Our vision for the future is based on the idea that transforming financial lives starts by giving our people the freedom to transform their own. We have a flexible work environment, and fluid career paths. We not only encourage but celebrate internal mobility. We also recognize the importance of purpose, well-being, and work-life balance. Within Empower and our communities, we work hard to create a welcoming and inclusive environment, and our associates dedicate thousands of hours to volunteering for causes that matter most to them.
Chart your own path and grow your career while helping more customers achieve financial freedom. Empower Yourself.
As the Senior Information Security Analyst – Supplier Risk at Canada Life, you will play a pivotal role in managing supplier risk and enhancing our customers’ trust. In this capacity, you will be responsible for providing insightful analysis on supplier risk, with a focus on conducting comprehensive assessments. These assessments will delve into information security, privacy, and business continuity management (BCM) for the most part. It will necessitate collaboration
with both internal stakeholders and external entities. As a versatile team player, you will also have the opportunity apply your extensive knowledge to a broader range of tasks, as needed.
ESSENTIAL FUNCTIONS:
- Manage the supplier risk assessment for new vendors, which span information security,
- privacy, and business continuity management (BCM).
- Perform ongoing information security risk assessments and monitor risk posture of
- existing suppliers.
- Review supplier contracts to meet information security, privacy, and BCM requirements.
- Audit suppliers to ensure they are meeting their control obligations.
- Analyse vendor risk and customer relationships by analyzing due diligence questionnaire
- responses and documentation.
- Recommend and implement enhancements to the supplier risk management processes.
- Prepare information security risk reports, dashboards, and operational metrics for
- continuous improvement and monitoring purposes.
- Maintain and develop team documentation, with the aim of standardizing knowledge
- base and processes.
- Update and provide feedback on information security policies and procedures in line with
- current risks and regulations.
- Share knowledge and train other team members on supplier risk management best-
- practices.
QUALIFICATION:
- Bachelor’s degree from an accredited college or university or equivalent experience
- Minimum of five years of relevant experience, preferably serving as an information technology or
- privacy professional.
- Relevant industry certifications (e.g. CISSP, CISM, CRISC, CISA, CTPRP, CTPRA).
- An understanding of various substantiating materials, including SOC2 and ISO reports, which can
- be used to assess control effectiveness.
- A strong technical foundation with experience in information security solutions for multi-tier
- cloud-based applications across platforms such as Microsoft Azure, GCP, and AWS. This
- expertise should extend to various IT domains, including networks, servers, application
- development, architecture, storage, and cloud environments, ensuring a holistic approach to
- information security.
- Demonstrated self-starter with the desire to ramp up quickly, collaborate, and execute.
- Excellent time management, critical thinking, analytical, and problem-solving skills.
- Excellent communication skills, including the ability to present and influence.
- The ability to multitask and complete assignments within deadlines that may have short lead times.
- Strong interpersonal skills, capable of interacting at all levels of the organization and with
- suppliers.
- Experience in interpreting and consulting on the requirements of the Information Security and
- Privacy policies and standards within a large organization.
- Strong knowledge of IT control frameworks, such as COBIT, ISO 27001, and the NIST cyber
- security framework.
- Working knowledge of IT Audit processes, including design of control test procedures
- Ability to work independently and take initiative in a fast-paced and dynamic environment.
- Ability to update your manager effectively.
- A track-record of taking accountability. Prior leadership experience is a plus
We are an equal opportunity employer with a commitment to diversity. All individuals, regardless of personal characteristics, are encouraged to apply. All qualified applicants will receive consideration for employment without regard to age, race, color, national origin, ancestry, sex, sexual orientation, gender, gender identity, gender expression, marital status, pregnancy, religion, physical or mental disability, military or veteran status, genetic information, or any other status protected by applicable state or local law.
Read Full Description