TECHNICAL LEAD AND PRODUCT OWNER, IT SECURITY - OPERATIONS – DLP

We are banking at another level.

Choosing BDC as your employer means working in a healthy, inclusive, and skilled workplace that puts forward the best conditions to bring together unique teams where employees are empowered to act. It also means being at the centre of ambitious economic and financial projects to see further and to do things differently, to fuel the success of Canadian entrepreneurs.

Choosing BDC as your employer also means:

• Flexible and competitive benefits, including an Employee Savings and Investment Plan where BDC matches part of your voluntary contributions, a Defined Benefit Pension Plan, a $750 wellness and health care spending account, to name a few   
• In addition to paid vacation each year, five personal days, sick days as necessary, and our offices are closed from December 25 to January 1
• A hybrid work model that truly balances work and personal life
• Opportunities for learning, training and development, and much more... 
• Explore the BDC Way in our Culture Book

Position Overview

The PO/Tech Lead, IT Security – Operations is responsible for the day-to-day security activities that ensure that BDC's technology environment is well protected. This position centralizes activities, escalates major incidents, designs processes, writes procedures, collects and analyzes information on the technology used by BDC and makes recommendations to its management. Finally, she takes on the role of leader of the DLP team and is the link between the technical teams and the business units involved.

Challenges To Be Met

• As a Product Owner, based on the Target Operating Model, centralize DLP development activities, whether they are related to operations, implementations, updates, etc.
• Communicate with the TOM-related support with the bank's various IT teams, making sure to meet the delivery deadlines imposed.
• Develop and draft processes and procedures related to information protection operations.
• Regularly check and analyze all systems and application logs to identify suspicious activity and recommend solutions to eliminate or mitigate risks.
• Produces dashboards, KPIs, and statistics for senior management, based on application logs. Connect the different platforms with the PowerBI tool and offer data models.
• Perform technical and digital analysis during investigations upon request and produce all necessary documents and evidence to support the investigation and meet the needs of the investigation.
• Develop information security awareness and training strategies for all stakeholders, in particular by collaborating with the Training & Awareness department on training content and orienting it on trends detected and statistical analyses,
• Develop and implement detection policies, procedures and rules by following international news, ongoing threats, or internal observations of behaviors to be improved,
• Secure the assets of the BDC, as part of international travel controls. Rigorously document the systems related to these controls and collaborate with the technical and human resources teams to ensure their sustainability.
• Coordinate and track all audits related to information security.
• Work with the vendor to ensure that data loss prevention (DLP) rules are appropriate and working as expected.
• Monitor and mitigate insider threat alerts and document investigations while maintaining a high level of confidentiality.
• Respond to emergency situations as needed, in order to identify, assess and mitigate critical data protection issues.
• Performs other related duties as assigned.

What We Are Looking For

Technical Skills:

• Minimum of 10 years of experience in IT, including 5 years in network and/or security
• Must have a strong background with at least one of the leading DLP tools: O365 – PureView, CASB; other DLP tools/services are an asset
• One of the following certifications is an asset: GSEC, GPPA, GCIA, GCWN, GMON, GCDA, OSCP
• Familiar with cyber executives such as ATT&CK, Cyber Kill Chain, and Diamond Model
• Leadership, autonomy, vigilance, team spirit, ability to see the big picture and discretion

General Skills:

• Ability to communicate information and complex situations to stakeholders and different levels of management.
• Ability to lead and supervise a team of 4 to 5 people.
• Knowledge of open source platforms
• Sense of priorities, understanding of issues, criticality and impact
• Strong working knowledge of networking technologies
• Strong experience with the Windows platform
• Open source knowledge
• Ability to share information with peers and transfer knowledge
• Ability to process multiple requests and manage priorities
• Ability to translate and integrate theory into the specifics and tactical realities of IT operations
• Ability to communicate effectively in both official languages
• Concerns with writing documentation and practice processes

Why Join Bdc?

• Play a leading role in the development and maturation of the bank's Data Leak Protection (DLP) program
• Work with a dynamic, cross-functional cybersecurity team at one of Canada's Top Employers
• Access to state-of-the-art security technology
• Competitive benefits, including hybrid work, pensions, wellness programs, and continuous learning opportunities

Proudly one of Canada’s Top 100 Employers and one of Canada’s Best Diversity Employers, we are committed to fostering a diverse, equitable, inclusive and accessible environment where all employees can thrive and feel empowered to bring their whole selves to work. If you require an accommodation to complete your application, please do not hesitate to contact us at accessibility@bdc.ca.

While we appreciate all applications, we advise that only the candidates selected to participate in the recruitment process will be contacted.