other governance documents. You will take a leadership role to effectively articulate information security requirements, collaborate with team members and stakeholders such as Privacy & Freedom of Information and IT Security to facilitate the development and implementation of security processes and technology improvements. As part of your duties you complete risk assessments working while closely with business and technology stakeholders. You will provide ongoing reviews, improvements, and updates to existing information security policies, standards, strategies, risk assessment processes, and other governance documents and processes. You will plan, lead, and implement information security projects and initiatives while providing leadership and mentoring to other team members.

Position Requirements

You have knowledge of:

  • The ISO 27000 framework or similar information security management systems
  • Information security threats and the typical security controls used to mitigate those threats
  • Concepts of risk management, especially of the ISO 27002 and ISO 31000 risk management processes
  • Information Technology governance, risk, and compliance processes
  • Knowledge of industry standards such as NIST, COBIT, PCI DSS, etc.
  • The BC Freedom of Information and Protection of Privacy Act (FIPPA)
  • e-Discovery and Legal Hold trends and legislation

You have skills to:

  • Evaluate risks to information and technology, including threat assessment, likelihood and impact assessment, and request executive risk management decisions
  • Demonstrated strength in facilitation and communication
  • Identify opportunities for improvements in business use of systems
  • Provide guidance about information security policy compliance
  • Draft executive and external briefing notes, security alerts and updates, and employee communications regarding information security policy and awareness issues
  • Present security issues to varied audiences
  • Work with outside parties to perform regular cyber security audits and training and be responsible for addressing any exposures identified within the audit
  • Knowledge and understanding of software development lifecycle, from application design and development to testing,
  • implementation and production support
  • Strong focus on systems analysis, process, process improvement, and quality
  • Data-driven, analytical with strong problem-solving skills

You bring these credentials:

  • Bachelor’s degree in Information Technology (IT), Computer Science or equivalent
  • Several years of related experience including at least a few years in IT security
  • An information security certification such as Certified Information Systems Security Professional (CISSP) is an asset, but not required

Only candidates legally entitled to work in Canada will be considered for this position.

You can view this job posting and apply for the position through ICBC’s website up to May 30, 2021.

ICBC’s job is to make sure the car insurance system works for all British Columbians, today and in the future. If you want to make the most of your skills and expertise while growing your career, ICBC wants you. A career at ICBC is an opportunity to be part of a talented, diverse and inclusive team that is driven to serve its customers and community. You can expect a competitive salary, comprehensive benefits and a collaborative work environment. If you are reliable and dependable, contact ICBC today to be part of their talented and diverse team as they work together to create an insurance system that all can be proud of.

ICBC welcomes applications from all qualified job seekers. If you are a job seeker with a disability, please let ICBC know as adjustments can be made to help support you in delivering your best performance.

Job Posting — Information Protection Advisor

The Insurance Corporation of British Columbia (ICBC) has an exciting opportunity for an experienced Information Protection Advisor to work in our Information Risk Management Department. As part of this team you will gather electronic evidence to support investigations. You will provide information security governance and compliance services to corporate and divisional projects, conduct risk assessments and penetration tests, and present findings to business risk owners. You will also develop security policies and standards.

To make an immediate contribution, you will draw on your demonstrated experience:

  • Gathering electronic evidence to support investigations, including extracting and interpreting systems log files and conducting computer forensics and mobile device forensics
  • Analyzing threats and assessing information security exposures to ICBC’s information and ICBC’s information technology systems
  • Performing regular pen tests and security tests on ICBC Systems, as well as engaging third parties to perform regular penetration tests
  • Developing electronic investigation processes and procedures
  • Developing proactive monitoring rules, triaging alerts, and handling incidents
  • Recommending, creating, and updating corporate principles, policies, standards, and procedures related to information security
  • Consulting on corporate and divisional projects as an Information Security Lead, identifying information security risks, communicating with the business owners to establish impact, recommending treatment plans to remain within business risk tolerance, and tracking treatment plans through implementation
  • Collect information security metrics to monitor and enhance the information security program at ICBC
  • Creating information security awareness media, including posters, online communications, blog articles, audio and video recordings, and other media.

Position Requirements

Key to your success in this role requires you to bring knowledge related to:

  • Principles, standards, practices, and tools pertaining to information systems security
  • The ISO/IEC 27000 framework for building Information Security Management Systems
  • BC’s Freedom of Information and Protection of Privacy Act (FIPPA); and e-Discovery and Legal Hold trends and legislation
  • Strong understanding of distributed systems and how they work
  • Incident handling processes and procedures
  • Trends and developments in the information and technology security field
  • Familiarity with SOC and SIEM tools
  • Familiarity with third party audit reports such as SSAE 16, SOC 2

Due to the nature of this position, the successful candidate must meet the Canadian Border Service security clearance requirements of the Enhanced Driver License Program.

It would be considered an asset if your experience is supported by a business or technology degree and if you have industry recognized certifications such as a Certified Information Systems Security Professional (CISSP) and/or a Certified Information Systems Auditor (CISA) and/or a Certified Information Security Management (CISM) designation.

You can view this job posting and apply for the position through ICBC’s website up to May 30, 2021.

ICBC’s job is to make sure the car insurance system works for all British Columbians, today and in the future. If you want to make the most of your skills and expertise while growing your career, ICBC wants you. A career at ICBC is an opportunity to be part of a talented, diverse and inclusive team that is driven to serve its customers and community. You can expect a competitive salary, comprehensive benefits and a collaborative work environment. If you are reliable and dependable, contact ICBC today to be part of their talented and diverse team as they work together to create an insurance system that all can be proud of.

ICBC welcomes applications from all qualified job seekers. If you are a job seeker with a disability, please let ICBC know as adjustments can be made to help support you in delivering your best performance.

Job Posting — Identity and Access Management Application Developer

Raymond James Ltd. is seeking a seasoned Application Developer within the Identity and Access Management (IAM) group to work in their Burnaby office. This role will be reporting directly to the head office Raymond James Financial Senior Manager, IT Identity and Access Management Security.

Raymond James Ltd. is Canada’s leading independent investment dealer offering high quality investment products and services to Canadians seeking customized solutions to their wealth management needs.

This group of developers, engineers, and analysts own the automation of the identity lifecycle management, and other information security automation efforts for the enterprise. The developer position requires critical thinking in designing solutions while implementing best practices following the SDLC model. Projects will vary between an agile and waterfall approach.

Specifically you will:

  • Analyze system requirements, including identifying program interactions and appropriate interfaces between impacted components and sub systems;
  • Make recommendations towards the development of new code or to reuse of existing code;
  • May lead assigned projects, including assigning tasks, coordinating efforts, and monitoring performance;
  • May recommend new technologies and methodologies to management for meeting business needs, resolving problems and exploiting opportunities. Remains current with new technologies;
  • Obtain and evaluate information on factors such as reporting formats required, costs, and security needs to determine hardware configuration;
  • Participate in software system testing and validation procedures, programming and documentation;
  • Provide technical advice and assists in solving programming problems;
  • Write and/or review system specifications, including output requirements and flow charts;
  • Assist in preparing project plans using project management tools;
  • Review test results; document test activities, and record remedial actions;
  • Ensure proper analysis of problems and programming approaches to prevent rework and schedule slippage; and
  • Performs other duties and responsibilities as assigned.

To qualify for this opportunity you possess:

  • Experience with some or all of the following applications and technologies is required;
  • Bachelor’s degree (B.A.) in Computer Science, MIS or related degree and a minimum of five (5) years of relevant development or engineering experience or combination of education, training and experience;
  • Strong database experience required, preferably with prior access control experience in SQL and Oracle;
  • Experience in the following areas: Java, SQL, REST APIs, Git, PowerShell, LDAP;
  • Intermediate level knowledge of the following: Service Now integration, .Net, HP Non Stop, MongoDB, SailPoint Identity IQ, Identity and Access Management policies and controls; and
  • Flexibility to occasionally work a non-standard shift including nights and/or weekends.

This is a permanent full-time position with a competitive compensation and benefits package

If you would like to join our team, please send a resume and covering letter, quoting the position and Job Posting # 21-114 by April 23, 2021 to:

Human Resources
Raymond James Ltd.
Email: resumes@raymondjames.ca

To be considered for employment candidates will be required to provide proof of citizenship, permanent residency or eligibility to work in Canada with no restrictions. We require applicants to complete a background verification process prior to commencing employment with the company, including but not limited to a credit and criminal record check. Employment is contingent on the satisfactory completion of a pre-employment background check.

We sincerely thank all applicants who express an interest in this role: only those being directly considered will be contacted.

Raymond James Ltd. recognizes the value of a diverse workforce and appreciates the unique skills and special contribution of each employee. We are committed to accessibility for candidates through all stages of the recruitment process. Should you require accommodation, please contact Human Resources via email at resumes@raymondjames.ca.

Job posting — Security Systems Engineer

Raymond James Ltd. is seeking a Security Systems Engineer to work in their Burnaby office. This role will be reporting directly to the head office Raymond James Financial Senior Manager, IT Identity and Access Management Security.

Raymond James Ltd. is Canada’s leading independent investment dealer offering high quality investment products and services to Canadians seeking customized solutions to their wealth management needs.

The Systems Engineer manages a variety of industry leading IAM technologies and using business driven requirements, plans and designs enterprise systems infrastructure. The role evaluates and implements hardware and software products to meet Raymond James’ information security needs. The systems engineer monitors day-to-day performance of the infrastructure and works with project teams on the integration of new systems.

Specifically you will:

  • Manage the evaluation, implementation, and upgrades of new and existing products and technologies, which typically cover a broad variety of enterprise-class infrastructure disciplines;
  • Research and recommend innovative technologies and approaches for enterprise infrastructure management, upgrades, or improvements, while adhering to technical or budgetary constraints;
  • Analyze system requirements, including identifying interactions and appropriate interfaces between affected components and sub systems;
  • Proactively plan capacity of platforms and applications;
  • May participate in projects including preparing project plans, assigning tasks, monitoring statuses, coordinating efforts, validating team recommendations, integrating efforts into a comprehensive strategy and delivering results on time;
  • Write and/or review system specifications, including output requirements, flow charts and technical diagrams;
  • Be responsible for independently resolving incidents, vulnerabilities, and problems as they are identified; and
  • Be rotating on-call responsibilities.

To qualify for this opportunity you possess:

  • Bachelor’s degree in Business, Accounting and/or Finance;
  • Minimum of a Bachelor’s degree in Computer Science, MIS or related degree and five (5) years of relevant experience in assigned area or combination or education, experience and training;
  • Event/log analysis and troubleshooting skills;
  • Experience with some or all of the following applications and technologies is required;
  • Comfortable maintaining applications on Windows or Linux platforms;
  • CA Siteminder or Ping Identity for Web Access Management and Single Sign On (SSO) using SAML;
  • RSA Technologies including SecurID and Adaptive Authentication;
  • CyberArk Enterprise Password Vault (EPV) and Privileged Session Manager (PSM);
  • Ability to read and modify scripting languages such as BASH, PowerShell, and Batch;
  • Experience with some or all of the following applications or technologies is desired; and
    • F5 APM
    • Active Directory and LDAP engineering experience
    • Microsoft Public Key Infrastructure (PKI)
    • Venafi and appviewX Certificate management
    • DNS, DHCP, and IPAM
    • PING and Okta
    • Imanami
    • SailPoint
  • Event/log analysis and troubleshooting skills

This is a permanent full-time position with a competitive compensation and benefits package

If you would like to join our team, please send a resume and covering letter, quoting the position and Job Posting # 21-113 by April 23, 2021 to:

Human Resources
Raymond James Ltd.
Email: resumes@raymondjames.ca

To be considered for employment candidates will be required to provide proof of citizenship, permanent residency or eligibility to work in Canada with no restrictions. We require applicants to complete a background verification process prior to commencing employment with the company, including but not limited to a credit and criminal record check. Employment is contingent on the satisfactory completion of a pre-employment background check.

We sincerely thank all applicants who express an interest in this role: only those being directly considered will be contacted.

Raymond James Ltd. recognizes the value of a diverse workforce and appreciates the unique skills and special contribution of each employee. We are committed to accessibility for candidates through all stages of the recruitment process. Should you require accommodation, please contact Human Resources via email at resumes@raymondjames.ca.

Job Posting — Information Security Engineer

Raymond James Ltd. is seeking an Information Security Engineer to work in their Burnaby or Toronto offices. They are also open to applicants from other Canadian provinces.

Raymond James Ltd. is Canada’s leading independent investment dealer offering high quality investment products and services to Canadians seeking customized solutions to their wealth management needs.

Under the direction of the Information Security Manager, the Information Security Engineer is responsible for architecture, design, implementation, integration, administration and maintenance of enterprise security solutions. This includes, but is not limited to network, systems, endpoint, mobile, email, identity access management, cloud and application security technologies. You will be working with emerging technologies to solve challenging security problems in a fast-paced and continuously evolving environment, while helping steer the direction and evolution of the team. The Information Security Engineer will be required to participate in incident response to support the Cyber Threat Center and production support where and when appropriate. Extensive contact with internal customers, other information technology (IT) professionals, parent company (Raymond James Financial) and vendors is required to identify, research, analyze, and resolve complex security issues and problems.

Responsibilities:

  • Primary subject matter expert, support and central point of contact for security solutions.
  • Technical lead with the ability to mentor other members on the team.
  • Collaborate with and provide information security consulting to projects and initiatives.
  • Forward thinking to identify upcoming trends and security best practices on the network.
  • Lead implementation efforts of security initiatives and resolutions of any findings from internal or external assessments.
  • Ensure enterprise security standards are in place.
  • Responsible for up-time, monitoring, reliability, stability and policy maintenance of supported systems.
  • Serves as key person in troubleshooting system problems, taking ownership of problems to resolution.
  • Produces and maintains current description and documentation of policy configuration, including tracking and documenting any changes to policies.
  • Analyzes performance trends to optimize system performance.
  • Improves operations efficiency by automating administration tasks wherever possible.

Experience and Skills:

  • Minimum of a B.Sc. in Computer Science, MIS or related degree and ten (10) years of related experience or a combination of education, training and experience.
  • (ISC)² (CISSP, CCSP, ISSAP), SANS GIAC (GCCC, GCIA, GCFA, GMON, GCIH, GPEN, GREM, GXPN), Offensive Security (OCSP, OSCE) or other security vendor certification highly desirable.
  • Experience with next generation firewall, web filtering, IPS, VPN, NAC, WAF solutions.
  • Experience with anti-malware, endpoint detection response (EDR), host based intrusion detection (HIDS), host based firewall solutions.
  • Experience with email protection gateway, anti-spam solutions.
  • Experience with mobile device management (MDM), enterprise mobile management (EMM) solutions.
  • Experience with security information and event monitoring, remote logging, log aggregation, correlation solutions (SIEM).
  • Experience with vulnerability scanners.
  • Experience with encryption at rest, in transit, Public Key Infrastructure (PKI) solutions.
  • Experience with data loss prevention (DLP) solutions.
  • Experience with identity and access management (IAM), single sign on (SSO) solutions.
  • Experience with load balancer, reverse proxy solutions.
  • Experience with troubleshooting and determining root cause analysis through log/packet analysis & debugging.
  • Experience in scripting or automation.
  • Intermediate experience with Linux.
  • Sound understanding of security concepts behind the authentication, authorization and auditing (AAA) framework.
  • Sound understanding of Microsoft products such as; Windows, Active Directory, GPOs, Exchange.
  • Sound understanding of network architecture, protocols, and standards.
  • Knowledge of web application security, secure development lifecycle (SDLC), OWASP.
  • Knowledge of cloud security SaaS, PaaS, IaaS (O365, Azure, AWS, GCP), cloud access security broker (CASB).
  • Knowledge of service management frameworks (ITIL).
  • Ability to work effectively with technical and non-technical personnel in a cross-functional setting.
  • Excellent verbal and written communication skills.

Competencies:

  • Analysis: Identify and understand issues, problems, and opportunities; compare data from different sources to draw conclusions.
  • Communication: Clearly convey information and ideas through a variety of media to individuals or groups in a manner that engages the audience and helps them understand and retain the message.
  • Exercising Judgment and Decision Making: Use effective approaches for choosing a course of action or developing appropriate solutions; recommend or take actions that are consistent with available facts, constraints, and probable consequences.
  • Technical and Professional Knowledge: Demonstrate a satisfactory level of technical and professional skill, or knowledge, in position-related areas; remain current with developments and trends in areas of expertise.
  • Building Effective Relationships: Develop and use collaborative relationships to facilitate the accomplishment of work goals.
  • Client Focus: Make internal and external clients, and their needs, a primary focus of actions; develop and sustain productive client relationships.

This is a permanent full-time position with a competitive compensation and benefits package

If you would like to join our team, please send a resume and covering letter, quoting the position and Job Posting # 21-115 by April 23, 2021 to:

Human Resources
Raymond James Ltd.
Email: resumes@raymondjames.ca

To be considered for employment candidates will be required to provide proof of citizenship, permanent residency or eligibility to work in Canada with no restrictions. We require applicants to complete a background verification process prior to commencing employment with the company, including but not limited to a credit and criminal record check. Employment is contingent on the satisfactory completion of a pre-employment background check.

We sincerely thank all applicants who express an interest in this role: only those being directly considered will be contacted.

Raymond James Ltd. recognizes the value of a diverse workforce and appreciates the unique skills and special contribution of each employee. We are committed to accessibility for candidates through all stages of the recruitment process. Should you require accommodation, please contact Human Resources via email at resumes@raymondjames.ca.

April 9th, 2021 meeting

DATE:April 9th, 2021
TIME:2:00pm to 4:00pm (PDT)
VENUE:Zoom Online meeting
RSVP Required – register at Zoom
TOPIC(S):Presentation 1: Why is phishing still an issue?
Presentation 2: Setting the CISO free
PRESENTER(S):  Presentation 1: Mike Fleck (Senior Director of Sales, Cyren)
Presentation 2: Rob Newby (CEO, Procordr)

Presentation 1 detail:

ABSTRACT

Why is phishing still an issue? Let’s take a look at the tactics attackers are using and discuss why these simple, yet sophisticated, tricks allow malicious messages to evade detection. Mike will share summary statistics about the scale and type of phishing attacks and also provide detailed examples of specific incidents.

BIOGRAPHY

Mike Fleck is the Senior Director of Sales Engineering at Cyren. With over 15 years of experience in information security, Mike holds patents for transparent encryption and automated encryption key management and has been featured in Security Week, Information Security Magazine, Information Management, and NBC News. Prior to Cyren, Mike was the Vice President of Identity Protection at 4iQ, a provider of dark web threat intelligence that helps to protect consumer identities and to investigate cybercriminals. Previously, Mike was the Vice President of Security at Covata Limited (ASX: CVT) where he directed US operations and global marketing. He joined Covata in 2017, by way of acquisition of CipherPoint which he co-founded in 2010 and was CEO. His vast experience with complex Fortune 500 and Federal Government environments includes technical leadership roles at Vormetric (acquired by Thales), High Tower Software (acquired by NetForensics), Predictive Systems (NASDAQ: PRDS), and Lockheed Martin.

Presentation 2 detail:

ABSTRACT

Cybersecurity is now front page news. Companies are exposed, and CISOs need to make strategic decisions. Lack of accountability can lead to large fines and even prison time for Board members, but they aren’t being appropriately informed. Rob Newby was a new CISO in this situation 2 years ago. His board was concerned, but about the wrong things.


Rob explains what we’re doing wrong now in Security, and what simple changes can be made for the better to fix issues in reporting, strategy, governance and the demand for skills.

BIOGRAPHY

Rob is a problem solver for UK and EMEA boards, as a CISO and Security Adviser Rob has returned failing programmes and projects to the critical path, including setting up and developing multiple lines of defence in parallel, defining and delivering measurable business value. He is now the CEO of UK Cybersecurity startup Procordr, delivering strategy and governance solutions to large enterprises He previously worked as a CISO to SmartDCC, Strategic Adviser to Group CISO at Admiral Group, and at Aviva Group, he was the CISO for General Insurance and Strategic Adviser to their UK CISO.

Job Posting — Senior Business Systems Analyst (Information Security)

The Insurance Corporation of British Columbia (ICBC) is currently looking for a Senior Business Systems Analyst (Information Security) for its Information Risk Management team within the Information Services Division.

The position supports Information Risk Management to ensure ICBC meets business, legal, and stakeholder requirements for information security while managing costs. The successful candidate will be expected to function as a senior member of the Information Risk Management team, providing leadership and mentoring to team members while acting with minimal direction from the Manager.

In this role you will be working closely with business and technology stakeholders to identify business needs as they pertain to information security and seek alignment with policies, standards and other governance documents. You will take a leadership role to effectively articulate information security requirements, collaborate with team members and stakeholders such as Privacy & Freedom of Information and IT Security to facilitate the development and implementation of security processes and technology improvements. As part of your duties, you will complete risk assessments working while closely with business and technology stakeholders. You will provide ongoing reviews, improvements, and updates to existing information security policies, standards, strategies, risk assessment processes, and other governance documents and processes. You will plan, lead, and implement information security projects and initiatives while providing leadership and mentoring to other team members.

Position Requirements

You have knowledge of:

  • The ISO 27000 framework or similar information security management systems
  • Information security threats and the typical security controls used to mitigate those threats
  • Concepts of risk management, especially of the ISO 27002 and ISO 31000 risk management processes
  • Information Technology governance, risk, and compliance processes
  • Knowledge of industry standards such as NIST, COBIT, PCI-DSS, etc.
  • The BC Freedom of Information and Protection of Privacy Act (FIPPA)
  • e-Discovery and Legal Hold trends and legislation

You have skills to:

  • Evaluate risks to information and technology, including threat assessment, likelihood and impact assessment, and request executive risk management decisions
  • Demonstrated strength in facilitation and communication
  • Identify opportunities for improvements in business use of systems
  • Provide guidance about information security policy compliance
  • Draft executive and external briefing notes, security alerts and updates, and employee communications regarding information security policy and awareness issues
  • Present security issues to varied audiences
  • Work with outside parties to perform regular cyber security audits and training and be responsible for addressing any exposures identified within the audit
  • Knowledge and understanding of software development lifecycle, from application design and development to testing, implementation and production support
  • Strong focus on systems analysis, process, process improvement, and quality
  • Data-driven, analytical with strong problem-solving skills

You bring these credentials:

  • Bachelor’s degree in Information Technology (IT), Computer Science or equivalent
  • Several years of related experience including at least a few years in IT security
  • An information security certification such as Certified Information Systems Security Professional (CISSP) is an asset, but not required

You can view this job posting and apply for the position through ICBC’s website up to March 27, 2021.

ICBC’s job is to make sure the car insurance system works for all British Columbians, today and in the future. If you want to make the most of your skills and expertise while growing your career, ICBC wants you. A career at ICBC is an opportunity to be part of a talented, diverse and inclusive team that is driven to serve its customers and community. You can expect a competitive salary, comprehensive benefits and a collaborative work environment. If you are reliable and dependable, contact ICBC today to be part of their talented and diverse team as they work together to create an insurance system that all can be proud of.

ICBC welcomes applications from all qualified job seekers. If you are a job seeker with a disability, please let ICBC know as adjustments can be made to help support you in delivering your best performance.

March 12th, 2021 meeting

DATE:March 12th, 2021
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
RSVP Required – register at Zoom
TOPIC(S):Security Frameworks
PRESENTER(S):  Robert Slade (M. Sc.)

ABSTRACT

We have a whole alphabet soup of security frameworks, ranging from checklists to guidelines to salami slicers to product evaluation criteria. Most consider them simply annoyances. Some consider them annoyances that must be complied with. However, they can be of use–if you know what they are, and what they can (and can’t) do for you.

BIOGRAPHY

Robert Slade prefers to say that he is the recipient of patronage from his nation-state because he is old and wise. Others prefer to say that he is retired. Rob finds this odd, since he is not the retiring type, as can be easily determined at


https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413


It is next to impossible to get him to take bio writing seriously, but you can try at rslade@vcn.bc.ca

Job Posting — Information Protection Advisor

The Insurance Corporation of British Columbia (ICBC) has an exciting opportunity for an experienced Information Protection Advisor to work in their Information Risk Management Department. As part of this team you will:

  • gather electronic evidence to support investigations,
  • provide information security governance and compliance services to corporate and divisional projects, conduct risk assessments and penetration tests,
  • present findings to business risk owners, and
  • develop security policies and standards.

To make an immediate contribution, you will draw on your demonstrated experience:

  • Gathering electronic evidence to support investigations, including extracting and interpreting systems log files and conducting computer forensics and mobile device forensics
  • Analyzing threats and assessing information security exposures to ICBC’s information and ICBC’s information technology systems
  • Performing regular pen tests and security tests on ICBC Systems, as well as engaging third parties to perform regular pen tests
  • Developing electronic investigation processes and procedures
  • Developing proactive monitoring rules, triaging alerts, and handling incidents
  • Recommending, creating, and updating corporate principles, policies, standards, and procedures related to information security
  • Consulting on corporate and divisional projects as an Information Security Lead, identifying information security risks, communicating with the business owners to establish impact, recommending treatment plans to remain within business risk tolerance, and tracking treatment plans through implementation;
  • Collect information security metrics to monitor and enhance the information security program at ICBC
  • Creating information security awareness media, including posters, online communications, blog articles, audio and video recordings, and other media.

Position Requirements

Key to your success in this role requires you to bring knowledge related to:

  • Principles, standards, practices, and tools pertaining to information systems security
  • The ISO/IEC 27000 framework for building Information Security Management Systems
  • BC’s Freedom of Information and Protection of Privacy Act (FIPPA); and e-Discovery and Legal Hold trends and legislation
  • Strong understanding of distributed systems and how they work
  • Incident handling processes and procedures
  • Trends and developments in the information and technology security field
  • Familiarity with SOC and SIEM tools
  • Familiarity with third party audit reports such as SSAE 16, SOC 2

Due to the nature of this position, the successful candidate must meet the Canadian Border Service security clearance requirements of the Enhanced Driver License Program

It would be considered an asset if your experience is supported by a business or technology degree and if you have industry recognized certifications such as a Certified Information Systems Security Professional (CISSP) and/or a Certified Information Systems Auditor (CISA) and/or a Certified Information Security Management (CISM) designation.

You can view this job posting and apply for the position through ICBC’s website up to March 31, 2021.

ICBC’s job is to make sure the car insurance system works for all British Columbians, today and in the future. If you want to make the most of your skills and expertise while growing your career, ICBC wants you. A career at ICBC is an opportunity to be part of a talented, diverse and inclusive team that is driven to serve its customers and community. You can expect a competitive salary, comprehensive benefits and a collaborative work environment. If you are reliable and dependable, contact ICBC today to be part of their talented and diverse team as they work together to create an insurance system that all can be proud of.

ICBC welcomes applications from all qualified job seekers. If you are a job seeker with a disability, please let ICBC know as adjustments can be made to help support you in delivering your best performance.

External events February Update

OrganizationEventDateNote
CloudWorldCloudWorldFeb 18-19Free for developers & engineers
ASIS Canada Pacific ChapterWomen in SecurityFeb 18Free
Oktane21Okatane21April 6-8Free
ISACA Vancouver Chapter & Reboot Communications LTDVancouver International Privacy & Security SummitMay 5-7Commercial
SecureWorldSecureWorld Central Virtual ConferenceMay 6Commercial
BSides VancouverBSides VancouverMay 9-14Call for participation open
BC GovernmentBC Security DayMay 12Free
VanTUGVanTUG1st and 3rd Tues of each monthNext event Feb 16, Free
OWASP VancouverOWASP Vancouver4th Thursday of each monthNext event Feb 23, Free
VanCitySecVanCitySecMay not have regular meetings anymoreFree

February 12th, 2021 meeting

DATE:February 12th, 2021
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
(Please note Zoom link was updated)
RSVP Required – register at Zoom
TOPIC(S):Ransomware, Risk, and Recovery: Is Your DR Strategy Ready for Today’s Threats?
PRESENTER(S):  Sean Deuby (Director of Services, Semperis)

ABSTRACT

Disaster Recovery (DR) strategies have traditionally focused on natural disasters, then expanded into other physical events such as terrorism. Today, cyber weaponization is everywhere, and the “Extinction Event” is a genuine threat with no respect for geographic boundaries.


In 2017 the NotPetya ransomware attack impacted Maersk worldwide in under 10 minutes and cost the company over $300M. The 2018 Winter Olympics were hit by a targeted cyber attack. Ransomware attacks have become commonplace. Cyber risk directly correlates to business risk and cyber disasters strike more frequently with broader impact than their physical counterparts. Thus, modern DR strategies must prioritize cyber scenarios.


Takeaways:
Denial-of-availability malware is now the #1 risk to business operations
Cyber insurance policies are not the magic bullet they position themselves to be
New “cyber-first” DR technologies automate recovery of complex systems, facilitate recovery to the cloud, and eliminate the risk of reinfection from system state and bare-metal backups

BIOGRAPHY

Sean Deuby brings 30 years’ experience in Enterprise IT and Hybrid Identity to his role as Director of Services at Semperis. An original architect and technical leader of Intel Active Directory, Texas Instrument’s Windows NT network, and 15-time MVP alumnus, Sean has been involved with Microsoft identity technology since its inception. His experience as an identity strategy consultant for many Fortune 500 companies gives him a broad perspective on the challenges of today’s identity-centered security. Sean is also an industry journalism veteran; as former technical director for Windows IT Pro, he has over 400 published articles on Active Directory, Azure Active Directory and related security, and Windows Server. He has presented sessions at multiple CIS / Identiverse conferences.