Information Security Advisor

You are as unique as your background, experience and point of view. Here, you’ll be encouraged, empowered and challenged to be your best self. You'll work with dynamic colleagues - experts in their fields - who are eager to share their knowledge with you. Your leaders will inspire and help you reach your potential and soar to new heights. Every day, you'll have new and exciting opportunities to make life brighter for our Clients - who are at the heart of everything we do. Discover how you can make a difference in the lives of individuals, families and communities around the world.

**Information Security Advisor**

Reporting to the Director, Security Advisory Services, the Information Security Advisor will be aligned with a Senior Security Advisor. The Information Security Advisor conducts Information Security Risk Assessments (ISRAs), reviews security contracts, performs supplier/third-party risk assessments, advises on security best practices, and reviews emerging security strategies. The Information Security Advisor interacts with various Sun Life business groups, including but not limited to, Business, Architecture, Infrastructure, Legal, Compliance and Risk, and Privacy teams.

The Information Security Advisor assist business units with risk assessment and compliance matters as it relates to Information Security.

**What will you do?**
- Provide support to Sun Life Business Group initiatives/projects through conducting information security risk assessments, reviewing contracts to ensure inclusion of security requirements, performing supplier/third-party risk assessments, and advising on security best practices.
- Assess various Sun Life Business Group initiatives/projects to ensure implementation controls aligns with Sun Life Information Security policies and directives.
- Provide security consulting to Sun Life Business Groups and various stakeholders, using technical expertise, to guide and influence implementation of security controls.
- Provide security consulting to Sun Life Business Groups to ensure adequate security controls are in place to safeguard and protect Sun Life confidential information from intentional or accidental disclosure, modification, or destruction, and improve overall security.
- Provide management team with an in-depth analysis of information security trends, status of identified risks, penetration testing and vulnerability scan results, security incidents, current work activities, and work completed by the department.
- Provide preliminary recommendations to the management team on information security related risks.
- Provide support during an Incident Management affecting the Sun Life Business Group by gathering information for analysis from various internal and external sources.
- Track and manage open information security risks to ensure corresponding risk remediation plans and target dates are in place. Work with respective business and/or technology risk owner to ensure risk remediation.

**What will you need to succeed?**
- Minimum of at least 3 years experience in Information Technology (IT) and/or Information Security
- In-depth knowledge of IT and information security principles, protocols, practices, and industry standards
- Experience performing risk assessments of cloud-based (SaaS) technologies including but not limited to AWS and Azure
- Strong understanding of existing and emerging IT and security technologies
- Strong communication and negotiation skills with senior staff and executives
- Excellent report writing skills
- Familiarity with contract wording and interpretation of security clauses
- An understanding of Sun Life's Business and ability to work with diverse groups
- Must be able to work and communicate with various business groups from a non-technical perspective and interpret technical context into common business language
- Self-starter, can work with minimum supervision, strategic thinker, negotiator and consensus builder
- University degree or college diploma in Computer Science, Engineering, Information Technology, Information Security and Risk Management or comparable professional education/training in a field relevant to IT Security management
- Professional designation relating to Information Security (e.g., CISSP, CCSP, CISM, CISA)

**Unique Requirements**:
**What’s in it for you?**
- Great Place to Work® Certified in Canada and the US - 2022
- Great Place to Work® award for Best Workplaces for #HybridWork
- 2022 Named “Best Places to Work” by Glassdoor - 2021
- Canada Award for Excellence for Mental Health at Work
- 2021 Flexible hybrid work model including in-country work-from-home if you prefer.

LI-Hybrid #LI-remote

At Sun Life we strive to create a flexible work environment where our employees are empowered to do their best work. Several flexible work options are available and can be discussed throughout the selection process depending on the role requirements and individual needs.

We thank all applicants for showing an int