Security Specialist

West Fraser places the highest importance on the confidentiality, availability, and integrity of customer, company, and employee information. As a member of West Fraser’s Cyber Security team, you will play a critical role in ensuring that this information is secure while enabling technology and business partners to innovate, drive sales, and safely maintain operations throughout our facilities.

The **Security Specialist** plays a critical role in safeguarding our organization's information assets by proactively identifying, assessing, and mitigating cybersecurity risks. This position is focused on **risk management, compliance, and governance**, ensuring that our organization remains compliant with regulatory frameworks (such as SOX) and is adequately protected from emerging cyber threats.

This position is instrumental in protecting our organization from the ever-evolving cyber threat landscape and operates under the direct supervision of the Principal Architect, Governance, Risk & Compliance.

**You'll Do**:
**IT General Controls Compliance**
- Ensure that the organization's IT controls comply with applicable regulatory requirements, including Sarbanes-Oxley (SOX) and other industry standards.
- Collaborate with stakeholders to assess the effectiveness of IT controls and remediate any identified gaps in compliance.
- Document and maintain evidence of compliance activities, including control testing and remediation efforts, to support regulatory audits.
- Assist in the development of policies and procedures that ensure proper data management and reporting practices in line with compliance requirements.

**Security Risk Management**:

- Assist in conducting security risk assessments focused on IT General Controls (ITGCs), helping to identify potential threats and vulnerabilities affecting the organization’s IT infrastructure.
- Support collaboration with stakeholders to evaluate and rate the likelihood and impact of identified risks associated with ITGCs.
- Contribute to the documentation and reporting of IT-related risks, ensuring they are properly tracked and communicated for remediation.
- Aid in the development and implementation of risk mitigation strategies and controls specific to ITGCs, while monitoring progress to ensure timely follow-up and compliance.

**Security Awareness and Training**:

- Assist in designing and delivering engaging security awareness training programs for employees at all levels of the organization.
- Help develop training materials on key topics such as password security, social engineering threats, data protection, and incident reporting.
- Utilize various delivery methods (e.g., presentations, online modules, videos, newsletters) to promote engagement and support knowledge retention.
- Participate in conducting regular phishing simulations to help assess employee awareness and resilience against cyberattacks.

**Cybersecurity Metrics**:

- Support the definition and tracking of relevant cybersecurity metrics to assess the effectiveness of security controls and identify improvement areas.
- Help prepare reports on metrics such as incident trends, training participation, vulnerability assessments, and risk mitigation progress for management review.

**You have**:
Minimum of 2 years of experience in one or more of the following areas:

- IT Advisory/ IT Assurance
- Provisioning Identity and Access Management and Change Management
- Performing risk assessments
- Control Owner/Performer for ITGC

Strong understanding of cybersecurity principles, best practices, and risk management frameworks.

Experience in conducting security risk assessments and developing risk mitigation strategies.

Knowledge of regulatory compliance requirements, such as SOX.

Familiarity with GRC systems and access control management.

Excellent communication and interpersonal skills.

Ability to present technical concepts to non-technical audiences.

**Additional Skills (preferred)**:

- Experience with security awareness training and phishing simulations.
- Knowledge of cybersecurity metrics and reporting.
- Relevant industry certifications (e.g., CRISC, CISA, CGEIT, CEH, etc.)

**Work Conditions**:

- Office based
- Posting locations: Vancouver BC or Quesnel BC

**_Compensation Package:_**
- _The salary range for this position may vary depending on experience, education, and location. The annual salary range is between $80,000 and $120,000._
- _Annual bonus opportunity_
- _Outstanding benefits package including medical, dental, pension, life insurance, disability, accident insurance, vacation, and holidays_

**Your Workplace Location**:
Nestled amidst captivating natural beauty, Vancouver is a city that promises an enchanting experience to its visitors. Its balmy climate, coupled with the warm hospitality of its people, has earned it a reputation as one of the most sought-after tourist destinations in the world. However, Vancouver's appeal doesn't just end there. The city boasts of a vibrant cultur