Senior Information Security Advisor
City : North York
Category : Full-time
Industry : Finance
Employer : Sun Life Financial
You are as unique as your background, experience and point of view. Here, you’ll be encouraged, empowered and challenged to be your best self. You'll work with dynamic colleagues - experts in their fields - who are eager to share their knowledge with you. Your leaders will inspire and help you reach your potential and soar to new heights. Every day, you'll have new and exciting opportunities to make life brighter for our Clients - who are at the heart of everything we do. Discover how you can make a difference in the lives of individuals, families and communities around the world.
If you believe life is about aiming high and making an impact. At Sun Life Financial, we work together, share common values and help each other grow and achieve goals. With roots tracing back to 1865 in Canada, Sun Life Financial has grown to become an established and trusted name in insurance and financial services, with offices and operations in key markets around the world. We recognize that our growth, success and reputation for excellence are due in large measure to our talented and dedicated employees.
Reporting to the Director, Security Advisory Services, the Sr. Information Security Advisor is aligned with a business unit and conducts and manages the Information Security Risk Assessment (ISRA) and review process, reviews security contracts, conducts suppliers risk assessments, advises on secure software development practices, and reviews emerging security strategies. There is interaction with all Sun Life business groups, including Digital, Application Services, Information Technology, Architecture, Security Architecture, Legal, Compliance and Risk, Privacy, and external service providers and vendors.
The Sr. Information Security Advisor applies privacy and security laws and regulations and assists business units with compliance matters as they relate to Information Security. The key role in this process is to gather technical information for analysis and to make recommendations for action.
What will you do?
- Provides support to Sun Life Business Groups by ensuring alignment with Information Security policies and directives with a specific focus on implementation of controls in applications and infrastructure services. Participates in Sun Life Technology Review Boards, Architecture Leadership Councils and similar processes for the Business Groups to ensure proper technical security controls on systems and applications and processes
- Provides support to Sun Life Business Groups by suggesting ways to implement security requirements to protect Company information from intentional or accidental disclosure, modification, or destruction and improve overall Security. Performs research on issues as needed to ensure suggestions meet necessary business and regulatory requirements
- Consults broadly with the Business Groups and Enterprise Services using technical expertise to guide and influence implementation of security in wide or high-impact technology decisions and initiatives
- Supports a balanced approach for security controls and support of governance practices and approaches. Constantly promoting and advocating that adequate levels of control mechanisms are in place to safeguard the Sun Life Business organization
- Provides the management team with an in-depth analysis of information security trends, the status of identified risks, penetration testing and vulnerability scan results, security incidents, current work activities, and work completed by the department. Provides preliminary recommendations to the management team on information security related risks.
- Participates in the security review and assessment program in support of the Information Security strategy for Sun Life. Plans and schedules specific security assessment of systems, vulnerability identification and assessment considering executive priorities and business needs and IT resources.
- Provides support on IT security events and work with IT and business organization within the Incident Management processes for those events by gathering information for analysis from various internal and external sources.
- Tracks information security related risks and corresponding action plans with dues dates to ensure that the issues are resolved. Work with the respective business and/or technology owner if dates are not met. Provides reports to the management team outlining the status of information security risks within Sun Life.
What you need to succeed
- Minimum 5 years in Information Security, preferably with experience in Information Security Risk Management.
- In depth knowledge of IT Security principles, protocols, practices and industry standards
- Sound knowledge of technologies related to Information Security including encryption, firewalls, intrusion detection/prevention, anti-virus, DDoS, behavioural analysis/advanced malware detection.
- Experience performing risk assessments of cloud based technologies such as Amazon Web Services (AWS)
- Post-secondary education (University degree or college diploma in Computer Science, engineering, IT security management, risk management, or comparable professional education/training in a field relevant to IT Security management)
- Professional designation relating to Information Security (e.g. CISSP, CISM, CISA) preferred.
- Strong verbal communication - able to interface and negotiate with senior employees at an executive level.
- Advanced writing skills with emphasis on report writing.
- Strong understanding of existing and emerging Information Security technologies.
- Familiarity with contract wording and interpretation of security clauses.
- Strong consulting skills and ability to influence a win - win outcome.
- Self-starter, strategic thinker, negotiator, and consensus builder.
- Ability to understand Sun Life's diverse business units and ability to work with diverse groups.
- Must be able to work with the business and interpret technical context into common business language.
- This role requires Canadian Enhanced Reliability Security clearance [a minimum of 5 years of consecutive residency in Canada].
What’s in it for you
- Great Place to Work® Certified in Canada and the US - 2022
- Great Place to Work® award for Best Workplaces for #HybridWork
- 2022 Named “Best Places to Work” by Glassdoor - 2021
- Canada Award for Excellence for Mental Health at Work
- 2021 Flexible hybrid work model including in-country work-from-home if you prefer.
- Pension, stock and savings programs to help build and enhance your future financial security
The Base Pay range is for the primary location for which the job is posted. It may vary depending on the work location of the successful candidate or other factors. In addition to Base Pay, eligible Sun Life employees participate in various incentive plans, payment under which is discretionary and subject to individual and company performance. Certain sales focused roles have sales incentive plans based on individual or group sales results.
Diversity and inclusion have always been at the core of our values at Sun Life. A diverse workforce with wide perspectives and creative ideas benefits our clients, the communities where we operate and all of us as colleagues. We welcome applications from qualified individuals from all backgrounds.
Persons with disabilities who need accommodation in the application process or those needing job postings in an alternative format may e-mail a request to email@example.com.
At Sun Life we strive to create a flexible work environment where our employees are empowered to do their best work. Several flexible work options are available and can be discussed throughout the selection process depending on the role requirements and individual needs.
We thank all applicants for showing an interest in this position. Only those selected for an interview will be contacted.
Salary Range:82,000/82 000 - 135,000/135 000
Job Category:IT - Technology Services
Posting End Date:16/10/2023