Senior Information Security Advisor (Cybersecurity Risk & Cloud Security)
Support impactful cybersecurity initiatives within a leading insurance environment where your expertise will help strengthen security practices, protect critical business information, and influence enterprise-wide projects. Enjoy a hybrid work model, collaborate with diverse stakeholders, and contribute to meaningful security and risk management initiatives in a dynamic, technology-driven setting.
What is in it for you:
- Salaried: $50-55 per hour.
- Incorporated Business Rate: $60-65 per hour.
- Contract with the potential for permanent employment.
- Full-time position: 37.50 hours per week.
- Day schedule, 37.50 hours per week.
- Hybrid work model with one day per week in the office.
Responsibilities:
- Conduct information security risk assessments for business initiatives, applications, suppliers, and third parties.
- Review contracts to ensure appropriate security provisions and requirements are included.
- Assess supplier and third-party security risks.
- Advise stakeholders on information security best practices.
- Ensure security controls implemented within projects and initiatives align with organizational security policies and directives.
- Provide security consulting and technical guidance to support the implementation of appropriate security controls that protect confidential information from accidental disclosure, modification, or destruction.
- Review emerging information security strategies.
- Provide preliminary recommendations to management regarding information security risks.
- Track and manage open information security risks, ensuring remediation plans and target dates are established and monitored with the appropriate risk owners.
- Report to management on the status of information security risk assessments, identified risks, policy exception requests, and current work activities.
- Collaborate with business, architecture, infrastructure, compliance and risk, legal, privacy, and external third-party stakeholders.
What you will need to succeed:
- Post-secondary education in Computer Engineering, Computer Science, Information Technology, Information Security and Risk Management, or comparable professional education or training in a related field.
- Professional information security certification such as CISSP, CCSP, CISM, or CISA is preferred.
- 7 years of experience in Information Security and/or Information Technology, preferably including Information Security Risk Management.
- Experience performing information security risk assessments.
- Experience performing cloud security risk assessments.
- Experience assessing cloud-based (SaaS) technologies, including AWS and Azure.
- In-depth knowledge of information security and IT principles, protocols, practices, and industry standards.
- Strong understanding of existing and emerging information security technologies, including encryption, network and web application firewalls, IDS/IPS, advanced malware protection, DDoS, DLP, and SIEM.
- Extensive knowledge of attack and threat vectors and the corresponding security controls used to mitigate risk.
- Strong understanding of cloud security and cloud-based technologies, including AWS and Azure.
- Familiarity with contract wording and the interpretation of security clauses.
- Excellent verbal communication skills, with the ability to interact with executives and negotiate with clients.
- Excellent written communication skills, with a strong emphasis on report writing.
- Ability to work independently with minimal supervision.
- Strong strategic thinking, negotiation, consensus-building, and consulting skills.
- Ability to influence positive outcomes across stakeholders.
- Ability to understand diverse business units and communicate technical concepts in clear, plain language.
- Ability to obtain Canadian Reliability Security Clearance prior to the start date.
Why Recruit Action?
Recruit Action (agency permit: AP-2504511) provides recruitment services through quality support and a personalized approach. As part of the screening process, some applications may be reviewed using artificial intelligence tools. Only candidates who meet the hiring criteria will be contacted.
Pay: $50.00-$65.00 per hour
Benefits:
Application question(s):
- Are you eligible for a Canadian Reliability Security Clearance (requiring a minimum of 5 consecutive years of residence in Canada)?
Experience:
- Information Security / Cybersecurity: 7 years (required)
- Information Security Risk Management: 5 years (required)
- Conducting Information Security Risk Assessments (ISRAs): 5 years (required)
- Cloud Security (AWS & Azure): 3 years (required)
- Conducting Cloud Security Risk Assessments: 3 years (required)
- Conducting Third-Party Security Risk Assessments: 3 years (required)
- Advising business stakeholders on security controls: 5 years (required)
- Security Governance, Risk & Compliance (GRC): 3 years (preferred)
- Security Consulting / Security Advisory: 3 years (preferred)
- Security frameworks (NIST, ISO 27001, CIS Controls): 3 years (preferred)
- Third-Party / Vendor Risk Management (TPRM): 3 years (preferred)
- Financial Services or Insurance industry: 2 years (preferred)
- Information Security Policies & Standards: 3 years (preferred)
Licence/Certification:
- Security certification (CISSP, CISM, CCSP, or CISA) (preferred)
Work Location: Hybrid remote in Toronto, ON