Senior Security Advisor – Cyber Supply Chain Risk Management

Our employees are at the heart of what we do best: helping people, businesses and society prosper in good times and be resilient in bad times. When you join our team, you’re bringing this purpose to life alongside a passionate community of experts.  

Feel empowered to learn and grow while being valued for who you are– here, diversity is a strength. You have our commitment to support you in reaching your goals with tools, opportunities, and flexibility. It’s our employee promise. 

Our hybrid work model provides the balance between working from home and enjoying meaningful in-person interactions.

Read on to see how you can shape the future, win as a team, and grow with us.

About the role

Our growing team is looking for a Senior Security Advisor – Cyber Supply Chain Risk Management!

Together with our strong team of Cyber Supply Chain Risk Management (TPRM) experts, you will work with state-of-the-art technologies to promote a strong cybersecurity compliance culture for Intact Financial Corporation. In collaboration with your colleagues, you will ensure the team success and continuously evaluate and report on the cybersecurity compliance practice to reduce cybersecurity risks for the organization. With your strong knowledge and innovative mindset, you will try new approaches and leverage emerging technologies to help deliver a second-to-none customer experience, shape the future of our industry, and leave your mark.

What you’ll do:

• Act as an expert to continuously identify, monitor and respond to applicable third-party risk management framework requirements.

• Develop, implement, and enhance programs that monitor, measure, analyze and report on third-party risk exposures across all business areas and compare against the organization’s risk appetite.

• Act as a subject matter expert in various third-party risk management governance activities by providing security expertise, facilitating collaboration, and performing third-party risk assessment for acquisition that hold existing and new contracts with Intact.

• Be an active part of a team of third-party risk management functional experts and support the Cyber Governance, Risk and Compliance (CGRC) teams to ensure synergy and momentum among teams internally.

• Act as an expert to continuously maintain best practices when assessing third parties, by verifying the security key controls and industry’s security related standards and guidelines

• Act as a subject matter expert working in major innovative projects and with third-party where third-party risk assessment and security key control need to be assessed.

• Working independently, conduct various third-party risk assessments for circumstances, events or risk scenarios that can potentially impact Intact’s security posture and/or risk profile.

• Create and deliver comprehensive risk reports to provide detailed insights of the current state of the organization’s third-party cyber associated risks landscape.

• Act as an expert in cybersecurity third-party risk management for the development of TPRM modules and content within a GRC platform.

• Act as an expert to support the Information security functions to identify, develop, measure, maintain and report on KRIs.

• Remain vigilant to evolving industry cybersecurity solutions and services to ensure constant protection against ongoing and emerging threats.

What you need:

• Bachelor’s degree in information security and/or technologies, or equivalent education and experience.

• 8+ years of relevant work experience in information technology and 8+ years of relevant work experience in cyber security frameworks such as those published by guiding organizations (NIST, SANS, ISO etc.).

• Ability to translate framework to practical advice and assessment.

• Knowledge of prevalent industry standards (ISO 27001/27002, SOC 2, SOC 1, NIST, CIS, COBIT, PCI DSS).

• Strong knowledge of information security management principles and practices.

• Preference will be given to those candidates who have a strong background in Cloud related technologies and Cyber Governance and Risk experience.

• Strong ethical principles and understanding of business and information security ethics.

• Good knowledge of common security vulnerabilities of web and cloud applications and operating techniques from sources such as SANS, OWASP Top 10 and Cloud Security Alliance (CSA).

• Good mix of business and technical capabilities, and the ability to communicate on current cyber risk issues to management within the context of their business.

• Ability to develop and manage relationships, good facilitation, and delivery skills.

• The ability to work on several projects, meet deadlines and manage stakeholder expectations.

• A demonstrated commitment to valuing differences, developing, diverse stakeholders.

• These certifications would be desirable: CISSP, CISA, CISM, CGEIT, CRISC, GSEC, GISP.

• Experience with the implementation and knowledge of GRC/TPRM platforms will be considered an asset.

• For candidates located in Quebec, bilingualism is required considering the necessity to interact on a regular basis with English-speaking colleagues across the country.

• No Canadian work experience required however must be eligible to work in Canada.

What we offer

Working here means you'll be empowered to be and do your best every day. Here is some of what you can expect as a permanent member of our team:

• A financial rewards program that recognizes your success

• An industry leading Employee Share Purchase Plan; we match 50% of net shares purchased

• An extensive flex pension and benefits package, with access to virtual healthcare

• Flexible work arrangements

• Possibility to purchase up to 5 extra days off per year

• An annual wellness account that promotes an active and healthy lifestyle

• Access to tools and resources to support physical and mental health, embracing change and connecting with colleagues

• A dynamic workplace learning ecosystem complete with learning journeys, interactive online content, and inspiring programs

• Inclusive employee-led networks to educate, inspire, amplify voices, build relationships and provide development opportunities

• Inspiring leaders and colleagues who will lift you up and help you grow

• A Community Impact program, because what you care about is a part of what makes you different. And how you contribute to your community should be just as unique.

We are an equal opportunity employer

At Intact, we value diversity and strive to create an inclusive, accessible workplace where all individuals feel valued, respected, and heard.

If we can provide a specific adjustment to make the recruitment process more accessible for you, please let us know when we reach out about a job opportunity. We’ll work with you to meet your needs.

Click here to review other important information about the hiring process, including background checks, internal candidates, and eligibility to work in Canada.

If you are an employee of Intact or belairdirect, please apply for this role on Contact People.