Job Title: Senior Information Security Specialist
Division: Business Technology
Classification: ASO-04, Salary Range 6
Reporting Relationship: Manager, Information Security
The Senior Information Security Specialist role supports BCLC’s Cybersecurity program and protects BCLC’s information assets. This role performs senior level duties required to improve and sustain BCLC’s information security posture. This role also supports projects and business operations by taking a lead role identifying information security risks, recommending appropriate controls, and actively applying technical mitigation strategies within security technology. Additionally the Senior Information Security specialist brings deep technical capabilities to support the Cybersecurity program.
- Leads Cybersecurity projects as directed by the Cybersecurity program.
- Cultivates relationships with domain owners, evangelizing cyber security and selling the value of good information security risk management to the organization.
- Develops domain expertise to maintain a deep understanding of BCLC’s key business systems and processes, identifying information security risks and leading the response to related information security incidents.
- Develops and maintains field specific information security strategies for consideration and input into the Cybersecurity program.
- Contributes to corporate projects as an information security subject matter expert, analyzing solutions, processes & infrastructure, and recommending appropriate information security controls.
- Performs information security vulnerability, penetration, compliance & risk assessments, and recommends remediation activities to protect BCLC’s information assets.
- Develops recommendations for secure solutions, coordinating closely with enterprise architecture teams, enhancing the security architecture repository, and developing secure design patterns & principles.
- Conducts forensic reviews of platforms, systems and devices during and post incident, ensuring that data is properly handled and chain of custody is preserved for potential presentation in court.
- As directed by the Cybersecurity program, takes a lead role in developing and delivering information security training programs and mentoring staff, both inside and outside of the Information Security team.
- Continuously develops sharp technical skills, quickly getting up to speed on new technology, trends, types of vulnerabilities, exploits and risks to BCLC’s information assets.
- Provides technical expertise and support to BCLC’s privacy and compliance functions.
- Enhances the day-to-day monitoring of the integrity of systems and infrastructure components and coordinates with the Managed Security Service provider.
- Contributes to the development and maintenance of information security policies, standards and procedures, and where needed supports the development of applicable technology standards.
- Provides information on system configurations, accounts and information security practices to auditors and regulators as directed by the Cyber Security management team.
- Responds to complex requests and handles escalations for major issues.
Minimum Required Qualifications
Education and Experience
- A degree or diploma in Information Security or equivalent in a related discipline;
- At least one Information Security certification, such as CISSP, CISM or GSEC is required;
- Technology administration certifications such as MCSE, CCIE or RHCE are an asset;
- 4-6 years of progressive experience in information security;
- Experience assessing the security of web, cloud computing, SaaS and mobile applications;
- Experience producing information security metrics and reporting;
- Experience working with information security systems: SIEM, DLP, IDS/IPS, SOAR, and EDR is desirable;
- Experience in security controls and integrations related to Microsoft 365, AWS, and SaaS implementations.
- An equivalent combination of education and/or experience may be considered.
- Strong knowledge of information security frameworks, and security standards and regulations related to data privacy and security;
- Excellent oral and written communication skills, including the ability to write reports and document procedures;
- Proven ability to deal with highly sensitive matters with a high degree of tact and diplomacy;
- Excellent organizational skills with the ability to prioritize items;
- Excellent innovation in problem solving and analytical thinking;
- Excellent business acumen;
- Excellent ability to manage relationships at all levels with customers, leaders, contractors and team members to effect change.
How to Apply
If you are interested to apply for the position, kindly send your resume and cover letter to firstname.lastname@example.org before December 9, 11:59 PM PT with the following email subject: BCLC – Senior Information Security Specialist.