Senior Manager, Security Advisory Services

Individually we are people, but together we are Aviva. Individually these are just words, but together they are our Values – Care, Commitment, Community, and Confidence.

As the Senior Manager of Security Advisory Services (SAS), you will be responsible for leading all aspects of Aviva Canada’s Security Advisory Services functions. This will primarily involve leading the SAS team who will conduct Information Security Risk Assessments (ISRAs) for internal solutions, technology projects; and Third Party Information Security Assessments (TPISA) to review our partners’ security posture and contractual obligations to protect Aviva.

The Senior Manager will run a dynamic team to identify and manage cybersecurity risks, policy exception requests, and a wide-range of cybersecurity consulting requests for Aviva’s technology and business teams.

You will ensure that cybersecurity risk at Aviva is managed appropriately and within risk tolerance levels as defined by the organization. At the same time, you will ensure the smooth day-to-day operations of managing cybersecurity risks and advisory functions. Additionally, you will also collaborate with other Aviva security and IT teams to implement new security solutions that will strengthen Aviva’s overall security posture.

You are resourceful, forward-thinking, collaborative, and are comfortable in a fast-paced environment.

What you’ll do :

You will lead a team of Security Risk Advisors and Security Analysts to conduct ISRAs, TPISAs, manage and mitigate cybersecurity risks and conduct and other consulting requests within Aviva Canada’s technology and business teams

Provide oversight on assessments, risk identification and risk management, processes, and tools for managing and reporting risks, and improve the quality of services

Identify gaps in existing processes and technology and develop remediation plans to address risks

Assist in the development of cybersecurity risk reporting including the ongoing development and improvement of Key Risk Indicators (KRIs)

Provide leadership, mentoring, growth, and development opportunities to team members.

Ensure all identified cybersecurity risks are mitigated and are effectively communicated to partners, and managed with risk-prioritized timelines aligned with Aviva’s risk appetite

Provide oversight on a wide variety of security solutions, projects, and new technologies

Develop and adapt the overall cybersecurity risk advisory vision for Aviva Canada as cybersecurity risk and threat-landscape industry changes

Provide senior management and executives with information security trends, the status of identified risks, and the effectiveness of work activities

Help improve Aviva’s Third Party Information Risk Management Process to continuously assess Aviva Canada’s suppliers security posture

Increase visibility of cybersecurity risks where and when appropriate with the respective collaborators when risk action plan target dates are not met

Manage the pen test and PCI compliance attestation programs

Preparing for internal Risks and Control Assessments

What you’ll bring :

Minimum 10 years’ of progressive experience in cybersecurity risk management, vendor assessments, and application security design & architecture

Strong understanding of cybersecurity industry standards, principles and practices, as well as risk concepts

Proven management and leadership skills in communication, prioritization and developing talent

Demonstrated ability to communicate complex issues in a clear and concise manner to a wide range of audiences and partners

Demonstrated ability to navigate through ambiguity and guide team through changes

Ability to understand complex processes and make sound judgement calls.

Ability to negotiate and influence others to achieve optimal results.

Knowledge of Ariba, Archer GRC or equivalent platforms.

Post-secondary education in Computer Science, Computer Engineering, IT security, risk management, or comparable professional training.

Professional designation relating to cybersecurity or IT risk (e.g. CISSP, CISA, CISM, CCSP / CCSK, GIAC) preferred

What you’ll get :

Compelling rewards package including base compensation, eligibility for annual bonus, retirement savings, share plan, health benefits, personal wellness, and volunteer opportunities.

Outstanding Career Development opportunities.

We’ll support your professional development education.

Competitive vacation package with the option to purchase 5 extra days off per year

Employee driven programs focused on gender, LGBTQ+, origins, diversity and inclusion

Corporate wellness programs to support our employees’ physical and mental health

Hybrid flexible work model

Aviva Canada has an accommodation process in place to provide accommodations for employees with disabilities. If upon commencement of employment you require a specific accommodation because of a disability, please contact your Talent Acquisition Partner so that an appropriate accommodation can be arranged. This process applies throughout your career with Aviva Canada.