Conseiller Principal, Gestion du Risque de S curit Informatique
Sun Life Financial
99 Welch Ave
Loading some great jobs for you...
la Financi re Sun Life, nous travaillons ensemble, nous partageons les m mes valeurs et nous encourageons la croissance et la r ussite. Nous offrons divers parcours de carri re qui requi rent une grande vari t de talents et de comp tences. Empruntez le parcours qui vous fera briller.
**** Cette description de poste est en anglais seulement, puisque la situation g ographique du lieu de travail exige une ma trise lev e de l'anglais. ****
Reporting to the Director - Security Advisory Services, the Senior Information Security Advisor will be responsible for performing information security risk assessments, providing security consulting services and acting as the subject matter expert (SME) to assigned lines of business within Sun Life. As part of these responsibilities, the Senior Information Security Advisor will interact on a regular basis with senior members of Sun Life business groups, Enterprise Services, and external vendors.
Performs information security risk assessments for projects and initiatives for assigned lines of business within the enterprise:
Participates as the Information Security representative in the Sun Life IT Architecture Stage Gate Process (ASGP) and similar reviews for business groups to ensure required security controls are present in systems, applications, and processes.
Identifies and documents any risks associated with initiatives involving Sun Life systems and external vendors in a risk report for distribution to management.
Manages the security risks identified from information security risk assessments and bring them to closure:
Escalate risks to VPs for acceptance or action plans.
Tracks information security related risks and corresponding action plans with dues dates to ensure that the issues are resolved. Works with the respective business and/or technology owner if dates are not met. Provides reports to the management team outlining the status of information security risks within Sun Life.
Meet with VPs quarterly to report on risks for supported lines of business.
Escalate deviations and significant risks to the CISO for review and approval.
Provides security consulting services to the rest of the organization which includes Sun Life business groups, and peers within Enterprise Services:
Provides support to Sun Life business groups by suggesting ways to improve security by implementing controls to protect sensitive company information from disclosure, modification, and destruction.
Consults broadly with business groups and Enterprise Services using technical expertise to guide and influence implementation of security in wide or high-impact technology decisions and initiatives.
Supports a balanced approach for security controls and support of governance practices and approaches. Continuously promotes and advocates that adequate levels of control mechanisms are in place to safeguard Sun Life.
Provide information security related input into technology vendor selection (RFP).
Provides support to the Sun Life Legal team regarding information security with respect to agreements and contracts.
Minimum 5 years in Information Security, preferably with experience in Information Security Risk Management.
Strong verbal communication - able to interface and negotiate with senior employees at an executive level.
Advanced writing skills with emphasis on report writing.
Strong understanding of existing and emerging Information Security technologies.
Familiarity with contract wording and interpretation of security clauses.
Strong consulting skills and ability to influence a win - win outcome.
Self-starter, strategic thinker, negotiator, and consensus builder.
Ability to understand Sun Life's diverse business units and ability to work with diverse groups.
Must be able to work with the business and interpret technical context into common business language.
Sound knowledge of technologies related to Information Security: encryption, firewalls, intrusion detection/prevention, anti-virus, DDoS, behavioural analysis/advanced malware detection.
Professional designation relating to Information Security (e.g. CISSP, CISM, CISA)preferred.
Diversity and inclusion have always been at the core of our values at Sun Life. A diverse workforce with wide perspectives and creative ideas benefits our clients, the communities where we operate and all of us as colleagues. We welcome applications from qualified individuals from all backgrounds.
Persons with disabilities who need accommodation in the application process or those needing job postings in an alternative format may e-mail a request to ...@sunlife.com.
We thank all applicants for showing an interest in this position. Only those selected for an interview will be contacted.
Services technologiques - TI
* The salary listed in the header is an estimate based on salary data for similar jobs in the same area. Salary or compensation data found in the job description is accurate.