You're using an older version of Internet Explorer that is no longer supported. Please update your browser.

Information Security Engineer

Surrey, BC
Full Time
6 days ago
Location:British Columbia (CA-BC)
Job Type:Full Time
myWork Options:In-person, Hybrid, Remote

Role Purpose:
The Information Security Engineer is responsible for the operational security activities and the oversight activities of key security defense at Coast. The Information Security Engineer is also responsible for technical security assessments and assurances of Coast's information systems and applications as well as the security monitoring and technical components required in order to analyze and contain a security incident.

Corporate Responsibility:
At Coast Capital Savings (CCS), one of our goals is to be recognized as one of Canada's leading companies. We strive to have a positive economic, environmental and social impact, providing responsible leadership in the marketplace, the workplace and in the communities where we live and work. We operate in a regulated environment whereby public trust is paramount. As a company and as employees, we will conduct ourselves with the highest standards of integrity and professionalism without exception, at all times.

Individual Key Contributions/Responsibilities:
Operations -
  • Participate as part of the Change Advisory Board and/or designated approver in the review of major or significant changes as it pertains to the confidentiality, integrity, and availability of the production infrastructure.
  • Review and advice on procedures at the technical system level by developing and maintaining security best practice guidelines, standards or policies, such as for securing servers, workstations, laptops, network devices, etc.
  • Regularly conduct audits of privileged access accounts. Track privileged accounts. Document and report exceptions in a timely fashion.
  • Regularly conduct security, penetration and vulnerability assessments on infrastructure, systems and applications.
  • Follow up and regularly report on the remediation activities and progress made by the applicable ITG teams around identified vulnerabilities and risks.
  • Assist in the development, configuration and monitoring of SIEM and/or other security components in the alerting, analysis, and reporting of security events.
  • Program Coordinator -
  • Contribute to developing applicable and relevant metrics to measure the efficiency and effectiveness of the operation of security and of the program in order to improve and mature the security posture within the organization.
  • Security -
  • Maintain knowledge and skills in order to stay current on emerging threats and issues, trends and technology solutions.
  • Provide technical expertise, support and training to staff on security practices and during system level assessments.
  • Assist with the risk analysis in the technical aspects of applications and infrastructure to ensure adequate levels of security are deployed at the system level.
  • Responsible in the identification of potential vulnerabilities within systems, networks, DBs, applications and recommend suitable controls and countermeasures to mitigate such vulnerabilities.
  • Coordinate regulatory and other audit requests with applicable ITG and business teams, as required.
  • Under the general direction of the CSIRT Technical Lead, take actions as part of the CSIRT process in order to analyze, contain, eradicate, and recover from an information security incident, providing relevant updates along the way.
  • Provide guidance to other IT operational teams around cyber threats and potential technical and non-technical mitigating controls.

  • Qualification:
    Minimum Job-Related Experience -
  • Minimum 4 - 6 Years of Job-Related Experience .
  • 5-7 years of relevant experience in IT, preferably a number of years in a hands on security, technical audit or public/private practice consulting .
  • Minimum Formal Education -
  • Bachelor's Degree or a diploma requiring 3 - 4 years of full-time study .
  • Bachelor's degree or technical diploma in a related field. One or more Industry security certifications such as CISSP, CRISC, CISM and/or CISA One or more relevant SANS and/or technical vendor/industry certification required.
  • Minimum Technical Skills -
  • Advanced knowledge and extensive experience in risk assessments, and identification of control strengths/weaknesses and opportunities for improvement of current/proposed infrastructures, systems, 3rd party ISP/ASP and cloud environments .
  • Advanced working knowledge and understanding of technical and administrative controls for web, application, client/server, database and network security controls .
  • Advanced knowledge of systems and application development, system integration methodologies, IT best practices, and information security .
  • Broad based proficiency and some in-depth knowledge in a wide range of technologies along with a solid grasp of the trends and direction for emerging technologies .
  • Advanced and experience in security and compliance audits, internal/external penetration analysis, and vulnerability research .
  • Advanced experience with assessing and auditing network controls such as firewalls, IDS/IDP, DNS, VPN, 2-factor authentication, port/packet filtering, VLANs, physical and logical separation of network segments, security zoning, and traffic analysis .
  • Advanced and extensive experience with administering security products and services, such as anti-virus, firewalls, DLP, SIEM, Web Security Gateways, email SPAM, etc .
  • Hands on proficiency with Microsoft enterprise level products and Unix/Linux based environments and technologies .
  • Proficiency through experience and tenacity to seek out pertinent information from vendors and 3rd parties in their capabilities and their relative strengths and weaknesses in terms of security .
  • Proficient knowledge ISO 27001/2, COBIT and ITIL .
  • Member of ISSA, ISACA or part of the local information security or assurance community would be an asset .
  • Proficiency with NIST, SABSA, TOGAF and other industry best practices an asset .
  • Proficient knowledge of legislation and regulations affecting information security and the financial industry, BC PIPA / PIPEDA and PCI-DSS .
  • Knowledge of INTERAC, FICOM, and/or OSFI regulations an asset .
  • Minimum Non-Technical Skills -
  • Excellent organizational skills .
  • Ability to set and manage priorities judiciously .
  • Excellent written and oral communication skills .
  • Excellent interpersonal skills .
  • Ability to present ideas in business-friendly and user-friendly language .
  • Exceptionally self-motivated and directed .
  • Keen attention to detail .
  • Superior analytical, evaluative, and problem-solving abilities .
  • Exceptional service orientation .
  • Ability to motivate in a team-oriented, collaborative environment .
  • Ability to research, recommend and implement industry best practices .

  • At Coast Capital, we value diversity, equity and inclusion. We're not all the same and we like it that way. We don't just accept differences - we celebrate, support, and we thrive on them for the benefit of our employees, our members, and our community. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills.

    Why join Coast Capital? Purpose is our North Star. We look at everything through our purpose. It informs the advice we provide our members, the experiences and products we create, and the programs we build to support our employees and communities.
    Committed to inclusion and engagement. We have an ongoing focus on equity, diversity, and inclusion and routinely track how we're doing, and what we need to do to keep improving. We foster a culture where everyone can feel safe to be who they really are and thrive.
    A career that grows with you. We believe in developing our people and promoting from within. Many employees have spent decades, and sometimes their entire careers, with Coast Capital and have progressed from the frontlines to senior leadership.
    Work where you're most effective. In 2020 the world changed, and that includes how we work. In response to COVID-19 we launched myWork, which gives employees flexibility in where they work based on the nature of their role.
    Benefits that flex to the needs of you and your family. We offer comprehensive, customizable benefits for you and your family, so you can choose what fits best for you and your lifestyle.
    Retirement options. We also take care of our employees once they retire. That's why we offer the choice of a defined contribution or defined benefit pension plan or RSP's.
    Mortgage and auto financing benefits. Employees save thousands on their mortgages and auto loans with best-in-category benefits.
    Real recognition. We recognize excellence throughout the year, through an online community that lets employees give kudos and thanks throughout the year. We're human, which means we like to have fun with events, celebrations, and recognition throughout the year.
    An award winning culture. We're a Platinum member of Canada's Best Managed Companies and are regularly recognized by Canada's Most Admired Corporate Cultures and the BC Top Employers Awards.
    We reinvest 10% back into the community. When we do well, our communities do well. That's why since 2000 we've invested over $90 million into our member's communities.
    Double your impact. Through our employee volunteer program, Coast Capital donates $10 for every hour you volunteer to a Canadian charity or non-profit of your choice.

    Equity, Diversity & Inclusion at Coast Capital At Coast Capital, we value diversity, equity and inclusion. We're not all the same and we like it that way. We don't just accept differences - we celebrate, support, and we thrive on them for the benefit of our employees, our members, and our community. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills.

    COVID-19 at Coast Capital Coast Capital Savings is committed to the health and safety of our employees, member, and communities. With this commitment in mind, Coast Capital complies with all public health mandates (provincially and/or federally, as applicable) and has implemented various safety measures, including requiring all employees to be fully vaccinated against COVID-19, and making COVID vaccination a pre-condition to employment with Coast Capital. All successful applicants must provide acceptable evidence of full vaccination against COVID-19, before any contract of employment becomes final and binding, and before your start date can be set.
    Exceptions may apply where vaccination is not possible for medical or religious reasons that are protected under Canadian human rights laws. Should successful applicants require a medical or religious accommodation related to vaccination please discuss whether an exception may apply with your Talent Acquisition Advisor.
    Engineering Law Enforcement and Security