Senior Manager, Cyber Security Product & Innovation

About Us:

With $295.0 billion of gross assets under management, as of March 31, 2025, British Columbia Investment Management Corporation (BCI) is the provider of investment management services for British Columbia’s public sector and one of the largest asset managers in Canada. BCI seeks investment opportunities around the world and across a range of asset classes that convert savings into productive capital. Our investment returns play a significant role in helping our institutional clients build a financially secure future for their beneficiaries.

Headquartered in Victoria, British Columbia, and with teams spanning Vancouver, New York, London, and Mumbai.

BCI integrates environmental, social, and governance (ESG) factors into all investment decisions to meet clients' risk and return requirements. Our people shape employee-focused initiatives, creating a strong culture. To learn more about our culture and values, visit our BCI Values in Action page.

POSTING CLOSE DATE: June 4, 2026

This role is for builders, not gatekeepers. If you’ve built security programs with limited resources, conducted hands-on risk assessments for vendors, SaaS platforms, AI solutions, and software products, and earned your credibility by saying “yes, and here is how safely” rather than defaulting to “no,” you will feel at home here. We are looking for someone whose instincts were sharpened in a leaner, more entrepreneurial setting where resourcefulness and partnership mattered more than inherited process and where you owned the work end to end. A background in software development will set you apart. This is a working leadership role at the head of a small, high-impact team, and we have a strong preference for someone excited to be based at BCI’s headquarters in Victoria, BC, one of Canada’s most livable cities.

WHO YOU GET TO WORK WITH

The Technology department is BCI's innovation catalyst and digital transformation engine, pioneering the future of institutional investment through cutting-edge technology solutions. We architect next-generation platforms powered by AI and cloud-native technologies that drive investment excellence and operational efficiency.

As a strategic partner across all areas of BCI's business, we don't just implement technology—we envision breakthrough digital experiences of the future. Our department leads digital transformation initiatives, creates intelligent automation solutions, and builds secure, scalable infrastructure that supports everything from identifying investment opportunities and decision-making, portfolio management to risk analysis, trade processing, and regulatory reporting.

We cultivate digitally empowered workplaces through advanced collaboration ecosystems and productivity platforms, enabling our Technology and business teams to thrive in tomorrow's investment landscape.

THE OPPORTUNITY

Reporting to the Vice President, Cyber Security, the Senior Manager, Cyber Security Product & Innovation is a senior leadership role with an explicit mandate to position security as an enabler of innovation at BCI. This role serves as the primary security partner for product, data, AI, business and technology initiatives, engaging early in the design and requirements phases to ensure that security is embedded into new capabilities rather than applied as a late-stage gate.

The Senior Manager leads a team responsible for application security, vendor, product and AI risk assessments, DevSecOps integration, and the development of reusable secure-by-design patterns. The role operates with a "yes, and here is how safely" orientation, translating security risk into plain-language, business-navigable options that allow BCI's technology and innovation teams to move with speed and confidence.

This role owns the security advisory relationship with BCI's product, data engineering, and innovation functions and is accountable for resolving security impasses at the working level, escalating to the VP, Cyber Security only where risk falls outside approved appetite thresholds.

WHAT YOU BRING

• Degree, diploma, or certification in Computer Science, Information Security, or an equivalent combination of education and relevant experience

• 8+ years of progressive experience in cyber security, with a minimum of 3 years in a people leadership role

• Demonstrated experience in application security, DevSecOps, or product security within a complex technology environment

• Proven ability to translate technical security risk into business-relevant language and options for non-technical stakeholders

• Strong relationship management and influencing skills, with experience working across product, engineering, and business functions

• Experience conducting security risk assessments for systems, applications, and AI/ML solutions

• Relevant certifications such as CISSP, CISM, CSSLP, or equivalent are an asset

Technical Skills         

A combination of knowledge and/or hands-on experience is desired across the following areas:

• Application security principles and practices including OWASP, threat modelling, secure SDLC, and DevSecOps integration

• Security risk assessment methodologies for systems, applications, SaaS platforms, and AI/ML solutions

• Knowledge of AI governance frameworks, model risk considerations, and data handling requirements for AI use cases

• Cloud security principles, particularly in Azure and SaaS environments

• Familiarity with security frameworks and standards including NIST CSF, ISO 27001, CIS Controls, and Zero Trust architecture

• Experience with DevSecOps tooling and CI/CD pipeline security integration

• Understanding of API security, identity and access management principles, and data classification frameworks

• Experience with vendor risk assessment processes and third-party security evaluation

WHERE YOU WILL WORK

This role will be based in our office in downtown Victoria, BC. We are an in-person collaborative organization with the flexibility to work remotely one day a week.

SALARY RANGE

The annualized base salary range for this Victoria-based role is CAD $135,000-$160,000

BCI offers a competitive total rewards package, including a performance-based incentive plan, comprehensive health & dental benefits, a defined benefit pension plan, and paid time off. We pay our people competitively in the markets in which we operate and with consideration for internal equity and job structure. The base salary will consider factors such as the individual's skill set, experience, and internal equity. We aim for actual pay to be around the market median for expected performance and the upper quartile for excellent performance. Actual salaries may vary based on experience and expertise.

Next Steps:

To apply online, please submit your resume promptly. Applications will be actively reviewed, and those selected for an interview will be contacted. We welcome all qualified candidates who are legally authorized to work in the country where this job is located. If you do not have authorization, or if your work permit has restrictions or is due to expire within 12 months, please inform our recruitment team if shortlisted.

At BCI, we value diversity and foster an inclusive culture where all employees can thrive. We are performance and client-focused, valuing integrity, and we want to know you if you share these values. We recognize that some skills can be learned on the job and encourage everyone to apply. If you require accommodations for the recruitment process, such as alternate formats of materials or accessible meeting rooms, please contact us at hr@bci.ca.

To learn more about working with BCI, including our comprehensive benefits packages, our commitment to equity, diversity and inclusion and the recruitment process visit our BCI Careers Page.

BCI does not accept unsolicited resumes or candidate submissions from third-party recruitment agencies, executive search firms, or staffing suppliers unless they have an existing contractual agreement with our organization. Our approved vendor relationships are established for particular recruitment requirements and do not extend to general job postings on our website or other platforms. Any candidate information or resumes submitted by suppliers not approved by BCI will be deemed unsolicited and will not be reviewed or considered. BCI will not be liable for any fees, commissions, or charges related to unsolicited candidate submissions or recruitment services.