Security and Privacy Manager

*This position can be located in Vancouver or Victoria, BC*

About us:

TI Corp is a public sector crown corporation dedicated to effectively planning, resourcing and managing the delivery of major infrastructure projects across British Columbia. With over $13 billion in major infrastructure developments, we are committed to upholding the highest standards of information security and privacy.

Position Overview:

We are looking for a highly skilled and motivated Security and Privacy Manager to join our Information Management team. In this pivotal role, you will have the opportunity to develop, implement, and maintain TI Corp’s information security and privacy framework. Your primary focus will be ensuring compliance across the organization and safeguarding our critical information assets.

Why Join Us?

• Impactful Work - play a crucial role in safeguarding the information security and privacy of a major public sector organization.
• Professional Growth - utilize your expertise and experience to enhance our security and privacy practices and help us build capacity within the public sector.
• Collaborative Environment - work within a dynamic team committed to excellence and innovation in the public sector.
• Competitive Compensation - receive a comprehensive benefits package and competitive salary.
• Organizational values – share in values that are clear and that resonate across the organization.

What we offer:

• Vacation starts at five weeks and with an additional one day per year of service to a maximum of six weeks.
• TI Corp is dedicated to professionally growing staff and building internal capacity, through mentorship, active succession planning, learning and development financial assistance, and membership dues.
• Extended health and dental benefits plus a $1000 Health Spending Account annually.
• We are part of the BC Public Sector Pension Plan – if you join us from other Public Service or Public Sector organizations who are part of this pension plan, your pension will continue seamlessly.
• Hybrid work arrangement with the ability to work from home two days a week following an orientation period.
• Top-up allowance for maternity and parental leave.
• Free travel insurance for full-time employees.

Key Responsibilities:

• Develop, implement, and maintain a comprehensive security and privacy framework including policies, procedures, and standards.
• Advise, guide and interpret all aspects of information security and privacy, including information technology disaster recovery and business continuity planning.
• Plan and conduct various security and privacy related assessments (e.g., Security Threat and Risk Assessments (STRAs), Privacy Impact Assessments (PIAs), and Information Sharing Agreements (ISAs)) to determine risks and provide mitigating solutions and recommendations as needed.
• Provide advice and interpretation to TI Corp regarding the Freedom of Information and Protection of Privacy Act (FOIPPA), its regulation, related policies and procedures, and its interactions with other enactments.
• Develop and implement a comprehensive security and privacy awareness and training program to integrate security and privacy requirements into business processes.
• Maintain an inventory of TI Corp’s assessments and personal information banks.
• Review security measures and updates ensuring new and emerging security threats are addressed and recommend the appropriate course of action.
• Provide advice for inclusion and adequacy of security and/or privacy clauses into contracts and project agreements.
• Develop standards and procedures for responding to security and privacy incidents, ensuring the application of corrective measures to prevent recurrence, providing guidance to program areas to meet incident reporting policy and procedure requirements, and helping with investigations into privacy and security incidents.
• Perform internal assessments to monitor TI Corp’s compliance with its security and privacy policies.
• Provide authoritative advice to program areas on security threats, regulatory requirements and technology changes that may affect the security of electronic applications.
• Represent TI Corp on committees, work groups and task forces to develop corporate security and privacy policies, standards, guidelines, procedures, and other outputs.
• Manage resources and project teams of information security and/or privacy professionals, manage contracts and service providers to meet project deliverables and objectives.
• Supervise staff including directing and assignment of work and performance management, development and evaluation.

You will have a background in:

• A degree in a computer science related field and considerable experience in information security and/or information privacy, or an equivalent combination of education and experience.
• Information Security and/or Privacy Certifications such as Systems Security Certified Practitioner (SSCP) or Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) or Certified Information Privacy Professional/Canada (CIPP/C), BC Information Privacy Certificate or equivalent would be an asset.
• Recent experience with reviewing and developing security threat and risk assessments and privacy impact assessments.
• Experience building and maintaining relationships with a wide range of stakeholders in a workplace.
• Experience with the Freedom of Information and Protection of Privacy Act (FOIPPA) and related regulations, policy and procedures.
• Experience in a Microsoft environment.
• Experience with all aspects of IT security including current technologies and best practices.
• Experience with the installation, configuration, maintenance and problem resolution of hardware, software, operating systems, and network components.
• Experience with architecture development processes, information management technologies and security foundations.
• Knowledge of change management processes and project management methodologies.
• Knowledge of application design and development life cycle.

Note:

• You must be legally authorized to work in Canada.