Information Security Manager (Security and Risk Advisory)

Permanent Full Time 

-

The Information Security Manager plays a crucial role in our first line of cyber defense, working closely with IT and business partners to help them understand and manage information security risks while ensuring compliance with organizational policies and standards. This position supports the delivery of comprehensive, analysis-based cybersecurity services to our internal clients across Canada, including conducting security assessments, providing expert consultations, integrating security requirements into projects, and evaluating security controls for organizational assets.

This is role reports to the Director, Security Assessment and Project Support team within the Information Security Canada group. In addition to the general accountabilities below, we are particularly interested in hearing from candidates with the following specialties:

What you will do 

• Lead a team of security professionals, fostering their growth and development while ensuring the delivery of exceptional results to clients.
• Demonstrate sound judgment by providing timely, effective updates to leadership and making informed, ethical decisions that align with organizational values and effectively solve problems.
• Facilitate data-driven decision-making by developing and implementing reporting practices, designing dashboards, and creating effective metrics and KPIs to drive desirable outcomes.
• Provide information security consultation to business and IT clients, ensuring alignment with organizational goals and objectives.
• Collaborate with project and technology teams to ensure that security controls and security-by-design principles are incorporated into technology changes, while positioning security as an enabler to project timelines.
• Evaluate the effectiveness of existing security controls and recommend improvements to enhance the organization's security posture, ensuring alignment with industry standards and regulatory requirements.
• Foster a security-conscious culture by consistently guiding stakeholders on security best practices, standards, and policies.
• Develop and maintain a comprehensive risk assessment framework with consistent methodologies and criteria for evaluating threats. Identify new and emerging threats by staying current with security trends and technologies and integrate relevant advancements into the team's processes.
• Conduct threat risk assessments by identifying potential security threats, evaluating their likelihood and impact, and recommending mitigation strategies to protect organizational assets and ensure compliance with security policies. Prepare reports on findings, including recommendations for risk mitigation.
• Review common application and network vulnerability reports to identify security weaknesses and facilitate their remediation by owners based on risk prioritization. Common types of reports include:
  • Static Application Security Testing (SAST)
  • Dynamic Application Security Testing (DAST)
  • Interactive Application Security Testing (IAST)
  • Software Composition Analysis (SCA)
  • Penetration Testing
  • Infrastructure or endpoint scans

What you will bring 

• Bachelor’s degree from an accredited college or university or equivalent experience.
• Minimum eight years’ experience as an information security professional with at least three of those in a people management role.
• Accreditation of at least one information security (e.g. CISSP; CISM; CISA; CCSP; CRISC; GSEC; CySA+; CASP+; SSCP)
• Excellent communicator including demonstrated presentation and negotiation skills.
• Must be detail-oriented while still being able to see the big picture.
• Proven ability to influence cross-functional teams, foster relationships and build trust.
• High proficiency in developing and reporting on relevant performance measures.
• Able to explain complex concepts to broad range of stakeholders including management.
• Familiar with leading Architecture, SDLC (SecDevOps), PDLC, IT/Security Risk and Service Management practices.
• Positive attitude, strong work ethic and ability to work with a team to cultivate customer relationships.
• Strong experience in security assessment methodologies such as Threat Risk Assessment or Threat Modelling.
• Strong technical background with exposure to multiple aspects of information technology, networks, server, application dev, architecture, storage, cloud etc.
• Strong knowledge of the following frameworks or regulations related to information security and IT governance: CIS Control, CMMC; COBIT; CSA CCM; FISMA; GDPR; ISO/IEC 27001; ITIL; MITRE ATT&CK NERC CIP; NIST Cybersecurity Framework; NIST SP 800-53; OWASP Top Ten; PCI DSS; SANS Critical Security Controls; SOX; and other similar resources.
• Experience interpreting and consulting around meeting the requirements of the Information Security Policies and Standards for a large organization.
• Working knowledge of IT Audit processes, including design of control test procedures.
• Ability to deliver on commitments.
• Familiarity with Data Protection Impact Assessments (DPIAs) and privacy principals is a plus.
• Demonstrated project management skills or extensive experience working with projects is a plus.
• Reliability Status security clearance - this is a personnel security status that is required before an employee can gain access to Protected B information, assets or work sites as outlined by the Government of Canada website

-

The base salary for this position is between  $76,400.00 - $145,000.00 annually.  This represents base salary only and does not represent other variable compensation components of our total compensation ( i.e. annual bonus, commission etc).  If you are selected to move forward in our recruitment process, your recruiter will be able to discuss additional details of our total rewards program with you.

Career opportunities will be open a minimum of 5 business days from the date of posting, closing dates will vary depending on the search activity. All applications received will be reviewed on a rolling basis.

Be your best at Canada Life- Apply today!

Being a part of Canada Life means you have a voice. This is a place where your unique background, perspectives and talents are valued, and shape our future success.

You can be your best here. You’re part of a diverse and inclusive workplace where your career and well-being are championed. You’ll have the opportunity to excel in your way, finding new and better ways to deliver exceptional customer and advisor experiences.

Together, as part of a great team, you’ll deliver on our shared purpose to improve the well-being of Canadians. It’s our driving force. Become part of a strong and successful company that’s trusted by millions of Canadians to do the right thing.

Canada Life serves the financial security needs of more than 13 million people across Canada, with additional operations in Europe and the United States. As members of the Power Financial Corporation group of companies, we’re one of Canada’s leading insurers with interests in life insurance, health insurance, investment and retirement savings. We offer a broad portfolio of financial and benefit plan solutions for individuals, families, businesses and organizations. 

We are committed to providing an inclusive, accessible environment, where all employees and customers feel valued, respected and supported. We are dedicated to building a workforce that reflects the diversity of the communities in which we live, and to creating an environment where every employee has the opportunity to reach their potential. 

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Canada Life policies. To request a reasonable accommodation in the application process, contact talentacquisitioncanada@canadalife.com.

Canada Life would like to thank all applicants, however only those who qualify for an interview will be contacted.

#LI-Hybrid