Share this Job
Apply now »

Manager IT Security Operations

Title: Manager IT Security Operations 

Company: Coast Capital Savings Federal Credit Union 

Location: British Columbia (CA-BC), Help Headquarters  

Job Type: Full-Time 

Pay Grade: 13 

Posting End Date:  

 

Together, we help empower you to achieve what’s important in your life.

 

What’s the job?

As the Manager, IT Security Operations you will be responsible for maturing and maintaining the day to day activities of the IT operational security function and team, as well as providing oversight of the key security defenses at Coast. In this role you will also be accountable for providing technical security assessments and technical assurance services for Coast’s information systems and applications.

 

 

What you’ll get to do: 

  • Develop and maintain metrics to measure the efficiency and effectiveness of the operation of IT security in order to improve and mature the security posture within the organization, along with the reporting of KPIs and KRIs
  • Develop, implement and maintain security policies, procedures, technical standards, and guidelines as it relates to the IT security operations of Coast.
  • Develop and oversee strategies to identify, detect, and prevent malicious activity
  • Responsible for IT security operations, controls and adherence to policies, ensuring alignment to the overall risk appetite of the organization and changes to regulatory and compliance policies
  • Manage, mentor, train and provide overall guidance to the operational security team.
  • Work in conjunction with the other IT managers to ensure alignment between the IT security operations team and the other IT operations and services/solution teams.
  • Ensure adequate scoping and resourcing is coordinated with the Manager, Information Security Risk and the Project Managers in the technical security assessments and assurance services on new system projects.
  • Perform as the CSIRT Manager for all cyber / information security incidents, as well as participate as a member of the IT emergency response team (ERT), and the corporate incident response team (IRT).
  • Ensure appropriate actions are taken by the CSIRT team in order to analyze, contain, eradicate, and recover from an information security incident, providing relevant updates along the way.
  • Ensure the proper monitoring of security events, alerting, and reporting by working with key stakeholders, other IT managers, and potentially other external organizations
  • Ensure SIEM and/or other security components are configured and functioning as designed and intended
  • Ensure regular technical security assessments and technical assurance services are performed and reported in a quality and consistent manner.
  • Ensure regular audit/review and assessment of privileged access to key systems and devices are performed and reported in a timely fashion.
  • Ensure that potential vulnerabilities are identified and reported to applicable IT management, along with recommendations of suitable controls and countermeasures to help mitigate.
  • Manage the relationship, service levels and deliverables of 3rd party security partners and vendors, including a 3rd party SOC.

 

 

Who are we looking for?

  • 7-10 years of relevant experience in the management of IT, at least 3 years of experience in IT Security Operations, preferably a number of years in the management of security team, technical audit or public/private practice consulting.
  • Bachelor’s degree in technology or minimum 3 year diploma in Technology and experience required. One or more of Industry security certifications such as CISSP, CISM, CGEIT, CISA required. One or more of relevant SANS and/or technical vendor/industry certification preferred.
  • Demonstrated skill in team building, development and coaching ability to motivate in a team-oriented, collaborative environment
  • Excellent organizational skills with keen attention to detail
  • Excellent communication and interpersonal skills with the ability to confidently deal with people at all levels.
  • Advanced knowledge and experience in running an in-house security operations, hybrid, or in the management of a 3rd party SOC vendor.
  • Advanced knowledge and extensive experience in risk assessing and identifying control strengths/weaknesses and opportunities for improvement of current/proposed infrastructures, systems, 3rd party ISP/ASP and cloud environments.
  • Advanced working knowledge and understanding of technical and administrative controls for web, application, client/server, database and network security controls.
  • Advanced knowledge of systems and application development, system integration methodologies, IT best practices, and information security.
  • Advanced experience in security and compliance audits, internal/external penetration analysis, and vulnerability research.
  • Advanced experience with assessing and auditing network controls such as firewalls, IDS/IDP, DNS, VPN, 2-factor authentication, port/packet filtering, VLANs, physical and logical separation of network segments, security zoning, and traffic analysis.
  • Advanced and extensive experience with administering security products and services, such as anti-virus, firewalls, DLP, SIEM, Web Security Gateways, email SPAM, etc.
  • Proficiency through experience and tenacity to seek out pertinent information from vendors and 3rd parties in their capabilities and their relative strengths and weaknesses in terms of security.
  • Proficient knowledge ISO 27001/2, COBIT and ITIL.
  • Proficient knowledge of legislation and regulations affecting information security and the financial industry, BC PIPA / PIPEDA and PCI-DSS  
  • Results and quality driven, while being open to constant changes in priority and focus
  • Member of ISSA, ISACA or part of the local information security or assurance community would be an asset.
  • Proficiency with NIST, SABSA, TOGAF and other industry best practices an asset
  • Knowledge of INTERAC, FICOM, and/or OSFI regulations an asset

Why join Coast Capital Savings?

 

We don’t mean to toot our own horn, but…

 

  • We improve Canadians’ financial well-being through providing simple financial help.
  • Employees do what’s best for our members. Every day.
  • We believe in being a great corporate citizen so we invest in our local communities by donating our time, money and expertise.
  • Our employees take advantage of the many opportunities to grow their careers.
  • Employees love having a cool place to work with modern LEED certified offices and being recognized with a virtual (and, at times, an actual) high-five.
  • Our inspiring leaders help our employees develop their talents and encourage them to be their fabulous selves.
  • We have a unique culture where we take our business seriously, but ourselves, not so much.
  • We are a Certified B Corp®. Our certification reflects our strong commitment to social and environmental performance, accountability, and transparency.
  • In 2019, we earned double kudos by being named one of BC’s Top Employers and one of Canada’s Best Managed Companies – two of the nation’s most coveted business awards, may we add.

 

Does this position inspire you?  If so, apply today at Coast Capital Savings. 

Apply now »