Cyber Security Architect - RRCR

Position Summary:

The Cyber Security Architect is responsible for implementing, monitoring, and enhancing the organization’s cyber security program. This position plays a key role in protecting systems, networks, and data from cyber threats by conducting security monitoring, investigating incidents, ensuring regulatory compliance, and supporting the organization’s cyber security governance framework.

Working closely with the Technology Services team and the Compliance and Corporate Services team, the Cyber Security Specialist ensures that security controls meet internal standards as well as external requirements, including requirements related to SOC 2, ISO 27001, and those established by the British Columbia Lottery Corporation (BCLC) and Independent Gambling Control Office (IGCO).

Key Responsibilities:

Program Development

• Work collaboratively with the Technology Services team and BCLC to develop the company’s Cyber Security program and establish controls appropriate to a casino environment, and sensitive player and personal employee information.

Security Monitoring & Incident Response

• Monitor security alerts and events across SIEM and other security platforms.
• Investigate, analyze, and respond to cyber security incidents, including triage, containment, and remediation activities.
• Lead root-cause analysis and provide recommendations to prevent recurrence.
• Maintain incident response plans, runbooks, and related documentation.
• Conduct threat hunting and continuous analysis of anomalous activity.

Threat Intelligence & Risk Management

• Maintain current knowledge of cyber threats, vulnerabilities, and emerging trends relevant to the gaming and entertainment industry.
• Conduct risk assessments on new technologies, systems, and processes.
• Recommend and implement security controls to reduce risk exposure.
• Support vulnerability management processes, including scanning, reporting, and remediation tracking.
• Perform penetration testing to identify gaps and oversee third-party testing if and when required.
• Manage and oversee security vendors, including security-as-a-service, to ensure compliance with contractual requirements, including appropriate levels of monitoring and response.

Governance, Risk, and Compliance

• Support compliance with SOC 2, ISO 27001, and internal security policies and standards.
• Assist with review activities, evidence collection, and documentation.
• Ensure continuous alignment of cyber controls with regulatory requirements, including requirements set out by the Independent Gambling Control Office (IGCO) and the British Columbia Lottery Corporation (BCLC).
• Collaborate with Technology Services, Compliance and business unit leadership to establish strong information security policies that support effective and efficient service delivery.
• Implement and maintain anti-phishing awareness.
• Develop and deliver cyber security training as needed.

Security Operations & Technical Controls

• Administer, tune, and enhance SIEM rules, dashboards, and correlations.
• Manage and support key security tools, including endpoint protection, identity and access management, logging platforms, and intrusion detection systems.
• Support Technology Services in secure configuration management for servers, networks, and cloud environments.
• Collaborate with Technology Services to ensure secure deployment of applications and infrastructure.

Stakeholder Engagement & Collaboration

• Partner with internal teams to ensure security best practices are embedded in operations and projects.
• Provide security awareness training and promote a security-focused culture across the organization.
• Work with third‑party vendors, auditors, and consultants as needed.
• Communicate security risks and recommendations to technical and non-technical stakeholders.

Qualifications & Experience

Required Experience

• Minimum 5+ years of experience in cyber security roles (security operations, incident response, threat management, or similar).
• Demonstrated expertise with SIEM platforms, including monitoring, rule development, and incident investigation.
• Experience conducting cyber incident investigations and managing response actions.
• Strong understanding of threats, vulnerabilities, attack techniques, and security controls.
• Hands-on experience with SOC 2 and ISO 27001 compliance requirements and certification processes.
• Knowledge of cyber security considerations specific to the casino and gaming industry.
• The incumbent must obtain and maintain Registration with IGCO.

Education & Certifications

• Bachelor’s degree in Computer Science, Information Technology (security specialty or focus), or a related field (or equivalent professional experience).
• Preferred certifications: CISSP (Certified Information Systems Security Professional) CISM (Certified Information Security Manager) Other relevant certifications (., GIAC, CEH, CompTIA Security+) considered an asset.

Key Competencies

• Strong analytical and problem‑solving skills.
• Ability to manage sensitive information with discretion and integrity.
• Excellent communication skills, with the ability to translate technical security issues into business language.
• Demonstrated ability to work collaboratively across departments and with external partners.
• High attention to detail and commitment to operational excellence.
• Ability to work in a fast‑paced environment and handle multiple priorities.