Senior Cyber Security Specialist

Position : Senior Cyber Security Specialist

Location : Vancouver, Canada

Department : Information Technology

Reports To : Manager, Infrastructure & Cybersecurity

Position Summary

The Senior Cyber Security Specialist works as a member of the Infrastructure and Operations team. Their primary focus is to protect our network and systems from cyber-attacks as well as owning and maintaining our cyber policies and procedures.

The role includes performing assessments of company security posture, reviewing and responding to suspicious activities, managing escalated security incidents, and communicating to leadership on cyber security measures.

They will be responsible for cyber security operations such as managing and configuring our security-related toolsets such as Microsoft Defender, Crowdstrike, firewalls, core network and performing cyber security assessments.

This is a key role in our Infrastructure and Operations team. This role frequently collaborates with enterprise risk and audit groups and the EIA Team (vessel side operational systems).

Accordingly, they will be responsible for taking the lead in presenting findings and recommendations to leadership in alignment with the overall technology roadmap and business objectives.

Major Responsibilities

General

• Maintain / manage SIEM services, vulnerability management infrastructure, and other related security tools.
• Monitoring and investigation of alerts, conducting triage and escalating by following the incident response plan / process.
• Perform threat hunting to detect and isolate threats and provide recommendations to technical teams.
• Develop and maintain use cases; secure design solutions to meet business challenges and requirements.
• Ensure adequate protection and monitoring for all external-facing assets and applications.
• Create dashboards, generate reports for all security tools and monthly KPI reporting on security compliance.
• Maintain, review and update SOP / process documents for all security tools and general cyber processes within the company.
• Respond to security inquiries from employees, auditors, clients, and other stakeholders.
• Lead internal cyber security audits and cyber security drills.
• Maintain up-to-date understanding of security threats, countermeasures, security tools, and Cloud Security and SaaS technologies.

Event Management

• Responsible for the monitoring and processing of service requests across multiple platforms.
• Ensure problems are quickly identified through review and engage appropriate operations / support personnel to resolve promptly while providing the highest possible level of service to clients.
• Review significant errors with management and recommend permanent solutions to avoid reoccurrence and identify the potential impact to the company.

Problem Management

• Identification and documentation of escalations / gaps / trends to reduce problem re-occurrences.
• Work with members of the team to drive solutions to open problems.

Information Security Management

• Identify and report security risks in accordance with compliance.
• Lead the testing and evaluation of new cybersecurity products.
• Create and update cybersecurity policies.
• Liaise with internal stakeholders concerning cyber security issues and provide solutions and recommendations.
• Maintain an information security risk register and assist with internal and external audits relating to information security.
• Assist with the creation, maintenance, and delivery of cyber security awareness training for employees.
• Administer and update next-gen antivirus (EDR / XDR) products as needed.
• Develop and maintain an integrated cyber security compliance framework that meets legal and regulated cyber security requirements across company operating groups, ensuring alignment with industry best practices and company’s information security policies and standards.
• Maintain the IT compliance program, ensuring critical controls are in place and functioning as expected and that the company is compliant with legal and regulatory requirements.
• Provide input to creating and maintaining cyber security policies and standards, ensuring that legal and regulatory requirements are addressed while aligning with required frameworks and standards.
• Research and evaluate emerging cyber security threats and ways to manage them.
• Conduct risk and vulnerability assessments. Identifying potential weaknesses and implementing measures, such as firewalls and encryption.
• Monitor for attacks, intrusions and unusual, unauthorized, or illegal activity. Investigating security alerts and providing incident response.
• Playing an active part in the infrastructure team : helping to build an inclusive environment, sharing knowledge, and promoting development best practices.
• Providing out-of-hours support on a rota basis.
• Other tasks as required.

Requirements (Knowledge, Skills & Abilities)

• Diploma or certificate in Computer Science, Computer Systems Engineering or a related field; or a demonstrated equivalent combination of education, training, and experience.
• The ideal candidate will have 3-5 years of experience in managing various security tools and processes.
• Incident detection and response.
• SIEM deployment.
• SOC management.
• Security processes and procedures.
• Vulnerability management.
• Endpoint protection.
• DLP deployment.
• Network / Cloud Security (Firewall, IPS).
• Experience working with corporate infrastructure experience (VMWare / Windows, M365).
• Cloud experience (Azure).
• Strong communication skills and the ability to accommodate different points of view of various stakeholders to find a standard solution, particularly at times of pressure or threat.
• Good presentation skills.

Preferred

• Experience working with Network and Application Firewalls, DLP, EPP, PAM, Email Security.
• Experience working with the Crowdstrike Falcon and Microsoft Defender platforms.
• Knowledge of popular operating systems (Windows, Linux, Mac OS), cloud platforms (AWS, GCP, Azure) and networking protocols (TLS, DHCP, DNS, etc.)
• Knowledge of common security frameworks such as ISO27001, HITRUST CSF and BIMCO.
• Excellent technical knowledge of mainstream operating systems and a wide range of security technologies, such as network security appliances, identity, and access management (IAM) systems, anti-malware solutions, automated policy compliance tools, and desktop security tools.
• Understands and can explain to others the core processes, risks, and mitigation techniques for designated areas.
• Develops and implements data collection systems and other strategies that optimize statistical efficiency and data quality.
• Identifies, analyzes, and interprets trends or patterns in complex data sets.
• Awareness of industrial OT (operational technologies) with similar organization.
• Security certifications (Security+, CISSP, CEH, SANS, vendor-specific certifications).

Benefits Package

• Target Annual Bonus Plan
• 17 vacation days, growing to 30 days with service, plus statutory holidays
• 100% company paid benefits for employee and direct dependents includes extended health, dental, vision, group life insurance, AD&D, STD and LTD
• Health Care Spending Account of CAD500 / year
• Global Medical Assistance
• Employee Assistance Program
• Flexible Spending Allowance CAD 1,500 / year

About Us

Seapeak is one of the world’s largest independent owner-operators, with ownership interests in over 90 LNG, LPG, Ethane and multigas carriers, and an LNG regasification terminal.

With investment from our sponsor, leading alternative investment firm, Stonepeak, there has been a positive repositioning for our company with focus on growth-based commercial diversification.

Delivering on our goals to expand our fleet and diversify our portfolio, Seapeak has most recently acquired Evergas for $700 million, which primarily focuses its operations on the shipment of ethane an even greener global fuel source.

Our business is important we are powering the day-to-day lives of so many and we are looking to build our Team to support our growth through acquisition and newbuild orders.

At Seapeak, we are committed to building successful careers and future leaders. Join us! For the chance to be empowered, to make decisions and be part of a supportive, high-achieving Team.

We set the standard for industry. We are solution driven, accountable for results and measured by success.

WeSetTheCourse

LI-hybrid

J-18808-Ljbffr