Share this Job
Apply now »

At Coast Capital, we’re not dreaming about a better future, we’re building one.

As a member-owned cooperative, we’re helping our members with their real goals and real challenges so they can live the real life they want. It’s what we’ve been doing for over 80 years, and it’s why today we stand almost 600,000 members strong. Plus, we invest 10% of our budgeted profits back into our community – almost $90 million since 2000 alone – because when our members do well, we believe our communities should do well too.  

Manager, Information Security

Location: British Columbia (CA-BC), Surrey   

Job Type: Full Time 

myWork Options: 

What’s the job?

The Manager, Information Security (IS) focused on Development Security Operations ( DevSecOps) you are responsible for maturing and maintaining IS functions including daily DevSecOps operations, application security assurance & testing, agile security practices, improving protective & defensive controls, translating security architecture requirements into security control configurations and on boarding new services into 24x7 Security Operation Centre for monitoring and response.  The role is also accountable for collaborating with external information security intelligence bodies for proactive defense, raising Coast Capital’s IS profile, contributing to the cyber community and developing a IS talent pipeline.


What you’ll get to do:

Develop and maintain applicable and relevant metrics to measure the efficiency and effectiveness of the DevSecOps in order to improve and mature the security posture within the organization, along with the reporting of KPIs and KRIs

Lead the development, planning and implementation of security initiatives related to overall Coast security program maturity roadmap in collaboration with senior business and IT stakeholders.

Develop and oversee strategies to identify, detect, and prevent malicious activity. Embed security testing into Continue Deliver practices.

Champion for emerging technologies and techniques that further the security and scalability of Coast systems and services.

Lead the technical security risk assessments, access management, security hardening, security testing, and security onboarding on all Coast initiatives, with a focus on introducing security and scalability early in the lifecycle of application and service development.

Drive operational efficiency through rigorous budget oversight, improve platform ROI and contract negotiations/renewals

Responsible for IS operations, controls and adherence to policies, ensuring alignment to the overall risk appetite of the organization and changes to regulatory and compliance policies. Maintain key stakeholder relationships.

Manage, mentor, train and provide overall guidance to the operational security team. Demonstrate IS thought leadership in IS community and develop an IS talent pipeline Provide coverage as the Information Security Officer as required.

Work in conjunction with the other IT managers to ensure alignment between the IT security operations team and the other IT operations and services/solution teams.

Ensure adequate scoping and resourcing is coordinated with the Manager, Security Architecture & Information Security Risk and the Project Managers in the technical security assessments and assurance services on new system projects.

Ensure regular technical security assessments and technical assurance services are performed and reported in a quality and consistent manner. Ensure security platforms are configured, maintained and functioning as intended.

Manage the overall agile DevSecOps function which includes areas of cloud & corporate infrastructure, application security, security testing and information security onboarding to align with Coast’s polices and standards

Lead and drive the DevSecOps team towards creating and automating solutions such as Continuous Integration and Continuous Delivery (CI/CD) pipelines to enhance productivity and establish workflows within the security operations and application development process.



Who are we looking for?

Minimum 7-10 years of relevant experience in the management of IT, at least 3 years of experience in IT Security Operations, preferably a number of years in the management of security team, technical audit or public/private practice consulting. 5 years of experience leading a team.

Bachelor's Degree or a diploma requiring 3 - 4 years of full-time study.

Bachelor’s degree in technology preferred. Minimum 3 year diploma in Technology and experience required. One or more of Industry security certifications such as CISSP, CISM, CGEIT, CISA required. One or more of relevant SANS and/or technical vendor/industry certification preferred.

Advanced knowledge and experience in running an in-house security operations, hybrid, or in the management of a 3rd party SOC vendor.

Advanced knowledge and extensive experience in risk assessing and identifying control strengths/weaknesses and opportunities for improvement of current/proposed infrastructures, systems, 3rd party ISP/ASP and cloud environments.

Advanced working knowledge and understanding of technical and administrative controls for web, application, client/server, database and network security controls.

Advanced knowledge of systems and application development, system integration methodologies, IT best practices, and information security.

Broad based proficiency and some in-depth knowledge in a wide range of technologies along with a solid grasp of the trends and direction for emerging technologies.

Advanced experience in security and compliance audits, internal/external penetration analysis, and vulnerability research.

Advanced experience with assessing and auditing network controls such as firewalls, IDS/IDP, DNS, VPN, 2-factor authentication, port/packet filtering, VLANs, physical and logical separation of network segments, security zoning, and traffic analysis.

Advanced and extensive experience with administering security products and services, such as anti-virus, firewalls, DLP, SIEM, Web Security Gateways, email SPAM, etc.

Proficiency through experience and tenacity to seek out pertinent information from vendors and 3rd parties in their capabilities and their relative strengths and weaknesses in terms of security.

Proficient knowledge ISO 27001/2, COBIT and ITIL.

Member of ISSA, ISACA or part of the local information security or assurance community would be an asset.

Proficiency with NIST, SABSA, TOGAF and other industry best practices an asset

Proficient knowledge of legislation and regulations affecting information security and the financial industry, BC PIPA / PIPEDA and PCI-DSS

Knowledge of INTERAC, FICOM, and/or OSFI regulations an asset

Demonstrated skill in team building, development and coaching and ability to motivate in a team-oriented, collaborative environment

Excellent organizational skills with keen attention to detail

Ability to set and manage priorities judiciously

Excellent written and oral communication skills

Excellent interpersonal skills and service oriented

Ability to present ideas in business-friendly and user-friendly language

Exceptionally self-motivated and directed

Superior analytical, evaluative, and problem-solving abilities

Ability to research, recommend and implement industry best practices

Coast Capital Savings

Why join Coast Capital?

Purpose is our North Star.  We look at everything through our purpose. It informs the advice we provide our members, the experiences and products we create, and the programs we build to support our employees and communities.

Committed to inclusion and engagement. We have an ongoing focus on equity, diversity, and inclusion and routinely track how we’re doing, and what we need to do to keep improving. We foster a culture where everyone can feel safe to be who they really are and thrive.

A career that grows with you. We believe in developing our people and promoting from within. Many employees have spent decades, and sometimes their entire careers, with Coast Capital and have progressed from the frontlines to senior leadership.

Work where you’re most effective. In 2020 the world changed, and that includes how we work. In response to COVID-19 we launched myWork, which gives employees flexibility in where they work based on the nature of their role.

Benefits that flex to the needs of you and your family.  We offer comprehensive, customizable benefits for you and your family, so you can choose what fits best for you and your lifestyle.

Retirement options. We also take care of our employees once they retire. That’s why we offer the choice of a defined contribution or defined benefit pension plan or RSP’s.

Mortgage and auto financing benefits. Employees save thousands on their mortgages and auto loans with best-in-category benefits.

Real recognition. We recognize excellence throughout the year, through an online community that lets employees give kudos and thanks throughout the year.  We’re human, which means we like to have fun with events, celebrations, and recognition throughout the year.

An award winning culture. We’re a Platinum member of Canada’s Best Managed Companies and are regularly recognized by Canada’s Most Admired Corporate Cultures and the BC Top Employers Awards.

We reinvest 10% back into the community. When we do well, our communities do well. That’s why since 2000 we’ve invested over $90 million into our member’s communities. 

Double your impact. Through our employee volunteer program, Coast Capital donates $10 for every hour you volunteer to a Canadian charity or non-profit of your choice.

Equity, Diversity & Inclusion at Coast Capital

At Coast Capital, we value diversity, equity and inclusion. We’re not all the same and we like it that way. We don’t just accept differences - we celebrate, support, and we thrive on them for the benefit of our employees, our members, and our community. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills.

COVID-19 at Coast Capital

Coast Capital Savings is committed to the health and safety of our employees, member, and communities. With this commitment in mind, Coast Capital complies with all public health mandates (provincially and/or federally, as applicable) and has implemented various safety measures, including requiring all employees to be fully vaccinated against COVID-19, and making COVID vaccination a pre-condition to employment with Coast Capital. All successful applicants must provide acceptable evidence of full vaccination against COVID-19, before any contract of employment becomes final and binding, and before your start date can be set.

Exceptions may apply where vaccination is not possible for medical or religious reasons that are protected under Canadian human rights laws. Should successful applicants require a medical or religious accommodation related to vaccination please discuss whether an exception may apply with your Talent Acquisition Advisor.

Apply now »