*Senior Information Security Advisor (Cybersecurity Risk & Advisory) - WTL, ON
About the role
Senior Information Security Advisor (Cybersecurity Risk & Advisory)
Support impactful cybersecurity initiatives within a leading insurance environment where your expertise will help strengthen security practices, protect critical business information, and influence enterprise-wide projects. Enjoy a hybrid work model, collaborate with diverse stakeholders, and contribute to meaningful security and risk management initiatives in a dynamic, technology-driven setting.
What is in it for you:
• Salaried: $55-65 per hour. • Incorporated Business Rate: $65-75 per hour. • 12-month contract with the potential for permanent employment. • Full-time position: 37.50 hours per week. • Day schedule, 37.50 hours per week. • Hybrid work model with one day per week in the office.
Responsibilities:
• Conduct information security risk assessments for business initiatives, applications, suppliers, and third parties. • Review contracts to ensure appropriate security provisions and requirements are included. • Assess supplier and third-party security risks. • Advise stakeholders on information security best practices. • Ensure security controls implemented within projects and initiatives align with organizational security policies and directives. • Provide security consulting and technical guidance to support the implementation of appropriate security controls that protect confidential information from accidental disclosure, modification, or destruction. • Review emerging information security strategies. • Provide preliminary recommendations to management regarding information security risks. • Track and manage open information security risks, ensuring remediation plans and target dates are established and monitored with the appropriate risk owners. • Report to management on the status of information security risk assessments, identified risks, policy exception requests, and current work activities. • Collaborate with business, architecture, infrastructure, compliance and risk, legal, privacy, and external third-party stakeholders.
What you will need to succeed:
• Post-secondary education in Computer Engineering, Computer Science, Information Technology, Information Security and Risk Management, or comparable professional education or training in a related field. • Professional information security certification such as CISSP, CCSP, CISM, or CISA is preferred. • 7 years of experience in Information Security and/or Information Technology, preferably including Information Security Risk Management. • Experience performing information security risk assessments. • Experience performing cloud security risk assessments. • Experience assessing cloud-based (SaaS) technologies, including AWS and Azure. • In-depth knowledge of information security and IT principles, protocols, practices, and industry standards. • Strong understanding of existing and emerging information security technologies, including encryption, network and web application firewalls, IDS/IPS, advanced malware protection, DDoS, DLP, and SIEM. • Extensive knowledge of attack and threat vectors and the corresponding security controls used to mitigate risk. • Strong understanding of cloud security and cloud-based technologies, including AWS and Azure. • Familiarity with contract wording and the interpretation of security clauses. • Excellent verbal communication skills, with the ability to interact with executives and negotiate with clients. • Excellent written communication skills, with a strong emphasis on report writing. • Ability to work independently with minimal supervision. • Strong strategic thinking, negotiation, consensus-building, and consulting skills. • Ability to influence positive outcomes across stakeholders. • Ability to understand diverse business units and communicate technical concepts in clear, plain language. • Ability to obtain Canadian Reliability Security Clearance prior to the start date.
Why Recruit Action?
Recruit Action (agency permit: AP-2504511) provides recruitment services through quality support and a personalized approach. As part of the screening process, some applications may be reviewed using artificial intelligence tools. Only candidates who meet the hiring criteria will be contacted.