Manager, Information Security Risk


Offre publiée le 2024-06-26

Sun Life

Sun Life

Sun Life is a financial services company providing financial planning, life insurance, health insurance, investments and more.

View company page

You are as unique as your background, experience and point of view. Here, you’ll be encouraged, empowered and challenged to be your best self.

You'll work with dynamic colleagues - experts in their fields - who are eager to share their knowledge with you. Your leaders will inspire and help you reach your potential and soar to new heights.

Every day, you'll have new and exciting opportunities to make life brighter for our Clients - who are at the heart of everything we do.

Discover how you can make a difference in the lives of individuals, families and communities around the world.

Job Description : About the role :

About the role :

The role is in the second line of the three lines of defense model and is required to strengthen the second line Information Security Risk Management program.

Oversight of this key operational risks will be delivered by independently reviewing, challenging, and reporting on Sun Life’s management of these risks.

What will you do?

  • Direct the execution and maintenance of the second line’s Information Security Risk Management program :
  • Assist in annual challenge of Information Security Risk Policy, Enterprise Operating Guideline and supporting Directives
  • Conduct proactive, integrated challenge of key first line activities including incident handling and key strategic projects
  • Assist in challenge of middle and senior management’s Risk and Control Self Assessments (RCSA)
  • Collaborate with the first line of defense (1LOD) to establish and renew KRIs
  • Challenge and report on significant and material information security incidents and Operational Risk Events (OREs)
  • Recommend new first line processes for oversight
  • Maintain real-time dashboard of Information Security Risk profiles across Sun Life’s Business Groups
  • Assist in conducting annual NIST Cyber Security Framework challenge and report on significant and material observations and gaps
  • Stay current with industry best practices and trends
  • Establish influential relationships with key stakeholders. Influence innovative solutions in response to constraints and conduct challenges in a professional manner
  • Apply creative problem-solving skills to broadly defined and occasionally nebulous problems.
  • Aggregating and authoring information security risk information for quarterly reporting and providing challenge as appropriate for key forums

What do you need to succeed?

  • 5 years of cyber information security and / or risk management experience
  • Information security professional certifications, such as CISSP
  • Practical first line experience managing information security functions and / or programs is essential
  • Expert knowledge of global information security standards and requirements (e.g., regulatory) and industry best practices
  • A strong understanding of :
  • Risk and Control Self Assessments (RCSAs)
  • Operational Risk Events
  • Key Risk Indicators
  • Scenario Analysis
  • Effective presentation, communication, negotiation, and conflict management skills

Preferred Skills :

Broad experience in information security processes (e.g., risk management, pen testing, vulnerability scanning) and controls (e.

g., IDS, SIEM , anti-malware, system hardening), and knowledge of systems at Sun Life is an asset

What's in it for you?

  • Hybrid work environment
  • Being a member of the Sun Life family, a group of people united by our Purpose : to help Clients and Employees achieve lifetime financial security and live healthier lives
  • Flexible Benefits from the day you join to meet the needs of you and your family
  • Wellness programs that support the three pillars of your health mental, physical and financial
  • A friendly, collaborative, and inclusive culture
  • The opportunity to move along a variety of career paths with amazing networking potential
  • Access to our Global Learning Centre, available 24 / 7 for your learning needs

Recent Awards :

  • We are honoured to be recognized as a 2022, 2023 and 2024 Best Workplaces in Canada by Great Place to Work Canada
  • Great Place to Work list for Best Workplaces for #HybridWork 2022
  • Great Place to Work list for Best Workplaces for Professional Development in Canada 2022
  • Named Best Places to Work by Glassdoor, 2021 and 2023

The Base Pay range is for the primary location for which the job is posted. It may vary depending on the work location of the successful candidate or other factors.

In addition to Base Pay, eligible Sun Life employees participate in various incentive plans, payment under which is discretionary and subject to individual and company performance.

Certain sales focused roles have sales incentive plans based on individual or group sales results.

Diversity and inclusion have always been at the core of our values at Sun Life. A diverse workforce with wide perspectives and creative ideas benefits our clients, the communities where we operate and all of us as colleagues.

We welcome applications from qualified individuals from all backgrounds.

Persons with disabilities who need accommodation in the application process or those needing job postings in an alternative format may e-mail a request to [email protected] .

At Sun Life we strive to create a flexible work environment where our employees are empowered to do their best work. Several flexible work options are available and can be discussed throughout the selection process depending on the role requirements and individual needs.

We thank all applicants for showing an interest in this position. Only those selected for an interview will be contacted.

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.


27 days ago