Information Security Advisor

About The Position

Requirements

• Minimum of at least 3+ years experience in Information Security and Information Technology (IT)
• In-depth knowledge of information security and IT principles, protocols, practices, and industry standards
• Experience conducting information security risk assessments, including of cloud-based (SaaS) technologies, e.g. AWS and Azure
• Strong understanding of existing and emerging information security technologies
• Strong communication and negotiation skills with senior staff and executives
• Excellent report writing skills
• Familiarity with contract wording and interpretation of security clauses
• Must be able to work and communicate with various business groups from a non-technical perspective and interpret technical context into common business language
• Self-starter, can work with minimum supervision, strategic thinker, negotiator and consensus builder
• Ability to work with diverse groups
• University degree or college diploma in Computer Science, Engineering, Information Technology, Information Security and Risk Management or comparable professional education/training in a field relevant to IT Security management
• Professional designation relating to Information Security preferred. (e.g., CISSP, CCSP, CISM, CISA)

Responsibilities

• Provide support to Sun Life Business Group through conducting information security risk assessments, reviewing contracts to ensure inclusion of security requirements, performing supplier/third-party risk assessments, and advising on security best practices.
• Assess initiatives/projects to ensure implementation controls aligns with Sun Life Information Security policies and directive requirements.
• Provide security consulting to ensure appropriate security controls are in place to safeguard and protect Sun Life confidential information from intentional or accidental disclosure, modification, or destruction, and improve overall security.
• Provide with reporting to management team on status of information security risk assessments, identified risks, and current work activities.
• Provide preliminary recommendations to the management team on information security related risks.
• Track and manage open information security risks to ensure corresponding risk remediation plans and target dates are in place.
• Work with respective business and/or technology risk owner to ensure risk remediation.

Benefits

• Wellness programs that support the three pillars of your health – mental, physical, and financial
• The opportunity to move along a variety of career paths with amazing networking potential.