Sr. Information Security Advisor to conduct security risk assessments and manage risks and security waivers for a large insurance client - 5163

Sr. Information Security Advisor to conduct security risk assessments and manage risks and security waivers for a large insurance client - 5163

Duration: 1 year (possibility for extension)

Location: Remote (Within Toronto - Might require occasional visits to Toronto Office)

*ERC Required

Reporting to the Director, Security Advisory Services, the Senior Information Security Advisor is aligned with a business unit and conducts and manages the Information Security Risk Assessment and review process, reviews security contracts, conducts suppliers risk assessments, advises on security best practices, and reviews emerging security strategies. There is interaction with all business groups, including Digital, Application Services, Enterprise Infrastructure, Architecture, Security Architecture, Legal, Compliance and Risk, Privacy, and external service providers and vendors. The successful candidate would meet with stakeholders for various initiatives, provided technical and architectural information, write professional opinions to support their case, collaborate with others to improve security controls.

Must Have Skills:

• 7+ years of experience in Information Security
• Experience performing information security risk assessments
• Knowledge of IT Security principles, protocols, practices and industry standards.
• Knowledge of technologies related to Information Security: encryption, firewalls, access controls, intrusion detection/prevention, anti-virus, DDoS, behavioural analysis/advanced malware detection.
• Financial industry experience

Nice To Have Skills:

• 
  
• Professional designation relating to Information Security (e.g. CISSP, CCSP, CISM, CISA)
• Familiarity with contract wording and interpretation of security clauses.

Job Description:

• Conduct risk assessments, manage risks and security waivers and advise on security best practices,
• Manages the security risks identified from information security risk assessments and bring them to closure
• Provides support to business groups by suggesting ways to improve security by implementing controls to protect sensitive company information from disclosure, modification, and destruction.
• Supports a balanced approach for security controls and support of governance practices and approaches. Continuously promotes and advocates that adequate levels of control mechanisms are in place to safeguard assets.
• Provide information security related input into technology vendor selection (RFP).
• Provides support to the Legal team regarding information security with respect to agreements and contracts.