We have a permanent, full-time opportunity for an Information Security Specialist in the Innovation and Technology Group. The successful candidate will be a security advocate with IT teams, business stakeholders and end users to design, integrate, and advance Information Security in alignment with the Airport Authority’s business objectives while meeting its compliance, legal and regulatory requirements.  

Reporting to the Manager, Technology Services (Cyber Security), the Information Security Specialist will be responsible for security operations and administration and providing IT security support and guidance to ensure that YVR’s technical infrastructure and applications meet and/or exceed the defined security policies.

Key responsibilities include:

  • Provide technical support and system administration on various security technology such as security information event monitoring (SIEM), vulnerability management, privilege access management, data protection platforms and multi-factor authentication
  • Monitor and analyze technical security controls to detect, report and remediate security incidents 
  • Serve as internal technical point of contact with external managed security monitoring service in incident handling response for information security incidents
  • Manage, measure, and audit the Managed Security Services vendor to established contractual and compliance requirements for security monitoring
  • Providing on-call support on a scheduled basis to ensure that any high severity security incidents are resolved in the most expedited manner
  • Provide technical risk assessment, security support and guidance for IT projects/solutions/requests to ensure security controls are reasonably deployed to mitigate risks
  • Participate in change advisory board to review and evaluate planned technology changes in terms of information security risks
  • Manage, conduct and optimize vulnerability scans on IT infrastructure and systems
  • Assess and provide data with recommendations and see to completion for monthly patching to mitigate/remediate organizational risk
  • Research and track information about current security threats, potential vulnerabilities from trusted news sources/external feeds to develop communication plans and/or programs to raise awareness and assess overall enterprise risk exposure as well initiate remediation/mitigation
  • Collect, generate, monitor and analyze IT operations security metrics to measure the effectiveness of the IT security management processes
  • Assist and participate in security technical planning, assessment and implementation
  • Assist in regularly assessing the strength of YVR’s IT security governance and current processes, procedures and technical controls against NIST 800-53, PCI-DSS and industry best practices, and propose, develop and implement projects and initiatives to remediate control gaps to reduce overall enterprise risk 

Key qualifications include: 

  • BSc in Computer Science or similar bachelor’s degree in a related field with a minimum of 5+ years equivalent of Information Security work experience; or an equivalent combination of training and experience
  • Professional Information Security certifications such as Certified Information Systems Security Professional (CISSP), or GIAC Security Essentials (GSEC) are an asset and preferred
  • 5+ years’ experience with security related appliances such as firewalls, SIEM, IPS, PAM, 2FA, proxy servers with a broad technical knowledge of enterprise-class network and operating system platforms
  • Strong leadership and organizational skills, proven by on-time, on-budget delivery of complex, multidisciplinary projects
  • Knowledge of security, privacy and IT governance frameworks and legislation, such as NIST 800-53, ISO27001, PCI-DSS, privacy legislation
  • Excellent written, verbal and interpersonal skills
  • Excellent analytical skills and attention to detail
  • Proven team player
  • Resourcefulness to produce high quality results without supervision and direction
  • Ability to manage priorities under tight deadlines

This position is open to both Vancouver Airport Authority employees and external candidates. Previous job performance will be taken into consideration for all internal candidates that apply for this position.

Health and safety are at the core of how we operate at YVR. We are committed to ensuring a safe workplace for our workforce and protecting the health and safety of our employees, passengers, partners and community by taking reasonable, preventative measures to reduce the risks associated with COVID-19. All employees are required to be fully vaccinated against COVID-19 unless a valid exemption is granted for those unable to be vaccinated.

Apply online at https://careers.yvr.ca/en/job/vancouver/information-security-specialist/38253/28126842624