Senior Security Advisor - Cyber Supply Chain Risk Management

Our employees are at the heart of everything we do. Together, we help people, businesses, and society prosper in good times and be resilient in bad times.

Our employee promise represents Intact’s commitment to you in exchange for living our Values, striving to do your best work, being open to change and investing in your career. In return, we promise to provide support, opportunities and performance-led financial rewards at a workplace where you can shape the future, win as a team and grow with us.

About the role

Our employees are at the heart of what we do best: helping people, businesses and society prosper in good times and be resilient in bad times. When you join our team, you’re bringing this purpose to life alongside a passionate community of experts.  

Feel empowered to learn and grow while being valued for who you are– here, diversity is a strength. You have our commitment to support you in reaching your goals with tools, opportunities, and flexibility. It’s our employee promise. 

Our hybrid work model provides the balance between working from home and enjoying meaningful in-person interactions.

Read on to see how you can shape the future, win as a team, and grow with us.

About the Role

Are you passionate about cybersecurity and eager to make a significant impact in a new and dynamic environment? Join Partner Solutions (PSI) team as a Senior Security Advisor - Cyber Supply Chain Risk Management as we embark on an exciting journey to establish a new practice, leveraging Intact Financial Corporation's proven practices and state-of-the-art technologies.

As a Senior Security Advisor - Cyber Supply Chain Risk Management you will be at the forefront of promoting a robust cybersecurity compliance culture. Working in collaboration with the IFC TPRM experts, you will utilize cutting-edge technologies to ensure the success of our cybersecurity initiatives. Your role will involve continuous evaluation and reporting on our cybersecurity compliance practices to mitigate risks and enhance the organization's security posture.

What You’ll Do

• Act as an expert to continuously identify, monitor and respond to applicable third-party risk management framework requirements.
• Develop, implement, and enhance programs that monitor, measure, analyze and report on third-party risk exposures across all business areas and compare against the organization’s risk appetite.
• Act as a subject matter expert in various third-party risk management governance activities by providing security expertise, facilitating collaboration, and performing third-party risk assessment for acquisition that hold existing and new contracts with Intact's affiliates.
• Be an active part of a team of third-party risk management functional experts and support the Cyber Governance, Risk and Compliance (CGRC) team to ensure synergy and momentum among teams internally.
• Act as an expert to continuously maintain best practices when assessing third parties, by verifying the security key controls and industry’s security related standards and guidelines
• Act as a subject matter expert working in major innovative projects and with third-party where third-party risk assessment and security key control need to be assessed.
• Working independently, conduct various third-party risk assessments for circumstances, events or risk scenarios that can potentially impact Intact’s affiliates security posture and/or risk profile.
• Create and deliver comprehensive risk reports to provide detailed insights of the current state of the organization’s third-party cyber associated risks landscape.
• Act as an expert in cybersecurity third-party risk management for the development of TPRM modules and content within a GRC platform.
• Act as an expert to support the Information security functions to identify, develop, measure, maintain and report on KRIs.
• Remain vigilant to evolving industry cybersecurity solutions and services to ensure constant protection against ongoing and emerging threats.

What You Need

• Bachelor’s degree in information security and/or technologies, or equivalent education and experience.
• 8+ years of relevant work experience in information technology and 8+ years of relevant work experience in cyber security frameworks such as those published by guiding organizations (NIST, SANS, ISO etc.).
• Ability to translate framework to practical advice and assessment.
• Knowledge of prevalent industry standards (ISO 27001/27002, SOC 2, SOC 1, NIST, CIS, COBIT, PCI DSS).
• Strong knowledge of information security management principles and practices.
• Preference will be given to those candidates who have a strong background in Cloud related technologies and Cyber Governance and Risk experience.
• Strong ethical principles and understanding of business and information security ethics.
• Good knowledge of common security vulnerabilities of web and cloud applications and operating techniques from sources such as SANS, OWASP Top 10 and Cloud Security Alliance (CSA).
• Good mix of business and technical capabilities, and the ability to communicate on current cyber risk issues to management within the context of their business.
• Ability to develop and manage relationships, good facilitation, and delivery skills.
• The ability to work on several projects, meet deadlines and manage stakeholder expectations.
• A demonstrated commitment to valuing differences, developing, diverse stakeholders.
• These certifications would be desirable: CISSP, CISA, CISM, CGEIT, CRISC, GSEC, GISP.
• Experience with the implementation and knowledge of GRC/TPRM platforms will be considered an asset.
• For candidates located in Quebec, bilingualism is required considering the necessity to interact on a regular basis with English-speaking colleagues across the country.
• No Canadian work experience required however must be eligible to work in Canada.

#LI-Hybrid

What we offer
 

Our hybrid work model provides the balance between working from home and enjoying meaningful in-person interactions.

Working here means you'll be empowered to be and do your best every day. Here is some of what you can expect as a permanent member of our team:

• A financial rewards program that recognizes your success

• An industry leading Employee Share Purchase Plan; we match 50% of net shares purchased

• An extensive flex pension and benefits package, with access to virtual healthcare

• Flexible work arrangements

• Possibility to purchase up to 5 extra days off per year

• An annual wellness account that promotes an active and healthy lifestyle

• Access to tools and resources to support physical and mental health, embracing change and connecting with colleagues

• A dynamic workplace learning ecosystem complete with learning journeys, interactive online content, and inspiring programs

• Inclusive employee-led networks to educate, inspire, amplify voices, build relationships and provide development opportunities

• Inspiring leaders and colleagues who will lift you up and help you grow

• A Community Impact program, because what you care about is a part of what makes you different. And how you contribute to your community should be just as unique.

We are an equal opportunity employer

At Intact, our Value of respect is founded on seeing diversity as a strength. We strive to create an accessible workplace where employees feel valued, included and encouraged to share their unique perspectives.

We encourage applications from individuals who are members of equity-deserving groups, including but not limited to women, Indigenous peoples, persons with disabilities, Black people, and members of the 2SLGBTQI+ community.

As part of Intact’s commitment to reconciliation, we acknowledge that we work, meet and travel across the land currently called Canada, originally inhabited by First Nations, Metis and Inuit people. This history extends through many centuries and continues to evolve today.

We have policies to ensure equal access and participation for people with disabilities, including providing workplace adjustments (accommodations). A copy of applicable policies is available on request.

If we can provide a specific adjustment to make the recruitment process more accessible for you, please let us know when we reach out about a job opportunity. We’ll work with you to meet your needs.

Learn more about our recruitment process and your candidate journey here.

If you are an employee of Intact or belairdirect, please apply for this role on Internal Career Site.