Job descriptionSenior Information Security Advisor (Cybersecurity Risk & Cloud Security)
Support impactful cybersecurity initiatives within a leading insurance environment where your expertise will help strengthen security practices, protect critical business information, and influence enterprise-wide projects. Enjoy a hybrid work model, collaborate with diverse stakeholders, and contribute to meaningful security and risk management initiatives in a dynamic, technology-driven setting.
What is in it for you:
• Salaried: $50-55 per hour.
• Incorporated Business Rate: $60-65 per hour.
• Contract with the potential for permanent employment.
• Full-time position: 37.50 hours per week.
• Day schedule, 37.50 hours per week.
• Hybrid work model with one day per week in the office.
Responsibilities:
• Conduct information security risk assessments for business initiatives, applications, suppliers, and third parties.
• Review contracts to ensure appropriate security provisions and requirements are included.
• Assess supplier and third-party security risks.
• Advise stakeholders on information security best practices.
• Ensure security controls implemented within projects and initiatives align with organizational security policies and directives.
• Provide security consulting and technical guidance to support the implementation of appropriate security controls that protect confidential information from accidental disclosure, modification, or destruction.
• Review emerging information security strategies.
• Provide preliminary recommendations to management regarding information security risks.
• Track and manage open information security risks, ensuring remediation plans and target dates are established and monitored with the appropriate risk owners.
• Report to management on the status of information security risk assessments, identified risks, policy exception requests, and current work activities.
• Collaborate with business, architecture, infrastructure, compliance and risk, legal, privacy, and external third-party stakeholders.
What you will need to succeed:
• Post-secondary education in Computer Engineering, Computer Science, Information Technology, Information Security and Risk Management, or comparable professional education or training in a related field.
• Professional information security certification such as CISSP, CCSP, CISM, or CISA is preferred.
• 7 years of experience in Information Security and/or Information Technology, preferably including Information Security Risk Management.
• Experience performing information security risk assessments.
• Experience performing cloud security risk assessments.
• Experience assessing cloud-based (SaaS) technologies, including AWS and Azure.
• In-depth knowledge of information security and IT principles, protocols, practices, and industry standards.
• Strong understanding of existing and emerging information security technologies, including encryption, network and web application firewalls, IDS/IPS, advanced malware protection, DDoS, DLP, and SIEM.
• Extensive knowledge of attack and threat vectors and the corresponding security controls used to mitigate risk.
• Strong understanding of cloud security and cloud-based technologies, including AWS and Azure.
• Familiarity with contract wording and the interpretation of security clauses.
• Excellent verbal communication skills, with the ability to interact with executives and negotiate with clients.
• Excellent written communication skills, with a strong emphasis on report writing.
• Ability to work independently with minimal supervision.
• Strong strategic thinking, negotiation, consensus-building, and consulting skills.
• Ability to influence positive outcomes across stakeholders.
• Ability to understand diverse business units and communicate technical concepts in clear, plain language.
• Ability to obtain Canadian Reliability Security Clearance prior to the start date.
Why Recruit Action?
Recruit Action (agency permit: AP-2504511) provides recruitment services through quality support and a personalized approach. As part of the screening process, some applications may be reviewed using artificial intelligence tools. Only candidates who meet the hiring criteria will be contacted.