Pay at Intact is about much more than just salary.
Flexible work arrangements and a hybrid work model
Possibility to purchase up to 5 extra days off per year
Multiple benefits offered to support physical and mental wellbeing, including telemedicine, Wellness account and much more
Share plan & other savings: up to 12% of salary or even more (ask how you could earn guaranteed income for life)
Salary range (but not limited to):
101,800 - 124,400Annual bonus target, based on the base salary, with a potential payout of up to double the target (subject to personal and company performance):
12%As part of our commitment to Win As A Team, we share our success with employees through our annual bonus plan and Employee Share Purchase Plan (ESPP) – with Intact matching 50% of your net shares.
Our pension offerings provide flexibility and long-term security for our employees beyond their careers. We are one of the few companies offering the opportunity to receive guaranteed income for life via our defined benefit pension plan.
Salary for the candidate will be determined taking into consideration a number of factors including: experience, skills, qualifications, anticipated contribution to role, internal equity, etc. The salary range presented above is based on a 35-hour workweek and would represent a majority of different candidate profiles. However, we encourage candidates who may fall outside of this range to apply as well.
About the role
Our growing team is looking for a Senior Security Advisor - SaaS Security and Cyber Supply Chain Risk
Together with our strong team of Cyber Supply Chain Risk Management (CSCRM) experts, you will work with state-of-the-art technologies to promote a strong cybersecurity compliance culture for Intact Financial Corporation. In collaboration with your colleagues, you will ensure the team success and continuously evaluate and report on the cybersecurity compliance practice to reduce cybersecurity risks for the organization. With your strong knowledge and innovative mindset, you will try new approaches and leverage emerging technologies to help deliver a second-to-none customer experience, shape the future of our industry, and leave your mark.
What you'll do here:
Conduct Security Assessments of Third Parties: Conduct security assessments of third parties by verifying key security controls and documenting risks.
Evaluate security configuration of SaaS: Perform detailed security configuration assessments of SaaS applications to verify compliance with industry standards, enhancing the organization’s security posture.
Collaborate and Risk Mitigation: Work with Risk Owners to implement risk reduction strategies and continuously monitor risks, ensuring the protection of IFC’s data and systems.
Leverage AI Technologies: Utilize AI technologies to automate the analysis of security configurations and streamline workflows, ensuring seamless integration with existing third-party risk management frameworks.
Monitor Third-Party Risk Management Requirements: Continuously identify, monitor, and respond to applicable third-party risk management framework requirements.
Develop and Enhance Risk Programs: Develop, implement, and enhance programs that monitor, measure, analyze, and report on third-party risk exposures across all business areas, comparing against the organization’s risk appetite.
Provide Security Expertise: Serve as a subject matter expert in third-party risk management governance activities, facilitating collaboration and performing risk assessments for acquisitions with existing and new contracts.
Participate in Innovative Projects: Engage in major innovative projects and collaborate with third parties on risk assessments and security key control evaluations.
Deliver Risk Reports: Create and deliver comprehensive risk reports with key risk indicators (KRIs) and key performance indicators (KPIs), offering insights into the organization’s third-party cyber risk landscape.
Develop TPRM Processes and Tools: Act as a cybersecurity expert in developing third-party risk management processes and tools.
Stay Informed on Cybersecurity Solutions: Stay vigilant on evolving cybersecurity solutions and services to ensure ongoing protection against emerging threats.
What you bring to the table:
Educational Background: Bachelor’s degree in information security, information technology, or equivalent education and experience.
Professional Experience:
5+ years of relevant work experience in information technology.
3+ years of relevant experience in cybersecurity, focusing on security risk assessments and third-party security.
Desirable Certifications: CISSP, CISA, CISM, CGEIT, CRISC, GSEC, GISP.
Tool Proficiency: Experience with Governance, Risk, and Compliance (GRC) and vendor monitoring tools is an asset.
AI Knowledge: Understanding of AI technologies applicable to security assessments and third-party risk management.
Security Frameworks and Industry Standards Knowledge: Familiarity with prevalent industry standards such as ISO 27001/27002, SOC 2, SOC 1, NIST, CIS, COBIT, and PCI DSS, and ability to translate security frameworks into practical guidance and assessments.
Vulnerability Management Knowledge: Good knowledge of common security vulnerabilities in web and cloud applications, with insight from sources like SANS, OWASP Top 10, and Cloud Security Alliance (CSA).
Communication Skills: Ability to effectively communicate cybersecurity risks to management within a business context, with a mix of technical and business acumen.
Relationship Management: Proven ability to develop and maintain relationships, and excellent facilitation and delivery skills.
Project Management: Capacity to work on multiple projects simultaneously, meet deadlines, and manage stakeholder expectations.
Commitment to Diversity: Demonstrated commitment to valuing differences and engaging with diverse stakeholders.
Ethical Standards: Adherence to strong ethical principles and a solid understanding of business and information security ethics.
For candidates located in Quebec, bilingualism is required considering the necessity to interact on a regular basis with English-speaking colleagues across the country.
No Canadian work experience required however must be eligible to work in Canada.
#LI-Hybrid
Il s'agit d'un nouveau rôle au sein de notre équipe en plein croissance | This role is a new member of our growing team.Senior Security Advisor - SaaS Security and Cyber Supply Chain Risk • Montréal, Quebec, CAN
A global food company is seeking an OT Cyber Security Professional based in Canada.This role will manage cybersecurity solutions and networks for production plants, ensuring compliance with corpora...Show more
This role sits at the intersection of.You’ll work closely with Sales, Product, and Leadership to support scoping, improve delivery processes, and help evolve our service offerings as the business s...Show more
GIRO IS YOUR WAY FORWARDAt GIRO, our mission is clear: Improving quality of life around the world through software and services that increase the efficiency of public transport and postal delivery....Show more
A career as a Senior Advisor in risk Governance in the Technology and Cybersecurity risk Management team at National Bank means acting as a specialist in technology, cyber and data risk governance....Show more
Step into the role of Cyber Security Lead and enhance security practices across multiple platforms.Guide vulnerability management, incident response, and cloud security to protect and serve critica...Show more
Enhance cybersecurity measures in industrial settings as an OT Cybersecurity Professional.Focus on implementing vital security frameworks and overseeing manufacturing operations within a hybrid env...Show more
A leading cybersecurity company seeks an OT Business Development Engineer in Montreal to lead technical engagements and support sales processes for Operational Technology solutions.Ideal candidates...Show more
A vehicle manufacturer utilizing AI technology is seeking an experienced IT Administration Manager for their Vancouver office.This key role involves leading IT operations, managing a team, and ensu...Show more
Step into a challenging role as a Senior Vulnerability Management Specialist, overseeing critical application security projects.Implement SAST, DAST, and SCA tools to prioritize and mitigate risks ...Show more
A leading consulting firm in Montreal is seeking a Senior Active Directory Engineer to support a major international bank.The role involves Level 3 operational support and engineering for Active Di...Show more
Spearhead security governance and TPRM initiatives as a Senior Leader.Elevate operational effectiveness and vendor risk management in a remote work setting.This role will oversee the strategic dire...Show more
Shape the future of security as a Lead Security Engineer focused on cloud-native platforms.Oversee critical security initiatives to enhance organizational security posture in a dynamic environment....Show more
Our Krakenites are a world-class team with crypto conviction, united by our desire to discover and unlock the potential of crypto and blockchain technology.Kraken is a mission-focused company roote...Show more
A leading cybersecurity firm is seeking a Sr.Client Security Advisor in Calgary to drive security solutions for clients.The role involves designing tailored security programs, collaborating with va...Show more
A leading cybersecurity firm is seeking a Sr.Presales Security Advisor to drive client relationships and design tailored security solutions.This remote position in Western Canada requires at least ...Show more
Drive secure access management as a Senior SAP Authorization Specialist in a fully remote environment.Leverage extensive SAP security expertise to implement user roles and ensure compliance effecti...Show more
Senior Advisor Governance Third Paty Risk Management.Area(s) of interest: Risk management.A career as a Senior Advisor in the Operational and Third-Party Risk Governance and Transformation team at ...Show more
Enhance cloud security as a Compliance Lead in DevSecOps.Manage SOC2 and GDPR initiatives while optimizing security tool configurations and automation processes.As a prime stakeholder in security, ...Show more
){kind=logo}
