24-33 Information Security Manager

As the Information Security Manager, you report to the Vice President of Business Transformation & Technology. Your main job is to keep our information safe in the digital world. You work closely with different parts of the company to make sure our security practices meet standards and protect our data. You also assess and report on any risks to our information, all while helping the business move forward. You're not just a tech expert; you also explain the importance of cybersecurity to leaders and oversee various security activities. In short, you're the guardian of our digital safety and compliance.

Status: Regular Full-Time, Excluded
Number of Positions: 1
Pay Grade: 19 ($98,500 - $147,800 annual base salary)

Reports to: Vice President, Business Transformation & Technology

As an Information Security Manager, you will:

• Develop, implement and monitor a strategic, information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy and recovery of information assets owned, controlled or/and processed by the organization.
• Provide regular reporting on the status of the information security program to enterprise risk teams, senior business leaders and the board of directors as part of a strategic enterprise risk management program, thus supporting business outcomes.
• Develop and enhance an up-to-date information security management framework including policies, standards and guidelines to ensure operating efficiency and regulatory compliance.
• Manage the process of gathering, analyzing and assessing the current and future threat landscape to identify risks and threats in the enterprise environment.
• Create, manage and measure the effectiveness of an information security awareness training program for all employees, contractors and approved system users.
• Work with the procurement team to ensure that information security requirements are included in contracts by liaising with vendor management and procurement organizations.
• Provide clear risk mitigating directives for projects with components in IT, including the mandatory application of controls.
• Work effectively with business units, partners, and vendors to facilitate information security risk assessment and risk management processes, and associated mitigation strategies and controls.
• Collaborate and liaise with the data privacy officer to ensure that data privacy requirements are included where applicable.
• Ensure that security is embedded in the project delivery process by providing the appropriate information security policies, practices and guidelines.
• Manage and contain information security incidents and events to protect corporate IT assets, intellectual property, regulated data and the company's reputation. In the event of a breach, oversees or performs forensic analysis.
• Coordinate the development of incident response plans and procedures to ensure that business-critical services are recovered in a security event.
• Facilitate and support the development of asset inventories, including information assets in cloud services and in other parties in the organization's ecosystem.
• Review and advise the Executive Team and the Board of Directors on the strategic implications of developments in or changes to information security that impact the business model, business processes and resources.
• Oversee the development of the annual budget for Information Security, establish and manage the goals, and build reporting and analysis of key performance indicators.

Knowledge, Skills & Experience you have:

• Minimum of 5 to 7 years of experience, with three years in an information security leadership role and a university degree or higher.
• Sound knowledge of business management and a working knowledge of information security risk management and cybersecurity technologies.
• Proven track record and experience in developing information security plans, policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic business environment.
• Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
• Professional security management certification is desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials.
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT and those from NIST, including 800-53 and Cybersecurity Framework.
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from board members to technical specialists.
• Must be a critical thinker, with strong problem-solving skills.
• High level of personal integrity, the ability to professionally handle confidential matters and show appropriate judgment and maturity.
• Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.
• Highly developed ability to influence other departments and employees to act in accordance with the Client Experience Vision.

Beyond the role:

• Community & Wellness – We recognize and respect each other’s diverse needs. We strive to maintain a healthy culture of psychological safety, belonging, and space to prioritize healthy minds and well-being. This includes Wellness Wednesday (meeting free time), flexible paid holidays, a free subscription to the Calm app, and a flexible hybrid work environment focused on connections. Our teams also enjoy giving back to the community, and having fun, whether volunteering in the community, or running together on our Sun Run team. In 2023, Technical Safety BC donated to Crisis Centre BC, Aboriginal Coalition to End Homelessness, BC Wildfire Recovery, PADS, and Rise to Thrive Foundation.
• Employee Resource Groups – We have Employee Resource Groups (ERGs) for Mental Health & Wellness, Indigenous Relations & Reconciliation, and Equity Diversity and Inclusion (EDI) to support initiatives we’re passionate about.
• Learning & Development – We value giving and receiving feedback, as well as encouraging different ways for us to continuously learn as a company. This can be through lessons learned, wrap up sessions, one-on-one meetings, and team or individual courses, workshops, and conferences. In addition, we offer up to $1500 tuition aid per calendar year to support your education and learning goals.
• Compensation & Benefits – In full transparency, you can find our industry-competitive compensation information on our postings. This role is also eligible for a variable incentive plan. For our regular employees, we have outstanding benefits that include extended health, dental and disability coverage, access to an employee and family assistance program (EFAP), competitive annual paid vacation entitlements, public service defined benefit pension plan, generous top-up allowance for new parents, and time-off for caregiving, moving, and adoption leave. We recently upgraded our mental health benefits to $1500 separate from our non-mental health paramedical services too.

About Technical Safety BC

At Technical Safety BC, we matter to each other. Together, we apply a systems mindset to safety, embrace possibility, and act on what we learn. Our culture empowers and enables innovation and connection.Our environment welcomes diverse perspectives and learning is celebrated.We make decisions based on data and use our expertise to make the safety system equitable for all.

• We make the complex simple
• We adapt

Technical Safety BC is an independent, self-funded organization that oversees the safe installation and operation of technical systems and equipment across the province. In addition to issuing permits, licences and certificates, we work with industry to reduce safety risks through assessment, education and outreach, enforcement, and research. Through simplification of our initiatives, we promote understanding and engagement, making safety accessible to everyone. As society changes, we create and adopt new ideas, skills, and tools that will enable us to meet the safety challenges of a highly-connected world.

If you are interested in this position, please apply online by 4:00 PM PT June 19, 2024. This opportunity will remain posted until filled; however, priority consideration will be given to those who apply by the deadline. To see a full list of our current opportunities or to learn more about working at Technical Safety BC, please visit our careers page .

We thank everyone who has applied to this opportunity. Applicants can check the status of their online applications by logging into their profile. Only those shortlisted for an interview will be contacted directly.