Talent.com
AVP, Threat and Vulnerability Management
AVP, Threat and Vulnerability ManagementSun Life • Waterloo, Ontario
AVP, Threat and Vulnerability Management

AVP, Threat and Vulnerability Management

Sun Life • Waterloo, Ontario
Il y a 14 jours
Type de contrat
  • Temps plein
Description de poste

Job Description

Overview

As the AVP, Global Threat & Vulnerability Management (TVM) within Digital Security Threat Management (DSTM) under Security, Risk & Crisis Management (SRC), you will lead Sun Life’s global capability for identifying, assessing, prioritizing, and mitigating cyber vulnerabilities and threats across the enterprise. You will oversee multiple sub‑disciplines—vulnerability management, red teaming, threat intelligence, defensive security (blue team), application security platform & testing, and incident management & process development—ensuring Sun Life maintains a resilient and compliant security posture.

This role partners closely with Security Engineering & Advisory, Technology Risk & Compliance, Security Governance & Client Programs, Security Initiatives & Awareness, and Security Operations to drive measurable improvements in cyber resilience and reduce enterprise attack surface.

Key Responsibilities

1. Enterprise Vulnerability Management Leadership

You are the Responsible Person / Contact for the enterprise Vulnerability Management Directive, overseeing the entire vulnerability lifecycle across Sun Life : identification, prioritization, reporting, remediation governance, and compliance monitoring.

Your VM program encompasses :

  • Internal and external vulnerability scanning
  • Database scanning
  • Security Scorecard monitoring
  • Threat‑intel‑driven vulnerability monitoring
  • Classification of vulnerabilities and zero‑day response
  • Audit, Client and Regulatory responses.
  • Management of platforms related to Vulnerability Management.
  • Produce Senior Leadership and Executive Reporting for all areas of Vulnerability Management.

2. Cyber Threat Intelligence & Hunting

You oversee the Cyber Threat Intelligence (CTI) and Cyber Threat Hunting (CTH) function responsible for :

  • Lead the collection, analysis, and operationalization of internal and external threat intelligence.
  • Monitoring global threats affecting Sun Life brands, staff, infrastructure, and clients
  • Identifying indicators of compromise, campaign activity, and attacker behaviors
  • Producing actionable threat briefings for Security teams, Technology Risk, and senior leadership.
  • Maintain relationships with intelligence‑sharing communities, industry groups, and government partners.
  • Ensure threat intelligence directly informs detection engineering, vulnerability prioritization, and offensive testing.
  • Perform continuous Threat Hunting activities based on Cyber Threat Intelligence and internal Red / Blue team information.
  • Develop and refine use cases based on threat intelligence and work with Security Operations and Engineering teams to implement for alerting to Defensive Security teams.

    • 3. Red Team / Offensive Security Oversight

    You lead the Offensive Security (Red Team) program, which conducts :

  • Application, network, social engineering, and physical penetration tests
  • Adversary emulation engagements
  • Intelligence Led Penetration Testing
  • Executes Security Control validation testing to ensure coverage and identify gaps across security controls.
  • Ensure offensive testing aligns with threat intelligence and focuses on high‑risk assets and emerging attack vectors.
  • Partner with technology teams to validate remediation effectiveness.
  • Translate offensive findings into prioritized remediation actions and long‑term security improvements.

    • 4. Blue Team / Defensive Security Oversight

    You lead the Defensive Security (Blue Team) program, which :

  • Responds to detections from security controls
  • Ensure defensive capabilities evolve based on threat intelligence and offensive testing results.
  • Partner with Offensive Security, Cyber Threat Intelligence and Security Operations to enhance detection coverage, reduce dwell time, and improve alert fidelity.

    • 5. Security Incident & Process Management

    You lead the Security Incident team which :

  • Responds to security incidents and takes appropriate actions
  • Govern the maturity of incident response processes, playbooks, and readiness exercises.
  • Ensure consistent, high‑quality incident handling with clear communication and post‑incident reviews.

    • 6. Application Security Platforms

  • Oversee application security scanning capabilities including static, dynamic, software composition and mobile analysis.
  • Partner with DevOps teams to ensure application security capabilities are integrated into DevOps pipelines.
  • Identify systemic application security weaknesses and drive long‑term remediation strategies.
  • Provide secure development guidance and support targeted developer training in partnership with the AVP of Security Initiatives, Training & Awareness.
  • Ensure application security findings are integrated into enterprise vulnerability reporting.

    • 7. Application Security Testing

  • Leads Sun Life’s Application Security Testing function, owning the strategy, execution, and continuous improvement of the enterprise testing framework.
  • Ensure critical applications have penetration testing performed on an annual basis.
  • Ensures results are consistent, high‑quality, repeatable, and meet enterprise governance expectations.
  • Drives adoption of advanced testing approaches, including AI‑assisted vulnerability remediation and testing enhancements.

    • 8. Cross‑Functional Collaboration

  • Partner with :
  • Security Engineering & Advisory on architecture alignment, secure design, and technical remediation.
  • Technology Risk & Compliance to ensure alignment with regulatory expectations, audit requirements, and risk frameworks.
  • Security Governance & Client Programs to support client assurance, governance reporting, and due diligence.
  • Security Initiatives, Training & Awareness to develop training based on recurring vulnerability, threat, and AppSec trends.
  • Security Operations to enhance detection, response, and threat hunting capabilities.

    • 9. Metrics, Reporting & Executive Communication

  • Define KPIs, KRIs, and dashboards that measure vulnerability exposure, application security maturity, remediation performance, and threat trends.
  • Deliver regular briefings to senior leadership, risk committees, and the board.
  • Translate complex technical risks into clear business impacts and recommended actions.
  • Provide transparent reporting on remediation performance, threat landscape changes, and exposure reduction progress.
  • Provide updates to regulatory bodies regarding the security posture or any related incidents.

    • Qualifications

  • 15+ years of cybersecurity experience, with deep expertise in vulnerability management, threat intelligence, application security, or offensive / defensive security.
  • Proven leadership experience managing technical teams and enterprise‑scale security programs.
  • Strong understanding of vulnerability scanning tools, AppSec testing platforms, cloud security, and threat intelligence technologies.
  • Demonstrated expertise in Red and Blue Team operations, including hands‑on knowledge of adversary emulation, penetration testing (web, network, cloud), threat hunting, incident detection and response, malware analysis, and validation of security controls across complex enterprise environments.
  • Deep understanding of secure coding practices, shift left practices, application security capabilities, CI / CD pipelines, and DevSecOps principles.
  • Experience working in regulated industries and supporting audits, regulators, and client assurance programs.
  • Excellent communication skills with the ability to influence senior executives and technical teams.
  • Demonstrated ability to lead through complexity, ambiguity, and rapid change.
  • Certifications such as CISSP, CISM, GIAC, OSCP, GCTI, or CSSLP.
  • Experience with automation, secure SDLC, and large‑scale application security programs.
  • Background in cyber risk quantification or exposure analytics.
  • Experience with cloud‑native security tooling and modern application architectures.

    • Leadership Competencies

    Strategic thinker with the ability to anticipate emerging threats and evolving attack surfaces.

  • Strong decision‑making skills and the ability to operate effectively under pressure.
  • Ability to build trust and drive alignment across diverse technology and business teams.
  • High integrity, accountability, and a commitment to continuous improvement.
  • Skilled at developing leaders, building high‑performing teams, building succession, supporting early‑career talent and fostering a culture of security excellence.
  • Ability to deliver clear, concise communication of complex risk topics to senior leadership.
  • Ability to influence across business units without authority.
  • Skill in preparing regulatory‑grade evidence, narratives, and rationale.

    • What’s in it for you?

  • Great Place to Work® Certified for Most Trusted Executive Team in Canada – 2025, 2024 and 2023
  • Great Place to Work® Certified for Best Workplaces in Canada - 2025
  • Canada Order of Excellence for Mental Health at Work® certification from Excellence Canada. Sun Life is one of only four companies in Canada to ever receive this certification – 2024
  • Top Work Places® for Remote Work – Monster Canada - 2024
  • Great Place to Work® Certified for Best Workplaces in Canada – 2024 and 2022
  • Great Place to Work® Certified for Best Workplaces for Women in Canada - 2024
  • Flexible hybrid work model.
    • Créer une alerte emploi pour cette recherche

    AVP Threat and Vulnerability Management • Waterloo, Ontario

    Offres similaires
    Directeur adjoint, service sécurité incendie

    Directeur adjoint, service sécurité incendie

    Fauve • waterloo, on, ca
    Temps plein
    Fauve recrute pour une municipalité située à seulement 30 minutes de Gatineau et d’Ottawa sa future.Direction Adjointe du Service sécurité incendie. Cette municipalité offre un cadre de vie exceptio...Voir plus
    Dernière mise à jour : il y a 16 heures • Offre sponsorisée • Nouvelle offre
    Senior Asset Management Advisor

    Senior Asset Management Advisor

    Systemex Industries Conseils • waterloo, on, ca
    Temps plein
    Are you looking for an engaging job where you can thrive and fulfill your potential?.Look no further, as we have the perfect opportunity for you at Systemex. We offer a pleasant work environment wit...Voir plus
    Dernière mise à jour : il y a 13 heures • Offre sponsorisée • Nouvelle offre
    Coordinator - Protection Incendie Priorité

    Coordinator - Protection Incendie Priorité

    Protection Incendie Priorité • waterloo, on, ca
    Temps plein
    Nous jouons un rôle clé dans des projets de construction variés dans la région de Montréal et ses environs.Notre équipe est en pleine croissance et nous sommes à la recherche d’un(e).Coordonnateur(...Voir plus
    Dernière mise à jour : il y a 16 heures • Offre sponsorisée • Nouvelle offre
    Health And Safety Coordinator - Lantic Inc.

    Health And Safety Coordinator - Lantic Inc.

    Lantic Inc. • waterloo, on, ca
    Temps plein
    Lantic recrute actuellement pour le poste de coordonnateur.Relevant du directeur, santé et sécurité au travail, le / la titulaire du poste s’assure du respect de la culture générale reliée à la sécur...Voir plus
    Dernière mise à jour : il y a 16 heures • Offre sponsorisée • Nouvelle offre
    LTO EA Level D - Extended Day After School - 7.5 hrs / wk

    LTO EA Level D - Extended Day After School - 7.5 hrs / wk

    Waterloo Region District School Board • St. Jacobs, ON, Canada
    Temps partiel +1
    This posting is open to WRDSB employees who are members of the EA Association as well as external applicants.Staff already in an LTO are not eligible to apply to this posting if it will conflict wi...Voir plus
    Dernière mise à jour : il y a 18 heures • Offre sponsorisée • Nouvelle offre
    BPM Specialist - Insight Global

    BPM Specialist - Insight Global

    Insight Global • waterloo, on, ca
    Temps plein
    Insight Global is seeking a BPM Specialist to join a top aerospace company in Longueuil, QC.This role leads business transformation and continuous improvement initiatives by identifying high‑impact...Voir plus
    Dernière mise à jour : il y a 16 heures • Offre sponsorisée • Nouvelle offre
    Crew Compliance Specialist

    Crew Compliance Specialist

    NAVBLUE, Inc. • Waterloo, Canada
    Temps plein +1
    Job Description : • • • •Summary : • The Crew Compliance Specialist is responsible to design, support and oversee the implementation of product features that relate to Compliance of Crew Legality rule...Voir plus
    Dernière mise à jour : il y a 9 jours • Offre sponsorisée
    Safety Manager - Vortex Companies - Trenchless Infrastructure Rehabilitation Solutions

    Safety Manager - Vortex Companies - Trenchless Infrastructure Rehabilitation Solutions

    Vortex Companies - Trenchless Infrastructure Rehabilitation Solutions • waterloo, on, ca
    Temps plein
    Cette offre d'emploi est disponible en français.Si vous avez besoin de la version anglaise, elle est fournie uniquement pour la commodité. L'employeur soutient l'équité en matière d'emploi et encour...Voir plus
    Dernière mise à jour : il y a 13 heures • Offre sponsorisée • Nouvelle offre
    Reimbursement Specialist

    Reimbursement Specialist

    ManpowerGroup • waterloo, on, ca
    Permanent +1
    As a Reimbursement Specialist, you’ll be the point person helping patients and prescribers navigate public and private drug coverage so patients can access their therapy on time.You will complete a...Voir plus
    Dernière mise à jour : il y a 18 jours • Offre sponsorisée
    Manager, Health And Safety - Commissionaires Ottawa

    Manager, Health And Safety - Commissionaires Ottawa

    Commissionaires Ottawa • waterloo, on, ca
    Temps plein
    Commissionaires Ottawa is seeking an experienced and proactive Manager, Health and Safety (H&S) to lead the organization’s occupational and non-occupational health, safety, wellness, and injury / ill...Voir plus
    Dernière mise à jour : il y a 16 heures • Offre sponsorisée • Nouvelle offre
    Governance, Risk & Compliance Consultant - Malleum

    Governance, Risk & Compliance Consultant - Malleum

    Malleum • waterloo, on, ca
    Temps plein
    We are a premier cybersecurity consultancy, blending advanced offensive and defensive strategies to safeguard our customers. With a team known for its contributions to cybersecurity research at plat...Voir plus
    Dernière mise à jour : il y a 16 heures • Offre sponsorisée • Nouvelle offre
    Client Service Representative (Bilingual)

    Client Service Representative (Bilingual)

    RWAM Insurance Administrators Inc. • Woolwich, ON, Canada
    Temps plein
    Are you looking to work alongside a dedicated team of professionals making a difference in the lives of employers and employees every day?. The Group Distribution department is a motivated group of ...Voir plus
    Dernière mise à jour : il y a 14 heures • Offre sponsorisée • Nouvelle offre
    Cybersecurity Consultant – Azure & AI Governance ((French Bilingual) - Concentrix

    Cybersecurity Consultant – Azure & AI Governance ((French Bilingual) - Concentrix

    Concentrix • waterloo, on, ca
    Temps plein
    Cybersecurity Consultant – Azure & AI Governance.Microsoft ecosystem to advise enterprise customers and lead strategic AI security initiatives. Lead customer workshops to assess AI readiness, focusi...Voir plus
    Dernière mise à jour : il y a 18 jours • Offre sponsorisée
    Licensed Millwright - $3k Sign-on Bonus

    Licensed Millwright - $3k Sign-on Bonus

    Cargill • Linwood, ON, CA
    Temps plein
    Week 1 : Monday, Tuesday, Friday, Saturday.Week 2 : Sunday, Wednesday, Thursday.Must hold an Ontario or Inter-Provincial 433A Millwright Certificate. As a Maintenance Millwright at Cargill, you will b...Voir plus
    Dernière mise à jour : il y a plus de 30 jours • Offre sponsorisée
    Public Sector Procurement & Risk Lead

    Public Sector Procurement & Risk Lead

    Town of Tillsonburg • Tillsonburg
    Temps plein +1
    A municipal government in Ontario is seeking a Procurement & Risk Management Coordinator to oversee purchasing and risk management. This permanent full-time role includes benefits like a defined pen...Voir plus
    Dernière mise à jour : il y a 16 jours • Offre sponsorisée
    Associate director, Compliance programme manager - Technology (Global role – in a virtual working environment) - Grant Thornton International Ltd

    Associate director, Compliance programme manager - Technology (Global role – in a virtual working environment) - Grant Thornton International Ltd

    Grant Thornton International Ltd • waterloo, on, ca
    Temps plein
    Grant Thornton is one of the world’s leading professional services networks with member firms in over 150 countries, 80,000 people and global revenues of $8. Member firms offer audit, tax, and advis...Voir plus
    Dernière mise à jour : il y a 9 jours • Offre sponsorisée
    Associate Consultant - Custom Healthcare Compliance Solutions

    Associate Consultant - Custom Healthcare Compliance Solutions

    Custom Healthcare Compliance Solutions • waterloo, on, ca
    Temps plein
    Associate Consultant – Healthcare Compliance.Montreal, QC (hybrid or remote for the right candidate).Custom Healthcare Compliance Solutions, 1250 René-Lévesque Blvd W Suite 2200, Montreal, Quebec H...Voir plus
    Dernière mise à jour : il y a 16 heures • Offre sponsorisée • Nouvelle offre
    Special Advisor, Government Relations (Health Affairs)

    Special Advisor, Government Relations (Health Affairs)

    McGill University • waterloo, on, ca
    Temps plein
    As one of Montreal's Top Employers, here is what we offer : .Competitive benefits package (Health, Dental, Life Insurance). Defined contribution pension plan (with employer contribution up to 10%).Gro...Voir plus
    Dernière mise à jour : il y a 14 heures • Offre sponsorisée • Nouvelle offre