At BCLC, we play fair. We believe that playing fairly is a serious responsibility and an empowering opportunity. Our commitment to social, economic and environmental responsibility is central to all we do and captured in our slogan “Playing it Right”. From our LEED Metro Vancouver office, to our responsible gambling program, GameSense, we are committed to ensuring that we always consider the impact of our business on the people and communities of BC. At BCLC, we play for BC. We employ—directly and indirectly—almost 26,000 people in gambling operations, related government agencies and charities as well as support services.
At BCLC, we make it fun to be an adult. For close to 30 years, we’ve entertained customers with a chance to dream and have fun, while delivering revenue to the Government of BC for the benefit of British Columbians. During this time, we’ve evolved from a lottery corporation to a full-spectrum gambling entertainment company responsible for conducting, managing and operating lottery, casino, community gaming (bingo) and eGaming in BC. We strive to create outstanding gambling experiences and to have our games evolve with the player’s idea of excitement. For us, playing is not all about winning; it’s about entertainment.
The Senior Information Privacy and Security Analyst role supports BCLC’s information privacy and security program.The role performs senior level duties related to information security program and Payment Card Industry compliance, performs risk-management assessments, and acts as a subject-matter expert on information security best practices.
- Performs technical vulnerability assessments and co-ordinates penetration testing activities on BCLC systems as required and reports on the results to the Information Privacy and Security (IPS) management team and relevant business units.
- Completes information privacy and security assessments on key initiatives and high-profile projects and recommends activities to reduce or mitigate identified risks.
- Co-ordinates Payment Card Industry (PCI) activities, such as scans and assessments. Works on related projects as required.
- Helps protect BCLC’s information assets against unauthorized/accidental alteration, loss, disclosure or destruction.
- Provides technical information to auditors and regulators as directed by the Information Privacy and Security management team.
- Assists with developing policies, standards, procedures and guidelines.
- Acts as a subject-matter expert and mentors other departmental employees. Responds to complex requests and handles escalations for major issues.
- Maintains currency on trends and emerging issues, identifies requirements, options, implications, costs and develops recommendations, business cases, etc., on contentious or high-profile privacy and information security matters.
- Promotes a culture of information security awareness throughout BCLC.
Education and Experience
- A degree or diploma in information security or equivalent in a related discipline;
- Certifications, such as CISSP, CRISC, CISM, CIPP and relevant GIAC certifications, are desirable;
- 4-6 years of progressive experience in information security;
- Experience assessing the security of cloud computing, SaaS and mobile applications;
- Experience producing information security metrics and reporting;
- Experience working with information security systems: SIEM, DLP, IDS/IPS is desirable;
- Payment Card Industry (PCI) experience is desirable;
- An equivalent combination of education and/or experience may be considered.
- Strong knowledge of information security frameworks, and security standards and regulations related to data privacy and security;
- Excellent oral and written communication skills, including the ability to write reports and document procedures;
- Proven ability to deal with highly sensitive matters with a high degree of tact and diplomacy;
- Excellent organizational skills with the ability to prioritize items;
- Excellent innovation in problem solving and analytical thinking;
- General business acumen;
- Excellent ability to manage relationships at all levels with customers, leaders, contractors and team members to effect change.