About Us:
With $295.0 billion of gross assets under management, as of March 31, 2025, British Columbia Investment Management Corporation (BCI) is the provider of investment management services for British Columbia’s public sector and one of the largest asset managers in Canada. BCI seeks investment opportunities around the world and across a range of asset classes that convert savings into productive capital. Our investment returns play a significant role in helping our institutional clients build a financially secure future for their beneficiaries.
Headquartered in Victoria, British Columbia, and with teams spanning Vancouver, New York, London, and Mumbai.
BCI integrates environmental, social, and governance (ESG) factors into all investment decisions to meet clients' risk and return requirements. Our people shape employee-focused initiatives, creating a strong culture. To learn more about our culture and values, visit our BCI Values in Action page.
POSTING CLOSE DATE: May 21, 2026
BCI is looking for a senior security professional who thrives in complex, high-stakes environments. You will engineer and defend security solutions across cloud and hybrid infrastructure for one of Canada’s largest institutional investors, with real autonomy, real impact, and a team that takes the craft seriously. There is a strong preference for this position to be based in Victoria, BC, though we will consider qualified candidates based in Vancouver, BC, with occasional travel between both locations expected.
The Technology department is a strategic partner with BCI’s business areas. It enables investment processes and business activities that contribute to the achievement of BCI’s mission and long-term goals. The department creates the digital capabilities that support and enable BCI to innovate, modernize service and product offerings guided by best practices, and drive a digitally empowered workplace through new collaboration and productivity ecosystems. The department is also responsible for providing the foundational infrastructure, systems, business applications, and advanced technologies for the front, middle, and back office.
Reporting to the Senior Manager, Cyber Security Engineering & Operations, the Security Engineer is responsible for security processes, technologies, and projects with various levels of complexity. The Security Engineer will be instrumental in developing security requirements and designing and implementing security solutions.
The Security Engineer collaborates and communicates with business and technology teams in an Agile hybrid environment and enables the effective and efficient delivery of secure, quality products. At all levels, the Security Engineer may be assigned to one or more focus areas requiring additional specialized expertise and responsibilities.
Note on Candidate Consideration: While the primary focus of this search is at the senior level, candidates who have fewer than 5 years of experience in a relevant role will also be reviewed. The successful candidate’s title and accountabilities will be determined based on the depth and breadth of their experience.
Bachelor’s degree in technology, engineering, computer science, or a related field
A minimum of 5 years of experience in progressively senior technical roles with responsibility focused on information security processes, products, and projects
Very strong knowledge in engineering secure systems
Experience with securing cloud environments (MS Azure)
Must have excellent documentation, customer-service, listening, communication and problem-solving skills
Must be able to implement programs, security technologies and solutions to measure and sustain the security posture of large, complex environments
Experience with Agile methods (Scrum) and DevOps practices is an asset
Professional certifications such as Global Information Assurance Certification (GIAC), Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professional (OSCP), Certified Information Security Manager (CISM) or equivalent experience is essential
Must have some combination of strong hands-on experience with at minimum 4 or 5 of the following skills or technologies:
Identity and access management systems for hybrid environments
Secure coding practices
Systems engineering
Ethical vulnerability research and threat modeling
Windows, UNIX, and Linux operating systems security, virtualization technology security, container security and serverless computing security
Privileged access management systems for hybrid environments
EDR and/or other endpoint protection technologies
Firewall, intrusion protection and intrusion detection systems
Zero Trust system design
Cloud Native Application Protection Platform (CNAPP) systems
Secure application design principles
Data Classification and DLP solutions
Enterprise vulnerability management, including vulnerability assessment, remediation, and reporting
Incident response
Various networking technologies, including subnetting, NAC, DNS, encryption technologies and standards, VPNs, VLANs, VoIP and other network routing methods
Phishing and social engineering
Development of new and innovative ways to solve existing production security issues as well as evaluate new technologies and processes that enhance security capabilities
Develops technical security requirements for new products, tools and services envisioned for implementation at BCI
Help and guide projects during solution design phase
Collaborates and coordinates with application, operations, and product teams to provide guidance on the development of secure product designs that meet security requirements
Architects, analyzes, and recommends security controls and procedures in business processes related to the use of information systems and assets, and monitors for compliance
Provides technical leadership, mentoring and coaching to team members and creates a culture of customer-centricity, accountability, and high performance
Ability to communicate complex security issues and develop security user stories in language that non-technical stake holders can understand
Ability to deliver and test security solutions in alignment with industry security standards
Ability to respond to information security issues at each stage of a project’s lifecycle
Proactively identifies risks and issues and proposes solutions to remove barriers
Performs validation and tuning of security testing tools to provide accurate and actionable results that drive improvements to BCI’s overall security posture
Performs security monitoring of solutions and participates as a subject matter expert in security incident response scenarios
Ensures that all application and infrastructure solutions are stable, secure, and compliant with security standards and policies
Undertakes special projects or assignments as required
Ability to document designs as well as produce technical reports in support of security initiatives
Performs other related duties as required
There is a strong preference for Victoria, BC; however, we will consider Vancouver, BC for the right candidate, with the expectation of occasional travel to Victoria. We are an in-person collaborative organization with the flexibility to work remotely one day a week.
The annualized base salary range for this Victoria or Vancouver-based role is CAD $135,000 to $160,000 at the senior level, and CAD $125,000 to $150,000 if you have fewer than the required years of experience.
BCI offers a competitive total rewards package, including a performance-based incentive plan, comprehensive health & dental benefits, a defined benefit pension plan, and paid time off. We pay our people competitively in the markets in which we operate and with consideration for internal equity and job structure. The base salary will consider factors such as the individual's skill set, experience, and internal equity. We aim for actual pay to be around the market median for expected performance and the upper quartile for excellent performance. Actual salaries may vary based on experience and expertise.
Next Steps:
To apply online, please submit your resume promptly. Applications will be actively reviewed, and those selected for an interview will be contacted. We welcome all qualified candidates who are legally authorized to work in the country where this job is located. If you do not have authorization, or if your work permit has restrictions or is due to expire within 12 months, please inform our recruitment team if shortlisted.
At BCI, we value diversity and foster an inclusive culture where all employees can thrive. We are performance and client-focused, valuing integrity, and we want to know you if you share these values. We recognize that some skills can be learned on the job and encourage everyone to apply. If you require accommodations for the recruitment process, such as alternate formats of materials or accessible meeting rooms, please contact us at hr@bci.ca.
To learn more about working with BCI, including our comprehensive benefits packages, our commitment to equity, diversity and inclusion and the recruitment process visit our BCI Careers Page.
BCI does not accept unsolicited resumes or candidate submissions from third-party recruitment agencies, executive search firms, or staffing suppliers unless they have an existing contractual agreement with our organization. Our approved vendor relationships are established for particular recruitment requirements and do not extend to general job postings on our website or other platforms. Any candidate information or resumes submitted by suppliers not approved by BCI will be deemed unsolicited and will not be reviewed or considered. BCI will not be liable for any fees, commissions, or charges related to unsolicited candidate submissions or recruitment services.