AVP, Security Governance and Risk Management

Business Management and Administration

Job Overview

Job title: AVP, Security Governance and Risk Management

Job description: You are as unique as your background, experience and point of view. Here, you’ll be encouraged, empowered and challenged to be your best self. You’ll work with dynamic colleagues – experts in their fields – who are eager to share their knowledge with you. Your leaders will inspire and help you reach your potential and soar to new heights. Every day, you’ll have new and exciting opportunities to make life brighter for our Clients – who are at the heart of everything we do. Discover how you can make a difference in the lives of individuals, families and communities around the world.

Job Description:

Experience working in a Financial Services organization with global or international operations is essential.

Position Overview

This position manages a major functional area that reports directly to the Vice President and Chief Information Security Officer (CISO) and has direct oversight of the following functions: Security Policy, Directives, and Operating Guidelines; alignment of the Sun Life Security Program with the National Institute of Standards and Technology (NIST) Cyber Security Framework; control monitoring; internal security risk assessments; and third party security risk management; governance and risk management coordination; regulator, auditor, and customer response coordination; and Sun Life employee awareness and education for cyber security.

The AVP, Security Risk Management and Governance will be responsible for defining and aligning strategies for security risk management and governance, and ensure that exposures to cyber risk are identified and managed at an acceptable level. The position is an integral part in the development, implementation, and compliance of security control programs across the enterprise and will regularly act as a voice of Information Security to clients and management, building cyber security confidence in support of business development and governance processes.

Job Description

  • Develop and manage the security risk management and compliance strategy, framework and approach.
  • Integrate security risk reporting and aggregate reporting into an Enterprise risk framework.
  • Provide briefings to leadership and advise them of critical issues that may affect business or enterprise security objectives in partnership with Sun Life Business Unit risk and compliance officers.
  • In conjunction with Legal, Privacy and Compliance, identify information management and protection laws and regulations and implement actions to ensure compliance.
  • Recommend strategies to ensure a common approach towards regulatory authorities and obtain internal efficiency.
  • Ensure a comprehensive understanding of existing requirements and ongoing monitoring of new requirements.
  • Develop strategies and action plans to drive control maturity improvement in areas where controls do not adequately mitigate security risks.
  • Facilitate prioritization of security risk and due diligence activities with different lines of business in conjunction with Business Unit Risk and Compliance officers.
  • Identify global security regulatory, legislative, and industry specific compliance requirements and applicability to each line of business.
  • Partner with Architecture and Engineering teams to develop risk mitigation strategies, solutions, and recommendations to reduce components, systems, or enterprise security risk.
  • Develop, document, and assess measures, metrics, and internal controls related to cyber security assessments and acceptance.
  • Coordinate and track all information technology and security related audits including scope of audits, business units involved, timelines, and outcomes.
  • Liaise with Corporate Operational Risk Management and Internal Audit, maintaining excellent relationships and provide transparency.
  • Provide guidance, evaluation and advocacy on audit responses.
  • Develop and maintain a strategy for managing security related audits, compliance checks and external assessment processes for auditors.
  • Lead the development and implementation of effective and reasonable policies and practices to secure sensitive data and ensure security and compliance with contracts, regulatory requirements, and industry standards.
  • Manage the third party risk assessments process to ensure risk transparency and business acceptance, contractual obligations and enable risk-based decision making.
  • Partner with business and technology leaders in ensuring new and existing business relationships adequately address information security risk through vendor management, security engineering engagements, and security assessments of processes and procedures.
  • Manage specified Governance Risk and Compliance (GRC) projects from inception to completion.
  • Support the Vice President and CISO in establishing annual and long-term goals, defining risk and governance strategies, metrics, and reporting mechanisms.

Qualifications, Experience, Skills and Attributes

  • Minimum of 15 years work experience in IT with direct responsibility for technologies in scope, including at least 10 years previous experience in a management role.
  • Experience working in a Financial Services organization with global or international operations. No exceptions please.
  • Experience working in a shared services IT model desirable.
  • Bachelor degree in Computer Science/Engineering/Information Security/Business preferred or equivalent combination of education and/or relevant experience.
  • Extensive experience in enterprise security program development and implementation, enterprise security governance, designing and delivering employee security awareness training, and managing security staff.
  • Ability to evaluate risks to the company and articulate issues, develop consensus, raise awareness, and provide and implement solutions.
  • Knowledge of common information technology and security management frameworks such as ISO/IEC 27001, ITIL, COBIT, and NIST.
  • Knowledge and understanding of relevant legal, regulatory and privacy requirements.
  • Strong project management experience.
  • Ability to work collaboratively and effectively with a cross-section of the Enterprise Services team and business organizations to implement information security standards and initiatives.
  • Understanding of threat driven methodologies, Software Development Life Cycle (SDLC), threat modeling and cyber attack trees.
  • Ability to clearly present complex technical concepts and techniques to others.
  • Excellent written and spoken communication skills.
  • Comfortable and effective in building partnerships with organizational leaders and influencing senior management.
  • Experience with Governance, Risk, and Compliance (GRC) tools.
  • Ability to manage multiple projects with changing/shifting/dynamic priorities.

What’s in it for you?

  • Named 2021 “Best Places to Work” by Glassdoor
  • Work and professional development that is united by our Purpose: to help Clients and Employees achieve lifetime financial security and live healthier lives
  • A friendly, collaborative and inclusive culture
  • Be part of our continuous improvement journey in developing the next greatest digital enterprise experience.
  • Competitive salary and bonus structure influenced by market range data
  • Pension, stock and savings programs to help build and enhance your future financial security
  • A common sense dress code, where you decide how you dress based on your day
  • The opportunity to move along a variety of career paths with amazing networking potential
  • Flex hours and work from home options.

The Base Pay range is for the primary location for which the job is posted. It may vary depending on the work location of the successful candidate or other factors. In addition to Base Pay, eligible Sun Life employees participate in various incentive plans, payment under which is discretionary and subject to individual and company performance. Certain sales focused roles have sales incentive plans based on individual or group sales results.

Diversity and inclusion have always been at the core of our values at Sun Life. A diverse workforce with wide perspectives and creative ideas benefits our clients, the communities where we operate and all of us as colleagues. We welcome applications from qualified individuals from all backgrounds.

Persons with disabilities who need accommodation in the application process or those needing job postings in an alternative format may e-mail a request to .

At Sun Life we strive to create a flexible work environment where our employees are empowered to do their best work. Several flexible work options are available and can be discussed throughout the selection process depending on the role requirements and individual needs.

We thank all applicants for showing an interest in this position. Only those selected for an interview will be contacted.

Salary Range: 125,900/125 900 – 214,500/214 500

Job Category: IT – Technology Services

Posting End Date: 09/01/2022

Company: Sun Life Financial

Expected salary:

Location: Waterloo, ON

Job date: Fri, 17 Dec 2021 00:21:27 GMT

Job Source: Careerjet.ca

Apply for this job
Share:

A job board that helps you to get the right job based on your skills and experience.

T&C

Terms & Conditions

Contact Us

info@firstnationswork.com