TitleCyber Security and Privacy Advisor
Job Summary:This position reports to the Associate Director, Information Security and is responsible for supporting IT Security and Privacy protection as it pertains to IT operations and projects. This role will support the College-wide Information Security program to protect VCC from cyber threats and support FOIPPA compliance for information systems and IT projects. This role will act as a security and privacy champion for IT and other teams.
1. Advises on and supports cyber security, operates security tools, and administers security processes.
2. Monitors security and privacy related events, detects, and responds to alerts and incidents.
3. Analyzes security and privacy related logs to identify threats, anomalies and incidents, assesses information security exposures to the College’s information technology. Conducts investigations and prepares detailed relevant reports and IT notification alerts
4. Advises on and supports cyber incidents response: performs various and escalated cyber investigations, executes and coordinates mitigation activities, performs high-level forensic analysis, and engages with the external cyber security vendors for the detailed forensic checks. Assesses privacy impact of incidents and performs privacy breach follow-up activities.
5. Ensures security of VCC data and systems on premises and in the cloud. Designs and supports cloud aware security architecture and implement appropriate security tools.
6. Advises on and supports the vulnerability management process: stays current with new cyber vulnerabilities, performs vulnerability assessments, analyzes findings, provides reports, establishes priorities, performs and coordinates remediation activities.
7. Responsible for compliance with FOIPPA and other privacy legislation as related to IT systems and projects. Provides guidance on the implementation of action items to meet compliance requirements.
8. Conducts Privacy Impact Assessments (PIAs) for IT related operations and projects. Provides guidance and recommendations relating to privacy risks and technical security controls, protocols, and advises on plans and leads risk mitigation steps.
9. Develops relevant IT Security and privacy operational reports and KPIs. Analyzes data generated by IT systems and produces required reports and KPIs for designated audience.
10. Delivers VCC’s security awareness program: develops training and exercises. Builds, schedules and runs campaigns, reports on results, and provides recommendations.
11. Develops, documents, tests, implements, and enforces information security and privacy protection policies, standards, processes, methodologies, and controls.
12. Provides overall guidance and direction to IT support staff relating to information security protection and privacy matters; acts as a SME for information security and privacy projects, advises and supports IT, other teams, and the end users.
13. Supports secure Identity and Access Management processes.
14. Advises on proper configuration of security tool and supports overall system hardening.
15. Manages vendors to deliver security and privacy protection services to VCC.
16. Stays current with cyber security and privacy landscape, analyzes industry trends, and determines potential impact on VCC IT systems and operations.
17. Performs other related duties as assigned.
Education and Experience
- Bachelor’s degree in Computer Science or other equivalent Information Technology-related studies and experience.
- Minimum of 3 years of proven information security experience.
- Proven FOIPPA compliance and PIA development experience in BC public sector organisations.
- Information security certifications are preferred (CISSP, CISA, GIAC).
- An equivalent combination of training and/or experience may be considered.
Skills and Abilities
- Extensive experience in IT security operations. Security Operations Centre (SOC) experience is an asset.
- Experience in conducting Privacy Impact Assessments in BC’s public sector organizations.
- Experience with end-user’s security awareness training and tests.
- Good knowledge of Microsoft O365, M365 and Azure AD security tools.
- Demonstrated knowledge of IT Security and IT technologies, such as anti-malware protection, firewall, email security, IPS, SEIM, AD, Windows security, Linux security, network security, disaster recovery, incident response.
- Good knowledge of information security industry standards and relevant legislation, such as NIST, ISO, CIS, PCI-DSS, COBIT, and CASL.
- Knowledge and ability to interpret and apply BC FOIPPA. Familiarity with recent and expected changes in FOIPPA.
- Knowledge of AWS and Azure IaaS security tools and cloud security architecture.
- Knowledge of, and experience with privacy enhancing best practices and industry standards.
- Familiarity with other Canadian and international privacy legislations, such as PIPEDA, GDPR, and CCPA.
- Proven ability to influence outcome without direct authority. Ability to explain security and privacy risks, and concepts to technical and non-technical audiences.
- Strong oral and written communication skills.
- Excellent interpersonal skills with the ability to work both independently and collaboratively as a member of a team. Ability to establish and maintain effective working relationships with other employees and clients.
- Excellent customer service skills with a proactive, problem-solving approach.
- Excellent organizational and time management skills with the ability to prioritize and manage several time-sensitive issues at any given time.
- Strong project management and change management skills, and ability to direct multiple complex technology projects including developing proposals and budgets, project planning and implementation.
- Ability to apply project management methodology and to deliver assigned tasks within scope and schedule.
- Ability to translate business requirement into technical and managerial security and privacy controls.
- Required to work at various locations within the College, as well as external locations, if needed.
Salary Range – Prorated based on FTE$69,725 – $92,967 – $102,263 annualized (Pay Grid 9). Normal starting salary placement is between $69,725 and $92,967. Compensation beyond the control/mid-point requires approval by the Public Sector Employer’s Council Secretariat (PSEC).
Posting Detail Information
|Type of Position||Permanent|
|Employment Type||Full Time|
|Primary Location – This position may require you to work at all VCC locations.||Broadway|
|Is this posting only for internal applicants?||No|
|Desired Start Date – May be subject to change||04/18/2022|
|Position End Date – For Temporary Positions|
|Vacation Blackout Dates|
|Number of Hours per Week||35|
|Work Schedule – Hours may vary according to the needs of the Department||9 am – 5 pm, Monday to Friday|
|Eligible for Fortnight||No|
|Special Instructions to Applicant||this position spends about 80% of time on cybersecurity and 20% on PIAs|
|Posting Open Date||04/01/2022|
|Posting Close Date||05/31/2022|
|Is this a pooled posting?||No|
How to Apply
If you are interested to apply for the position, kindly send your resume and cover letter to firstname.lastname@example.org before June 28, 11:59 PM PT with the following email subject: Cyber Security and Privacy Advisor (Vancouver Community College)