Sr. Security Specialist to support security governance and risk management activities for a large insurance client - 4625

Sr. Security Specialist to support security governance and risk management activities for a large insurance client - 4625

Duration: 1 year (possibility of extension)

Location: Remote (should be open to check-in to Toronto/Waterloo offices)

*ERC Required

Dual reporting to the Director, Security Advisory Services, and the Director, Security Governance, the Security Governance & Risk Advisor performs risk assessments, applies privacy, security laws, regulations and assists the business units with governance and compliance matters as they relate to Information Security.

The Governance & Risk Advisor will contribute to day-to-day security governance and risk management activities, including supplier risk assessments, supplier contract reviews, advising on secure software development practices, annual security framework assessments, security policy/directive reviews, regulatory change assessments and related requests for information. The key role is to gather technical information for risk analysis and to make recommendations for action based on existing control requirements and industry best practices.

Job Responsibilities:

• Provide support to Business Groups by conducting security risk assessments, ensuring alignment with security policies and directives with a specific focus on implementation of controls in applications and infrastructure services.
• Participate in technology review boards and similar processes for the Business Groups to ensure proper technical security controls on systems, applications and processes.
• Support annual security assessment activities, including for NIST and CSA frameworks.
• Conduct annual security risk policy and directive review/refresh activities and present changes to management.
• Conduct regulatory change assessments for the enterprise. Report control gaps and track action plans to remediate.
• Provide the management team with an in-depth analysis of information security trends, the status of identified risks, penetration testing and vulnerability scan results, security incidents, current work activities, and work completed by the department.
• Collaborate with peers in Security Risk and Crisis Management for continuous improvement to security posture.

Must Have Skills:

• 5+ years experience in an Information Security role working with Information security risk management and security control governance.
• Experience with technologies such as SharePoint Governance Risk and Compliance Tools, Archer, encryption, firewalls, intrusion detection/prevention, anti-virus, DDoS, behavioural analysis/advanced malware detection.
• Experience with annual security assessment activities, including for NIST and CSA frameworks.
• Experience performing risk assessments of cloud-based technologies such as Amazon Web Services (AWS)

Nice To Have Skills:

• University degree or college diploma in Computer Science, engineering, information security management, information technology management, risk management, or comparable professional education/training in a relevant field
• Professional designation relating to Information Security (e.g., CISSP, CISM, CISA)