BC Public Service - Internal Job Opportunities

About the BCLDB:

The BC Liquor Distribution Branch (LDB) is one of two branches of government that provide oversight for the beverage alcohol and non-medical cannabis industries in the province. The LDB is responsible for the wholesale distribution of liquor and cannabis, and operates the retails brands BCLIQUOR and BC Cannabis Stores. 

The LDB is committed to government’s goals of making life better for people in B.C., improving services, and ensuring a sustainable province for future generations. The revenue generated by the LDB helps fund essential public services like health care, education, and community programming. Learn more on the LDB careers page.

The LDB’s Information Technology (IT) team consists of 6 competency areas: Enterprise Systems (from infrastructure to application portfolio management), Customer Experience, Enterprise Architecture, Data Analytics & Governance, Software Engineering and Information Security. 5 divisions managed by IT Directors collectively are responsible for all of the 6 competency areas to deliver the IT mandate of supporting LDB’s corporate and business operations and enabling future needs and initiatives.

At present, the IT team consists of more than 200 full-time employees and includes a sourcing strategy to leverage external expertise to ensure the integrated IT team continues to deliver LDB’s strategic initiatives timely and in high quality. Key systems in use by the LDB include Infrastructure and Enterprise Resource Planning (ERP) systems which support our head office, BC Liquor Stores, and BC Cannabis Stores, and Supply Chain Management (SCM) systems which support over 25,000 suppliers of liquor, cannabis products as well as 2,000 wholesale customers and 10,000 hospitality customers. 

About this role:

Advising senior management, the Senior Security Analyst works with business stakeholders and leads the implementation of key branch security strategies and projects. This position comes with a high degree of authority and autonomous decision making. The Senior Security Analyst is responsible for assessing security risks and identifying control requirements and is focused on creating solutions to address control needs.

The Senior Security Analyst in collaboration with IT project teams, architects, and administrators, assesses systems, applications, HW/SW and provides security advice and recommendations to LDB business and IT leadership during the design, development, deployment and maintenance of security and other systems and platforms.  The Senior Security Analyst also leads initiatives to improve the LDB’s information security policies and standards and address the changing scope of security threats and computer technologies.  The Senior Security Analyst works closely with business leaders and technical teams to ensure information security is an integral component of business processes and IT applications.

The work involves considerable complexity, multiple applications and a wide variety of technologies.  The Senior Security Analyst operates within a wide scope of responsibility and all activities of NIST domains, leading the LDB’s security and risk management program to ensure the protection of IT information assets across LDB’s entire operation. 

Working conditions include the need to work outside of core hours, as and when required. Some weekend work may be required to implement changes. A criminal record check is required.

For complete details about this opportunity, including accountabilities, please refer to the attached job description, also located in the Additional Information section at the bottom of the posting.

An eligibility list for permanent or temporary future opportunities may be established.

Position requirements:

Education and Experience:

• Degree in Computer Science, Information Technology, Cybersecurity, or related field with a minimum of 4 years of recent, related experience, together with a current security certification such as CISSP or CISA or CISM or Security+ and Certification in one or more technical disciplines such as CISCO, security (SANS, CSI or other institutes) and/or certification in privacy or information management.*

OR

• A combination of education, training and experience will be considered. i.e., 6 years of recent, related experience* with a diploma or certificate in Computer Science, Information Technology, Cybersecurity or related field, together with a current security certification such as CISSP or CISA or CISM or Security+ and Certification in one or more technical disciplines such as CISCO, security (SANS, CSI or other institutes) and/or certification in privacy or information management.*

*Recent, related experience must have occurred in the last seven (7) years and include the following:

• Experience reporting on vulnerabilities across the organization.
• Experience leading technical projects and/or initiatives.
• Experience with implementation and maintenance/operation of security tools such as Microsoft 365 Defender, etc.
• Experience with assessing and addressing software and hardware vulnerabilities.

Preference may be given to those candidates with any of the following experience: 

• Experience leading Security Threat Risk Assessments (STRA) including identifying and assessment of potential risks, documenting risk ratings and planned treatments and security audits, i.e., penetration testing, PCI compliance audit, segmentation audit etc.
• Experience with a security focus in a Microsoft environment, preferably cloud environment (i.e., Azure).
• Experience leading security awareness, i.e., developing email, internet and/or password policies and procedures, identifying trending cyber threats recognition and response training/education such as company communication on cybersecurity and phishing campaigns.
• Experience with change management processes and/or project management methodologies.
• Experience ensuring business process compliance with information security policies and identifying and addressing security risks.
• Experience with application design and development life cycle.
• Experience with Identity Access Management (IAM).
• Experience with Payment Card Industry Data Security standards (PCI) or other processes including trends, emerging issues and best practices for PCI.

How to Apply & Application Requirements:

To be considered for this position, your application must clearly demonstrate how you meet the education and experience as outlined in the position requirements section above. Applicants selected to move forward in the hiring process may be assessed on the knowledge, skills, abilities and competencies as outlined in the attached Job Description. Applicants must meet the requirements as described below to be considered:

• A cover letter and resume in PDF format is required as part of your application.
• The content and/or format of your cover letter may be evaluated as part of the assessment process.
• Ensure your resume includes your educational accomplishments, employment history including start and end dates (month and year) of your employment, and any relevant information that relates to the job to which you are applying.

For specific position-related enquiries, please contact Jennifer Robinson, HR Advisor at Jennifer.robinson@bcldb.com.

Note: Applications will be accepted until 11:00pm Pacific Time on the closing date of the competition.

Applications must be submitted via email to internalcompetitions@bcldb.com before the close date and time. Your email application must include the following information:

Subject: Non-IDIR Job Application (Requisition Number 122029)

Email Body: Please submit my job application on my behalf for the following job opportunity:

Requisition #: 122029

Job Title:

Ministry Name:

First and Last Name:

Employee Number: