Information Security Advisor

You are as unique as your background, experience and point of view. Here, you’ll be encouraged, empowered and challenged to be your best self. You'll work with dynamic colleagues - experts in their fields - who are eager to share their knowledge with you. Your leaders will inspire and help you reach your potential and soar to new heights. Every day, you'll have new and exciting opportunities to make life brighter for our Clients - who are at the heart of everything we do. Discover how you can make a difference in the lives of individuals, families and communities around the world.

Reporting to the Director/Manager, Security Advisory Services, the Information Security Advisor is aligned with a Senior Security Advisor and conducts and manages the Information Security Risk Assessment (ISRA) process, reviews security contracts, conducts suppliers risk assessments, advises on secure software development practices, reviews exceptions to security directives, and reviews emerging security strategies. There is interaction with all Sun Life business groups, including Digital, Application Services, Enterprise Infrastructure, Architecture, Security Architecture, Legal, Compliance and Risk, Privacy, and external service providers and vendors.

The Information Security Advisor applies privacy and security laws and regulations and assists business units with technical risk assessment and compliance matters as they relate to Information Security. The key role in this process is to gather technical information for analysis and to make recommendations for action.

**What you will do**:

- Provides support to Sun Life Business Groups by suggesting ways to implement security requirements to protect Company information from intentional or accidental disclosure, modification, or destruction and improve overall Security. Performs research on issues as needed to ensure suggestions meet necessary business and regulatory requirements.
- Consults broadly with the Business Groups and Enterprise Services using technical expertise to guide and influence implementation of security in wide or high-impact technology decisions and initiatives
- Supports a balanced approach for security controls and support of governance practices.
- Constantly promoting and advocating that adequate levels of control mechanisms are in place to safeguard the Sun Life Business organization information.
- Provides the management team with an in-depth analysis of information security trends, the status of identified risks, penetration testing and vulnerability scan results, security incidents, current work activities, and work completed by the department. Provides preliminary recommendations to the management team on information security related risks.
- Participates in the security review and assessment program in support of the Information Security strategy for Sun Life. Plans and schedules specific security assessments of systems, vulnerability identification and assessment considering executive priorities, business needs and IT resources.
- Provides support on IT security events and works with IT and business organizations within the Incident Management processes for those events by gathering information for analysis from various internal and external sources.
- Tracks information security related risks and corresponding action plans with dues dates to ensure that the issues are resolved. Work with the respective business and/or technology owner if dates are not met. Provides reports to the management team outlining the status of information security risks within Sun Life.

**What do you need to succeed**:

- 3+ years experience in IT Security and Application technology management and support
- In depth knowledge of IT Security principles, protocols, practices and industry standards
- Experience performing risk assessments of cloud (SaaS) based technologies
- Experience with Amazon Web Services (AWS) is preferred
- Strong understanding of existing and emerging IT Security technologies
- Advanced skills in report writing and project management
- Familiarity with contract wording and interpretation of security clauses
- Good technology generalist with a good understanding of all aspects of technology
- Must be able to work with the business groups from a non-technical business perspective and interpret technical context into common business language
- University degree or college diploma in Computer Science, engineering, IT security management, risk management, or comparable professional education/training in a field relevant to IT Security management
- Professional designation relating to Information Security (e.g. CISSP, CCSP, CISM, CISA) preferred

**Notes/Unique requirements**:
**What’s in it for you?**
- Named 2021 “Best Places to Work” by Glassdoor
- Work and professional development that is united by our Purpose: to help Clients and Employees achieve lifetime financial security and live healthier lives
- A friendly, collaborative and inclusive