Associate Director, Cyber Security

Position Summary

BCIT’s Information Technology Services department is seeking a regular, full-time (1.0 FTE) Associate Director, Cyber Security. The Associate Director, Cyber Security oversees the operations of the Cyber Security Office and serves as a management expert and advisor on all aspects of cyber security governance, related risks and compliance, operational defense, overseeing the day-to-day detection, analysis, and response to cyber incidents, ensuring activities are being prioritized and delivered according to plans. Addresses time sensitive issues, protecting the confidentiality, integrity and authentication of users, data and IT assets across the Institute; ensuring timely resourcing and that communications and change management are being actioned. Leads the cyber security team and manages the implementation of a cyber security program to support the evolving needs of the Institute’s cyber security strategy and framework, in alignment with BCIT’s Strategic Plan and the Education Plan. Duties & Responsibilities KEY ACCOUNTABILITIES:

• Participates as a member of the IT management team, contributing to the development of strategies, plans and policies. Shares responsibility for achievements and successes, tracking and reporting cyber security metrics, incidents and IT risk management efforts.
• Oversees the daily operations of the Cyber Security function, including threat monitoring, detection, incident response, vulnerability management, and the Security Operations (SecOps) cross functional efforts to coordinate and track security remediations and risk management.
• Ensures the effective implementation and maintenance of cyber security tools, prevention technologies, threat detection, and processes to protect the information technology infrastructure and assets, including KRIs/KPIs from firewalls, intrusion detection systems, and other relevant tools.
• Directs the security threat risk assessment practice, collaborating with cross-functional teams and partners to prioritize and address identified risks; working closely with Enterprise Risk Management, Privacy & Information Access Office, and Safety & Security and Emergency Management.
• Seeks opportunities to improve the efficiency and effectiveness of cyber security architecture and operations. Provides expertise and contributes to the creation and enforcement of cyber security policies, procedures, and standards across Institute.
• Establish a continuous vulnerability risk management practice and tools by proactively identifying and addressing security weaknesses and gaps across all digital assets, including Research, Facilities, and Learning & Teaching enterprise systems and software
• Directs specific cyber security projects and initiatives, in partnership with IT management, ensuring they are completed on time and within budget.
• Acts as the primary point of contact for cyber security escalations and complex security issues, providing expert guidance and decision-making support.
• Plans and manages technology-based risk assessments and security audits to identify vulnerabilities and recommend mitigation strategies. Ensures compliance with relevant cyber security regulations and standards, in alignment with NIST Cyber Security Framework (CSF) 2.0
• Supports the development and maintenance of cyber security incident response plan and leads efforts during security incidents to minimize impact and facilitate recovery.
• Manages the response and reporting for cyber security incidents, coordinating efforts across the cyber security team and with other departments as needed. Conducts post-incident reviews to identify lessons learned and implement improvements to the BCIT’s cyber security posture.
• Collaborate with IT leaders, academic departments, and external partners to integrate cyber security practices across BCIT. Communicate cyber security risks and best practices to faculty, staff, and students through training and awareness programs.
• Participates in the evaluation and management of third-party vendors and service providers in collaboration with Procurement Services to ensure they meet the BCIT’s cyber security requirements.
• Develops and tests disaster recovery and business continuity plans to ensure preparedness in the event of a major cyber security incident.
• Provides leadership oversight and support into confidential and sensitive requests including Freedom of Information (FOI) requests for records under FOIPPA or related legislation.
• Provide leadership, motivation, coaching, professional development and support to foster engagement and a focus on customer service.
• Manages reporting staff, including selection, coaching, mentoring, development, performance management and all other people-management practices. Collaborates with the Chief Information Security Officer on workforce planning and performance-related matters.

Qualifications QUALIFICATIONS & REQUIREMENTS:

• Bachelor’s Degree in Information Security and/or cyber security risk management.
• Related certification(s) such as CISM, CISSP or CRISC or equivalent
• Minimum of seven (7) years of demonstrated and progressive work experience pertaining to most current and relevant improvements and practices, leading in matrix organizations at progressive levels of responsibility.
• An equivalent combination of education and experience may be considered.
• Advanced working knowledge of concepts, theories, practices and techniques in information management and cyber security.
• Solid knowledge of cyber security frameworks, industry regulations and standards such as ISO 27001/27002, Center for Internet Security (CIS) Critical Controls, NIST CSF etc.
• Solid understanding of technology risks, risk assessment and risk-based decision-making.
• Excellent ability to lead cross-functional teams; engage internal partners and motivate staff in a unionized environment.
• Solid leader and change agent; passionate about the ongoing improvements of safety and security of information management.
• Excellent business acumen, project management and planning skills, with the ability to establish processes and manage achievements against key metrics.
• Strong research and problem-solving skills with good command on change management and information governance management practices.
• Exceptional people management and coaching skills with excellent oral and written communication skills, including the ability to explain cyber security risks, concepts, technologies and solutions in business terms, establish rapport, provide guidance and persuade others.
• Excellent business acumen and planning skills, with ability to establish processes and manage achievements against key metrics.
• Experience working and managing in an Information Technology environment within a large, complex and unionized environment preferred.

Additional Information Benefits – Why you’d love working with us

• Competitive pay
• Minimum of twenty-five days of vacation
• Competitive employer-paid extended health and dental plan including access to a Health Care Spending Account of up to $500 if eligible!
• Defined benefit pension plan with employer contributions
• Flexible hybrid work arrangements available
• Professional Development funds and resources
• Access to most BCIT Flexible Learning courses free of charge
• Wellness and Employee Assistance programs
• Complimentary membership with free access to the Fitness Centre, Gymnasium, and more
• Eligibility requirements apply, benefits may vary depending on the employee group the position belongs to and whether the position offered is temporary or part-time. For more information on our generous benefits, click here!

BCIT is committed to the principles of equity, diversity & inclusion and to promoting opportunities in hiring for systemically oppressed groups who have been excluded from full participation at BCIT and the larger community. This includes Indigenous Peoples, women, racialized persons, persons with disabilities and those who identify as 2S/LGBTQIA+. All qualified candidates are encouraged to apply; however, Canadian citizens and permanent residents will be given priority.

Persons with disabilities who require accommodation for any part of the application or hiring process should contact us using our contact form. Please note that all applications must be submitted via the careers page portal. Applications submitted through the contact form will not be accepted. For additional information, please visit our frequently asked questions (FAQs) page and see how we hire.
The British Columbia Institute of Technology acknowledges that our campuses are located on the unceded traditional territories of the Coast Salish Nations of xwməθkwəy̓əm (Musqueam), Sḵwx̱wú7mesh (Squamish), and səl̓ilwətaɁɬ (Tsleil-Waututh).