Talent.com
AVP, Threat and Vulnerability Management
AVP, Threat and Vulnerability ManagementSun Life • Waterloo, Ontario
AVP, Threat and Vulnerability Management

AVP, Threat and Vulnerability Management

Sun Life • Waterloo, Ontario
14 days ago
Job type
  • Full-time
Job description

Job Description

Overview

As the AVP, Global Threat & Vulnerability Management (TVM) within Digital Security Threat Management (DSTM) under Security, Risk & Crisis Management (SRC), you will lead Sun Life’s global capability for identifying, assessing, prioritizing, and mitigating cyber vulnerabilities and threats across the enterprise. You will oversee multiple sub‑disciplines—vulnerability management, red teaming, threat intelligence, defensive security (blue team), application security platform & testing, and incident management & process development—ensuring Sun Life maintains a resilient and compliant security posture.

This role partners closely with Security Engineering & Advisory, Technology Risk & Compliance, Security Governance & Client Programs, Security Initiatives & Awareness, and Security Operations to drive measurable improvements in cyber resilience and reduce enterprise attack surface.

Key Responsibilities

1. Enterprise Vulnerability Management Leadership

You are the Responsible Person / Contact for the enterprise Vulnerability Management Directive, overseeing the entire vulnerability lifecycle across Sun Life : identification, prioritization, reporting, remediation governance, and compliance monitoring.

Your VM program encompasses :

  • Internal and external vulnerability scanning
  • Database scanning
  • Security Scorecard monitoring
  • Threat‑intel‑driven vulnerability monitoring
  • Classification of vulnerabilities and zero‑day response
  • Audit, Client and Regulatory responses.
  • Management of platforms related to Vulnerability Management.
  • Produce Senior Leadership and Executive Reporting for all areas of Vulnerability Management.

2. Cyber Threat Intelligence & Hunting

You oversee the Cyber Threat Intelligence (CTI) and Cyber Threat Hunting (CTH) function responsible for :

  • Lead the collection, analysis, and operationalization of internal and external threat intelligence.
  • Monitoring global threats affecting Sun Life brands, staff, infrastructure, and clients
  • Identifying indicators of compromise, campaign activity, and attacker behaviors
  • Producing actionable threat briefings for Security teams, Technology Risk, and senior leadership.
  • Maintain relationships with intelligence‑sharing communities, industry groups, and government partners.
  • Ensure threat intelligence directly informs detection engineering, vulnerability prioritization, and offensive testing.
  • Perform continuous Threat Hunting activities based on Cyber Threat Intelligence and internal Red / Blue team information.
  • Develop and refine use cases based on threat intelligence and work with Security Operations and Engineering teams to implement for alerting to Defensive Security teams.

    • 3. Red Team / Offensive Security Oversight

    You lead the Offensive Security (Red Team) program, which conducts :

  • Application, network, social engineering, and physical penetration tests
  • Adversary emulation engagements
  • Intelligence Led Penetration Testing
  • Executes Security Control validation testing to ensure coverage and identify gaps across security controls.
  • Ensure offensive testing aligns with threat intelligence and focuses on high‑risk assets and emerging attack vectors.
  • Partner with technology teams to validate remediation effectiveness.
  • Translate offensive findings into prioritized remediation actions and long‑term security improvements.

    • 4. Blue Team / Defensive Security Oversight

    You lead the Defensive Security (Blue Team) program, which :

  • Responds to detections from security controls
  • Ensure defensive capabilities evolve based on threat intelligence and offensive testing results.
  • Partner with Offensive Security, Cyber Threat Intelligence and Security Operations to enhance detection coverage, reduce dwell time, and improve alert fidelity.

    • 5. Security Incident & Process Management

    You lead the Security Incident team which :

  • Responds to security incidents and takes appropriate actions
  • Govern the maturity of incident response processes, playbooks, and readiness exercises.
  • Ensure consistent, high‑quality incident handling with clear communication and post‑incident reviews.

    • 6. Application Security Platforms

  • Oversee application security scanning capabilities including static, dynamic, software composition and mobile analysis.
  • Partner with DevOps teams to ensure application security capabilities are integrated into DevOps pipelines.
  • Identify systemic application security weaknesses and drive long‑term remediation strategies.
  • Provide secure development guidance and support targeted developer training in partnership with the AVP of Security Initiatives, Training & Awareness.
  • Ensure application security findings are integrated into enterprise vulnerability reporting.

    • 7. Application Security Testing

  • Leads Sun Life’s Application Security Testing function, owning the strategy, execution, and continuous improvement of the enterprise testing framework.
  • Ensure critical applications have penetration testing performed on an annual basis.
  • Ensures results are consistent, high‑quality, repeatable, and meet enterprise governance expectations.
  • Drives adoption of advanced testing approaches, including AI‑assisted vulnerability remediation and testing enhancements.

    • 8. Cross‑Functional Collaboration

  • Partner with :
  • Security Engineering & Advisory on architecture alignment, secure design, and technical remediation.
  • Technology Risk & Compliance to ensure alignment with regulatory expectations, audit requirements, and risk frameworks.
  • Security Governance & Client Programs to support client assurance, governance reporting, and due diligence.
  • Security Initiatives, Training & Awareness to develop training based on recurring vulnerability, threat, and AppSec trends.
  • Security Operations to enhance detection, response, and threat hunting capabilities.

    • 9. Metrics, Reporting & Executive Communication

  • Define KPIs, KRIs, and dashboards that measure vulnerability exposure, application security maturity, remediation performance, and threat trends.
  • Deliver regular briefings to senior leadership, risk committees, and the board.
  • Translate complex technical risks into clear business impacts and recommended actions.
  • Provide transparent reporting on remediation performance, threat landscape changes, and exposure reduction progress.
  • Provide updates to regulatory bodies regarding the security posture or any related incidents.

    • Qualifications

  • 15+ years of cybersecurity experience, with deep expertise in vulnerability management, threat intelligence, application security, or offensive / defensive security.
  • Proven leadership experience managing technical teams and enterprise‑scale security programs.
  • Strong understanding of vulnerability scanning tools, AppSec testing platforms, cloud security, and threat intelligence technologies.
  • Demonstrated expertise in Red and Blue Team operations, including hands‑on knowledge of adversary emulation, penetration testing (web, network, cloud), threat hunting, incident detection and response, malware analysis, and validation of security controls across complex enterprise environments.
  • Deep understanding of secure coding practices, shift left practices, application security capabilities, CI / CD pipelines, and DevSecOps principles.
  • Experience working in regulated industries and supporting audits, regulators, and client assurance programs.
  • Excellent communication skills with the ability to influence senior executives and technical teams.
  • Demonstrated ability to lead through complexity, ambiguity, and rapid change.
  • Certifications such as CISSP, CISM, GIAC, OSCP, GCTI, or CSSLP.
  • Experience with automation, secure SDLC, and large‑scale application security programs.
  • Background in cyber risk quantification or exposure analytics.
  • Experience with cloud‑native security tooling and modern application architectures.

    • Leadership Competencies

    Strategic thinker with the ability to anticipate emerging threats and evolving attack surfaces.

  • Strong decision‑making skills and the ability to operate effectively under pressure.
  • Ability to build trust and drive alignment across diverse technology and business teams.
  • High integrity, accountability, and a commitment to continuous improvement.
  • Skilled at developing leaders, building high‑performing teams, building succession, supporting early‑career talent and fostering a culture of security excellence.
  • Ability to deliver clear, concise communication of complex risk topics to senior leadership.
  • Ability to influence across business units without authority.
  • Skill in preparing regulatory‑grade evidence, narratives, and rationale.

    • What’s in it for you?

  • Great Place to Work® Certified for Most Trusted Executive Team in Canada – 2025, 2024 and 2023
  • Great Place to Work® Certified for Best Workplaces in Canada - 2025
  • Canada Order of Excellence for Mental Health at Work® certification from Excellence Canada. Sun Life is one of only four companies in Canada to ever receive this certification – 2024
  • Top Work Places® for Remote Work – Monster Canada - 2024
  • Great Place to Work® Certified for Best Workplaces in Canada – 2024 and 2022
  • Great Place to Work® Certified for Best Workplaces for Women in Canada - 2024
  • Flexible hybrid work model.
    • Create a job alert for this search

    AVP Threat and Vulnerability Management • Waterloo, Ontario

    Similar jobs
    Security and Mobilization Admin / Coordinator (badging and mobilization)

    Security and Mobilization Admin / Coordinator (badging and mobilization)

    McDermott International, Ltd • waterloo, ON, ca
    Full-time
    Our ingenuity fuels daily life.Together, we’ve forged some of the most trusted partnerships across the energy value chain to make what was once just an idea a reality : laying subsea infrastructure ...Show more
    Last updated: 13 hours ago • Promoted • New!
    Director of Inclusion Services

    Director of Inclusion Services

    Prosserman JCC • waterloo, on, ca
    Full-time
    DIRECTOR of INCLUSION SERVICES.Full-Time, In-Person (40 hours / week).From $85,000, commensurate with experience.Schwartz / Reisman Centre – 9600 Bathurst Street, Maple, ON. Prosserman JCC – 4588 Bathur...Show more
    Last updated: 15 hours ago • Promoted • New!
    Coordinator - Protection Incendie Priorité

    Coordinator - Protection Incendie Priorité

    Protection Incendie Priorité • waterloo, on, ca
    Full-time
    Nous jouons un rôle clé dans des projets de construction variés dans la région de Montréal et ses environs.Notre équipe est en pleine croissance et nous sommes à la recherche d’un(e).Coordonnateur(...Show more
    Last updated: 14 hours ago • Promoted • New!
    Safety & Compliance Specialist - Reimer Associates Inc.

    Safety & Compliance Specialist - Reimer Associates Inc.

    Reimer Associates Inc. • waterloo, on, ca
    Full-time
    Notre client est un transporteur Full Truckload bien établi et très prospère, basé à Valcourt (QC).Il exploite une flotte importante et offre des services à l’intérieur de la province de Québec ain...Show more
    Last updated: 14 hours ago • Promoted • New!
    EVP, Operations & Development, Multi-Location Health & Wellness, Private Equity, 78965

    EVP, Operations & Development, Multi-Location Health & Wellness, Private Equity, 78965

    Truenorth Executive Search, Inc. • waterloo, on, ca
    Full-time
    EVP, Operations & Development, Multi-Location Health & Wellness, Private Equity.Our client is a middle market, multi-location Health & Wellness enterprise making ambitious growth strides nationally...Show more
    Last updated: 13 hours ago • Promoted • New!
    Operations Leader – Safety Services

    Operations Leader – Safety Services

    Drake International • waterloo, on, ca
    Permanent
    Drake International is supporting a growing, founder-led safety services organization in the search for an.This role is anchored in workforce execution — ensuring safety personnel are deployed effe...Show more
    Last updated: 11 hours ago • Promoted • New!
    Operations Specialist - Community Fire Prevention

    Operations Specialist - Community Fire Prevention

    Community Fire Prevention • waterloo, on, ca
    Full-time
    Do you thrive in a fast-paced environment? Are you looking to join a growing team with opportunities to advance your career? If your answer is yes, Community Fire Prevention Ltd (an Onyx-Fire Famil...Show more
    Last updated: 14 hours ago • Promoted • New!
    Safety Manager - Vortex Companies - Trenchless Infrastructure Rehabilitation Solutions

    Safety Manager - Vortex Companies - Trenchless Infrastructure Rehabilitation Solutions

    Vortex Companies - Trenchless Infrastructure Rehabilitation Solutions • waterloo, on, ca
    Full-time
    Cette offre d'emploi est disponible en français.Si vous avez besoin de la version anglaise, elle est fournie uniquement pour la commodité. L'employeur soutient l'équité en matière d'emploi et encour...Show more
    Last updated: 11 hours ago • Promoted • New!
    Security Administrator - Titanium Transportation Group Inc.

    Security Administrator - Titanium Transportation Group Inc.

    Titanium Transportation Group Inc. • waterloo, on, ca
    Full-time
    As Security Administrator, you’ll play a pivotal role in safeguarding our organization’s digital assets including its systems and networks. The Security Administrator develops and implements a cyber...Show more
    Last updated: 13 hours ago • Promoted • New!
    Customs Compliance Specialist (Succession Role)

    Customs Compliance Specialist (Succession Role)

    Border Brokers • waterloo, on, ca
    Full-time
    Location : Winnipeg, Manitoba | Full-Time, On-site (with commuter benefit / relocation stipend).Are you ready to take the next big step in your Customs Brokerage career?. Canadian Customs Brokerage fir...Show more
    Last updated: 12 hours ago • Promoted • New!
    Manager, Health And Safety - Commissionaires Ottawa

    Manager, Health And Safety - Commissionaires Ottawa

    Commissionaires Ottawa • waterloo, on, ca
    Full-time
    Commissionaires Ottawa is seeking an experienced and proactive Manager, Health and Safety (H&S) to lead the organization’s occupational and non-occupational health, safety, wellness, and injury / ill...Show more
    Last updated: 14 hours ago • Promoted • New!
    Security Specialist - Threat Risk Assessment - Senior - Russell Tobin

    Security Specialist - Threat Risk Assessment - Senior - Russell Tobin

    Russell Tobin • waterloo, on, ca
    Full-time
    Job Title : Security Specialist - Threat Risk Assessment - Senior.Location : Toronto, Onsite 56 Wellesley.Duration : 12+ Months (Possible Extension). Senior Information Security and Privacy Specialist ...Show more
    Last updated: 14 hours ago • Promoted • New!
    Health And Safety Advisor - Cross Fraser Partnership

    Health And Safety Advisor - Cross Fraser Partnership

    Cross Fraser Partnership • waterloo, on, ca
    Full-time
    This role offers the potential for employment with any of the joint venture companies involved in the project.Hiring decisions are based on equal opportunities across each team.Cross Fraser Partner...Show more
    Last updated: 15 hours ago • Promoted • New!
    Director, Verification & Inspections - Resource Productivity and Recovery Authority

    Director, Verification & Inspections - Resource Productivity and Recovery Authority

    Resource Productivity and Recovery Authority • waterloo, on, ca
    Full-time +1
    We are the Resource Productivity and Recovery Authority (RPRA), Ontario’s circular economy regulator.Our vision is a waste-free and prosperous Ontario. And, our mission is to support waste reduction...Show more
    Last updated: 13 hours ago • Promoted • New!
    Provincial Safety Management System (PSMS) And Research Ethics Board (REB) Systems Manager - Health PEI

    Provincial Safety Management System (PSMS) And Research Ethics Board (REB) Systems Manager - Health PEI

    Health PEI • waterloo, on, ca
    Full-time
    The PSMS and REB System Manager is responsible to provide leadership, direction and oversight to the development, management and administration of the Provincial Safety Management System (PSMS) and...Show more
    Last updated: 14 hours ago • Promoted • New!
    Associate director, Compliance programme manager - Technology (Global role – in a virtual working environment) - Grant Thornton International Ltd

    Associate director, Compliance programme manager - Technology (Global role – in a virtual working environment) - Grant Thornton International Ltd

    Grant Thornton International Ltd • waterloo, on, ca
    Full-time
    Grant Thornton is one of the world’s leading professional services networks with member firms in over 150 countries, 80,000 people and global revenues of $8. Member firms offer audit, tax, and advis...Show more
    Last updated: 9 days ago • Promoted
    Associate Consultant - Custom Healthcare Compliance Solutions

    Associate Consultant - Custom Healthcare Compliance Solutions

    Custom Healthcare Compliance Solutions • waterloo, on, ca
    Full-time
    Associate Consultant – Healthcare Compliance.Montreal, QC (hybrid or remote for the right candidate).Custom Healthcare Compliance Solutions, 1250 René-Lévesque Blvd W Suite 2200, Montreal, Quebec H...Show more
    Last updated: 14 hours ago • Promoted • New!
    Compliance Manager - EC1 Partners

    Compliance Manager - EC1 Partners

    EC1 Partners • waterloo, on, ca
    Full-time
    Exciting Role for a Money Laundering Reporting Officer (MLRO) – Canada.Step into a pivotal role as the Money Laundering Reporting Officer (MLRO) for Canada, where your expertise will drive the effe...Show more
    Last updated: 14 hours ago • Promoted • New!