Reporting to the Director - Security Advisory Services, the Senior Information Security Advisor will be responsible for performing information security risk assessments, providing security consulting services and acting as the subject matter expert (SME) to assigned lines of business within Sun Life. As part of these responsibilities, the Senior Information Security Advisor will interact on a regular basis with senior members of Sun Life business groups, Enterprise Services, and external vendors.
Performs information security risk assessments for projects and initiatives for assigned lines of business within the enterprise:
- Participates as the Information Security representative in the Sun Life IT Architecture Stage Gate Process (ASGP) and similar reviews for business groups to ensure required security controls are present in systems, applications, and processes.
- Identifies and documents any risks associated with initiatives involving Sun Life systems and external vendors in a risk report for distribution to management.
Manages the security risks identified from information security risk assessments and bring them to closure:
- Escalate risks to VPs for acceptance or action plans.
- Tracks information security related risks and corresponding action plans with dues dates to ensure that the issues are resolved. Works with the respective business and/or technology owner if dates are not met. Provides reports to the management team outlining the status of information security risks within Sun Life.
- Meet with VPs quarterly to report on risks for supported lines of business.
- Escalate deviations and significant risks to the CISO for review and approval.
Provides security consulting services to the rest of the organization which includes Sun Life business groups, and peers within Enterprise Services:
- Provides support to Sun Life business groups by suggesting ways to improve security by implementing controls to protect sensitive company information from disclosure, modification, and destruction.
- Consults broadly with business groups and Enterprise Services using technical expertise to guide and influence implementation of security in wide or high-impact technology decisions and initiatives.
- Supports a balanced approach for security controls and support of governance practices and approaches. Continuously promotes and advocates that adequate levels of control mechanisms are in place to safeguard Sun Life.
- Provide information security related input into technology vendor selection (RFP).
- Provides support to the Sun Life Legal team regarding information security with respect to agreements and contracts.
- Minimum 5 years in Information Security, preferably with experience in Information Security Risk Management.
- Strong verbal communication - able to interface and negotiate with senior employees at an executive level.
- Advanced writing skills with emphasis on report writing.
- Strong understanding of existing and emerging Information Security technologies.
- Familiarity with contract wording and interpretation of security clauses.
- Strong consulting skills and ability to influence a win - win outcome.
- Self-starter, strategic thinker, negotiator, and consensus builder.
- Ability to understand Sun Life's diverse business units and ability to work with diverse groups.
- Must be able to work with the business and interpret technical context into common business language.
- Sound knowledge of technologies related to Information Security: encryption, firewalls, intrusion detection/prevention, anti-virus, DDoS, behavioural analysis/advanced malware detection.
- Post-secondary education.
- Professional designation relating to Information Security (e.g. CISSP, CISM, CISA)preferred.