Security Advisor Senior - CGRC

Our employees are at the heart of everything we do. Together, we help people, businesses, and society prosper in good times and be resilient in bad times.

Our employee promise represents Intact’s commitment to you in exchange for living our Values, striving to do your best work, being open to change and investing in your career. In return, we promise to provide support, opportunities and performance-led financial rewards at a workplace where you can shape the future, win as a team and grow with us.

About the role

About the role

Our growing Cybersecurity Governance, Risk, and Compliance (CGRC) team is looking for an experienced cybersecurity professional who is specialized in a risk advisory and assessment role.

In collaboration with your colleagues, you will help support and promote a strong cybersecurity risk aware culture by providing proper guidance to ensure cybersecurity risks are well understood, documented, and managed, as part of continuously enhancing the company’s overall cybersecurity posture.

With a strong knowledge and innovative mindset, you will try new approaches and leverage emerging technologies to help deliver a second-to-none customer experience, shape the future of our industry, and leave your mark.

What you'll do here:

• Work in major innovative projects and initiatives involving the company’s core insurance platforms, key IT applications and critical infrastructure by supporting the initiation, design, and implementation phases of the projects to ensure the company’s security requirements are well understood and proper controls are implemented

• Act as a solution enabler in a cybersecurity risk advisory role to foster a “security-by-design” culture by providing recommendations, as needed, to the company’s Enterprise, IT & IS Architecture teams as they design architecture diagrams and patterns

• Act as a cybersecurity risk assessor by conducting regular and recurring cybersecurity threat risk assessments on major critical applications and IT infrastructure using qualitative, or quantitative, approaches to raise awareness on threats, vulnerabilities, control gaps, and risks via comprehensive written reports

• Identify and document cybersecurity risks to support various stakeholders in determining and implementing proper mitigating measures to ensure cybersecurity risks are managed according to the company’s risk appetite

• Collaborate with other CGRC team members and contribute to the development of the company’s cybersecurity policies, standards, and procedures to ensure strong cybersecurity governance across the enterprise

• Act as an expert to continuously maintain and operate the cybersecurity risk management framework while ensuring alignment with the company’s overall Enterprise & Operational Risk Management frameworks

• Support and track risks using the company’s GRC tool and help contribute to improving the workflow and configuration of the tool

• Act as an expert to support various IT functions to identify, develop, measure, maintain and report on Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs)

• Support various leadership teams and Security Champions in their respective portfolio, as well as the company’s Affiliates as needed, to ensure consistent cybersecurity risk management principles and practices are adopted across the enterprise

What you bring to the table:

• Bachelor's degree in Information Technology, or equivalent education and experience

• Technical designations such as CISSP, CRISC, CISA, CISM or equivalent

• 10+ years of relevant work experience in Information Technology, with at least 5+ years of relevant work experience in cybersecurity. Preference would be given to those individuals who have working experience in a GRC role

• Strong knowledge of risk management principles and practices in the areas of IT Infrastructure, Application Development, Cloud Computing (SaaS, IaaS, PaaS), Artificial Intelligence and Big-Data

• Strong knowledge of common cybersecurity frameworks (e.g. NIST CSF, ISO, CIS, MITRE Att&CK) while possessing a good understanding of vulnerability assessment calculation mechanisms (e.g. CVSS, EPSS, KEV catalog etc.) and threat modelling techniques (e.g. OCTAVE, Trike, PASTA, STRIDE, VAST etc.)

• Good mix of business and technical capabilities, and the ability to communicate on current cyber risk & issues to management within the context of their business portfolio

• For candidates located in Quebec, bilingualism is required considering the necessity to interact on a regular basis with English-speaking colleagues across the country

• Strong critical thinking while ensuring to analyze complex scenarios with the right level of detail based on the intended audience

• Self-motivated team player who can also work independently while making sure we deliver and win as a team

• Able to multi-task and be involved in multiple projects while consistently able to meet deadlines to align to stakeholder expectations

• No Canadian work experience required however must be eligible to work in Canada.

#LI-Hybrid

Salary of the successful candidate will typically be positioned between the following range, taking into consideration a number of factors including prior experience, qualifications, anticipated contribution to role, location and internal equity:

What we offer
 

Our hybrid work model provides the balance between working from home and enjoying meaningful in-person interactions.

Working here means you'll be empowered to be and do your best every day. Here is some of what you can expect as a permanent member of our team:

• A financial rewards program that recognizes your success

• An industry leading Employee Share Purchase Plan; we match 50% of net shares purchased

• An extensive flex pension and benefits package, with access to virtual healthcare

• Flexible work arrangements

• Possibility to purchase up to 5 extra days off per year

• An annual wellness account that promotes an active and healthy lifestyle

• Access to tools and resources to support physical and mental health, embracing change and connecting with colleagues

• A dynamic workplace learning ecosystem complete with learning journeys, interactive online content, and inspiring programs

• Inclusive employee-led networks to educate, inspire, amplify voices, build relationships and provide development opportunities

• Inspiring leaders and colleagues who will lift you up and help you grow

• A Community Impact program, because what you care about is a part of what makes you different. And how you contribute to your community should be just as unique.

We are an equal opportunity employer

At Intact, our Value of respect is founded on seeing diversity as a strength. We strive to create an accessible workplace where employees feel valued, included and encouraged to share their unique perspectives.

We encourage applications from individuals who are members of equity-deserving groups, including but not limited to women, Indigenous peoples, persons with disabilities, Black people, and members of the 2SLGBTQI+ community.

As part of Intact’s commitment to reconciliation, we acknowledge that we work, meet and travel across the land currently called Canada, originally inhabited by First Nations, Metis and Inuit people. This history extends through many centuries and continues to evolve today.

We have policies to ensure equal access and participation for people with disabilities, including providing workplace adjustments (accommodations). A copy of applicable policies is available on request.

If we can provide a specific adjustment to make the recruitment process more accessible for you, please let us know when we reach out about a job opportunity. We’ll work with you to meet your needs.

Learn more about our recruitment process and your candidate journey here.

If you are an employee of Intact or belairdirect, please apply for this role on Internal Career Site.