Senior Security Advisor – GRC
City : Vancouver, British Columbia
Category : Technology
Industry : Insurance
Employer : Intact Financial Corporation
Our employees are at the heart of what we do best: helping people, businesses and society prosper in good times and be resilient in bad times. When you join our team, you’re bringing this purpose to life alongside a passionate community of experts.
Feel empowered to learn and grow while being valued for who you are– here, diversity is a strength. You have our commitment to support you in reaching your goals with tools, opportunities, and flexibility. It’s our employee promise.
Our hybrid work model provides the balance between working from home and enjoying meaningful in-person interactions.
Read on to see how you can shape the future, win as a team, and grow with us.
About the role
Our growing Cybersecurity Governance, Risk, and Compliance (CGRC) team is looking for an experienced cybersecurity professional who is specialized in a risk advisory and assessment role.
In collaboration with your colleagues, you will help support and promote a strong cybersecurity risk aware culture by providing proper guidance to ensure cybersecurity risks are well understood, documented, and managed, as part of continuously enhancing the company’s overall cybersecurity posture
With a strong knowledge and innovative mindset, you will try new approaches and leverage emerging technologies to help deliver a second-to-none customer experience, shape the future of our industry, and leave your mark.
What you'll do here:
Work in major innovative projects and initiatives involving the company’s core insurance platforms, key IT applications and critical infrastructure by supporting the initiation, design, and implementation phases of the projects to ensure the company’s security requirements are well understood and proper controls are implemented
Act as a solution enabler in a cybersecurity risk advisory role to foster a “security-by-design” culture by providing recommendations, as needed, to the company’s Enterprise, IT & IS Architecture teams as they design architecture diagrams and patterns
Act as a cybersecurity risk assessor by conducting regular and recurring cybersecurity threat risk assessments on major critical applications and IT infrastructure using qualitative, or quantitative, approaches to raise awareness on threats, vulnerabilities, control gaps, and risks via comprehensive written reports
Identify and document cybersecurity risks to support various stakeholders in determining and implementing proper mitigating measures to ensure cybersecurity risks are managed according to the company’s risk appetite
Collaborate with other CGRC team members and contribute to the development of the company’s cybersecurity policies, standards, and procedures to ensure strong cybersecurity governance across the enterprise
Act as an expert to continuously maintain and operate the cybersecurity risk management framework while ensuring alignment with the company’s overall Enterprise & Operational Risk Management frameworks
Support and track risks using the company’s GRC tool and help contribute to improving the workflow and configuration of the tool
Act as an expert to support various IT functions to identify, develop, measure, maintain and report on Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs)
Support various leadership teams in their respective portfolio, as well as the company’s Affiliates as needed, to ensure consistent cybersecurity risk management principles and practices are adopted across the enterprise.
What you bring to the table:
Bachelor's degree in Information Technology, or equivalent education and experience
Technical designations such as CISSP, CRISC, CISA, CISM or equivalent
10+ years of relevant work experience in Information Technology, with at least 5+ years of relevant work experience in cybersecurity. Preference would be given to those individuals who have working experience in a GRC role
Strong knowledge of risk management principles and practices in the areas of IT Infrastructure, Application Development, Cloud Computing (SaaS, IaaS, PaaS), Artificial Intelligence and Big-Data
Strong knowledge of common cybersecurity frameworks (e.g. NIST CSF, ISO, CIS, MITRE Att&CK) while possessing a good understanding of vulnerability assessment calculation mechanisms (e.g. CVSS, EPSS, KEV catalog etc.) and threat modelling techniques (e.g. OCTAVE, Trike, PASTA, STRIDE, VAST etc.)
Good mix of business and technical capabilities, and the ability to communicate on current cyber risk & issues to management within the context of their business portfolio
For candidates located in Quebec, bilingualism is required considering the necessity to interact on a regular basis with English-speaking colleagues across the country
Strong critical thinking while ensuring to analyze complex scenarios with the right level of detail based on the intended audience
Self-Motivated team player who can also work independently while making sure we deliver and win as a team
Able to multi-task and be involved in multiple projects while consistently able to meet deadlines to algin to stakeholder expectations
No Canadian work experience required however must be eligible to work in Canada
#LI-Hybrid
Salary of the successful candidate will typically be positioned between the following range, taking into consideration a number of factors including prior experience, qualifications, anticipated contribution to role, location and internal equity:
$88,500.00 - $132,700.00What we offer
Working here means you'll be empowered to be and do your best every day. Here is some of what you can expect as a permanent member of our team:
A financial rewards program that recognizes your success
An industry leading Employee Share Purchase Plan; we match 50% of net shares purchased
An extensive flex pension and benefits package, with access to virtual healthcare
Flexible work arrangements
Possibility to purchase up to 5 extra days off per year
An annual wellness account that promotes an active and healthy lifestyle
Access to tools and resources to support physical and mental health, embracing change and connecting with colleagues
A dynamic workplace learning ecosystem complete with learning journeys, interactive online content, and inspiring programs
Inclusive employee-led networks to educate, inspire, amplify voices, build relationships and provide development opportunities
Inspiring leaders and colleagues who will lift you up and help you grow
A Community Impact program, because what you care about is a part of what makes you different. And how you contribute to your community should be just as unique.
We are an equal opportunity employer
At Intact, we value diversity and strive to create an inclusive, accessible workplace where all individuals feel valued, respected, and heard.
If we can provide a specific adjustment to make the recruitment process more accessible for you, please let us know when we reach out about a job opportunity. We’ll work with you to meet your needs.
Click here to review other important information about the hiring process, including background checks, internal candidates, and eligibility to work in Canada.
If you are an employee of Intact or belairdirect, please apply for this role on Contact People.