Manager It Security Risk Compliance Job In Vancouver

Job Description

Posted Wednesday, June 12, 2024 at 7:00 AM

Do you want to work for one of BC’s Top Employers for 2024 and join an innovative, technology-driven and growth-focused organization?

LandSure Systems Ltd. (LandSure ) is looking to hire a Manager, IT Security, Risk and Compliance to join our Technology division!

Who we are:

LandSure is a subsidiary of the Land Title and Survey Authority of BC (LTSA), a publicly accountable, statutory corporation that manages BC's land title and survey systems. Our team of nearly 100 employees supports the LTSA through information system consulting services, project management, customer support, and communications.

We offer meaningful work in the public interest. In support of the Province’s 30-point housing plan, LandSure has helped the LTSA build and launch the Condo and Strata Assignment Integrity Register as well as the Land Owner Transparency Registry, a first-of-its-kind registry.

We offer an innovative, performance-driven culture. We have helped the LTSA become a leader in automated property registration and through technology, we are reducing turnaround time for customers and improving the consistency, accuracy and efficiency of the LTSA’s services. We also build and manage innovative products such as ParcelMap BC and AUTOPROP, which support access to information for the land and real estate sectors.

We offer balance. LandSure provides employees with the ability to work for a stable, independent, values-driven technology company. The environment is entrepreneurial, innovative, and fast-paced yet supportive. Our culture is of mutual respect, constantly improving our professional and personal skills, and celebrating our accomplishments.

We believe in a hybrid of remote and in-office work and know you'll love our downtown Vancouver office as much as we do! Our employees can work either entirely in the office, or a hybrid of both remote and in-office. Therefore, applicants must currently live in British Columbia or have plans to relocate to British Columbia.

Visit landsure.ca/careers to learn more about why it's great to work at LandSure, including 3 weeks vacation to start, a generous bonus program, and a $650 health spending account.

What you'll do:

Reporting to the Director, Corporate IT, the Manager, IT Security, Risk and Compliance is responsible for all aspects of the Land Title and Survey Authority of BC’s (LTSA) IT Security Program including ensuring that security controls for applications, infrastructure, networking and the cloud meet the organization’s needs, and that the appropriate IT security policies and procedures are in place and operating effectively.

Working closely in collaboration with the Infrastructure, Technical Support Services, and R&D teams, among others, in addition to external vendors, this position has management responsibility for the IT Security Advisor and Security Analyst roles.

Key Responsibilities

• Develop, maintain, and advance the long-term IT Security framework to continuously improve LTSA security posture and risk mitigation
• Develop, amend, and drive acceptance of IT Security policies, processes, procedures, and standards and propagate a general security awareness throughout the company
• Create and maintain a multi-year IT Security roadmap for progressing the strategic direction of the corporate security program
• Develop and maintain the security awareness training programs for;
• onboarding new employees and contractors
• existing employees and contractors
• quarterly KnowBe4 phishing campaigns
• Initiate and foster internal relationships with stakeholder teams such as Risk Management, Privacy, Legal, and Human Resources to build-out and maintain a network of security advocates throughout the organization
• Collaborate with various business units and the Manager, IT Infrastructure and Manager, Technology Support Services, to ensure security of LTSA systems and applications
• Maintain and test appropriate IT security and controls to ensure the confidentiality, integrity, and availability of information assets
• Ensure that IT solutions and processes comply with security (and corporate) policies, recommend changes when needed and perform auditing as required Manager, IT Security, Risk and Compliance March 2024
• Perform and drive continuous improvement of security monitoring activities to proactively identify security incidents, report on incidents as well as on inherent and residual threats/risks
• Perform IT Security due diligence, including Security Assessments and Privacy Impact Assessments, on all new corporate software, SaaS, and infrastructure acquisitions
• Enhance the LTSA vulnerability management program to identify, remediate or mitigate vulnerabilities from the environment on a timely basis
• Conduct regular network and application scanning activities including periodic penetration tests
• Assume the role of Incident Action Team Coordinator to own and investigate IT Security incidents, if they were to occur, and drive forensic analysis with internal and, where appropriate, external parties for containment and remediation as required
• Participate in or lead the project planning, scheduling, and implementation of new security initiatives
• Manage security related vendor relationships and purchasing requirements
• Plan, coordinate, monitor and manage the work of all assigned team members including performance, career development and attendance management
• Provide regular reporting to CIO for the Executive Committee and Board of Directors
• Assist the Director, Corporate IT with annual CapEx and OpEx budgeting requirements.

Education and Experience

• Bachelor’s degree in Computer Science, Engineering or Information Systems Management or equivalent experience
• 8 – 10 years of progressive experience in an information security role plus a strong background or working knowledge (8 – 10 years) of IT Infrastructure operations
• A certification in one or more of the following is desirable:
• Certified Information Systems Security Professional (CISSP)
• Certified Cloud Security Professional (CCSP)
• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)
• Cybersecurity Practitioner Certification (CSX-P)
• ISO 27001 Lead-Audit Knowledge

Knowledge, Skills, and Abilities

• Advanced working experience in the following areas: incident response, system, application and network security, vulnerability management, threat modelling, penetration testing, web and network protocols, encryption technologies, security monitoring and cloud security
• Strong knowledge of internet, LAN and WAN technologies, cloud computing, virtualization technologies, SaaS, Infrastructure as a Service, network devices, firewalls, and Intrusion Prevention
• Experienced with using enterprise class incident management tools, trouble ticket systems, asset tracking and asset management systems, centralized deployment tools for software and patches, file integrity monitoring, log monitoring, system availability monitoring and alerting tools
• Knowledgeable with change management systems and processes and experienced with implementing and maintaining change management workflows
• Practical and operational experience with cyber security services and tools (Rapid7, CloudFlare, Imperva, AWS Security Services, Azure Security Services, etc.)
• Working knowledge and hardening skills on Cloud technologies including AWS and Azure Manager, IT Security, Risk and Compliance March 2024
• High level of technical understanding and competence with the ability to quickly analyze situation and dive in to lead and coordinate troubleshooting and problem solving activities insuring proper follow up for post-incident analysis, root cause analysis as well as planning and implementing permanent fixes
• An avid learner committed to keeping up to date with latest technologies and industry innovations
• Knowledge and experience working with various information security frameworks (ISO/IEC 27001, NIST 800-53, COBIT5, etc.) and regulatory frameworks (FIPPA, PIPEDA, SOX, PCI-DSS 3.2, HIPAA, GDPR, etc.)
• Ability to think strategically and to anticipate and plan changes and upgrades for future organizational and business needs
• Strong interpersonal and communication skills with the ability to establish strong partnerships with vendors and stakeholders while setting clear expectations
• Ability to plan and organize, as well as demonstrate responsiveness and flexibility in a sometimes high-pressure, fluid environment
• Motivation to create solutions that are practical and cost-effective that are relevant to corporate business objectives and challenges
• A self-starter that takes initiative to contribute to the overall performance and success of the practice.
• The drive to manage tasks and projects to successful completion to meet the targeted deadlines.
• The ability to multitask with strong time management skill.

We are committed to fostering a safe, respectful, and inclusive workplace where all employees can share their diverse views, skills and backgrounds. Valuing employee diversity strengthens workplace trust and enhances our ability to innovate in service of our customers and partners. Our hiring practices reflect this and we are committed to ensuring that our workforce reflects where we live and work. Consider joining our team and being part of an innovative, inclusive and rewarding workplace.

Please note applicants must be legally authorized to work in Canada.