Manager - Information Security

Job Description

You are as unique as your background, experience and point of view. Here, youll be encouraged, empowered and challenged to be your best self. Youll work with dynamic colleagues - experts in their fields - who are eager to share their knowledge with you. Your leaders will inspire and help you reach your potential and soar to new heights. Every day, youll have new and exciting opportunities to make life brighter for our Clients - who are at the heart of everything we do. Discover how you can make a difference in the lives of individuals, families and communities around the world.Job DescriptionInformation Security ManagerInformation Security Manager will be responsible for managing the end to end delivery of information security risk assessments, providing security consulting services and acting as the subject matter expert (SME) to assigned lines of business within Sun Life. As part of these responsibilities, the Information Security Manager will interact on a regular basis with different stakeholders of Sun Life business groups, Enterprise Services, and external vendors and various internal departments across regions for security advisory.Technical Specifications/Competencies:Minimum 10-12 years of experience in Information Security, preferably with experience in Information Security Risk Management and Risk Assessment architecture review.University degree or college diploma in Computer Science, engineering, IT security management, risk management, or comparable professional education/training in a field relevant to IT Security management preferably in Financial Services industry or global corporate service providerSecurity professional certifications such as CISA, CISSP, CSIM, ISO27001, CRISC or equivalent.Strong verbal communication - able to interface and negotiate with senior employees at an executive level.Advanced presentation and articulation skills.Strong understanding of existing and emerging Information Security technologies.Familiarity with contract wording and interpretation of security clauses.Good interpersonal skills with diverse audiences.Self-starter, strategic thinker, negotiator, and consensus builder.Ability to understand Sun Lifes diverse business units and ability to work with diverse groups.Must be able to work with the business and interpret technical context into common business language.Sound knowledge of technologies related to Information Security such as encryption, firewalls, intrusion detection/prevention, anti-virus, DDoS, behavioral analysis/advanced malware detectionAccountabilities:Perform and Manager end to end delivery of information security risk assessments for projects and initiatives for assigned lines of business within the enterprise:Participates as the Information Security representative in the Sun Life IT Architecture and similar reviews for business groups to ensure required security controls are present in systems, applications, and processesIdentify and document risks associated with initiatives involving Sun Life systems and external vendors in a risk report for distribution to management.Align with business requirement, help business achieve objectives while ensuring information security risk is managed to an acceptance level within risk appetite.Develop cyber security awareness, engaging with different stakeholders, functions to deliver sustainable cyber security solutions.Ensure adherence to global compliance and internal controlsManage the security risks identified from information security risk assessments and bring them to closure:Tracks information security related risks and corresponding action plans with dues dates to ensure that the issues are resolved. Works with the respective business and/or technology owner if dates are not met. Provides reports to the management team outlining the status of information security risks within Sun Life.Meet with stakeholders quarterly, to report on risks for supported lines of business.Escalate deviations and significant risks to the Information Security Head for review and approvalProvides security consulting services to the rest of the organization which includes Sun Life business groups, and peers within Enterprise Services:Provides support to Sun Life business groups by suggesting ways to improve security by implementing security controlsProvide support in technical security reviews of network, vendor solution, web applications, mobile applications, cloud infrastructure, API security etc.Subject matter expertise on security to drive discussions on network security, network architecture, strategyEnsuring security controls are implemented timely to safeguard businessExperience is security strategies and secure architecture at organisation levelIn depth knowledge of security concepts such as cyber attack, threat vectors, risk assessments, risk management , networking protocols, technologies and standards such as MPLS, VPN, SSL, SSO , Oauth, Federated Authentication mechanism, data classification and protection, Advanced threat protection mechanisms, IAM, SIEM, API authentication, OWASP,ISO 27001, NIST etc, Sound understanding of Cloud Architecture and SolutionsUnderstanding of industry and regulatory governing bodies standards such as PCI-DSS, SOX and other relevant Regulatory guidelines, Data Privacy LawsConsult broadly with business groups and Enterprise Services using technical expertise to guide and influence implementation of security in wide or high-impact technology decisions and initiatives.Supports a balanced approach for security controls and support of governance practices and approaches. Continuously promotes and advocates that adequate levels of control mechanisms are in place to safeguard Sun Life.Provide information security related input into technology vendor selection (RFP).Provides support to the Sun Life Legal team regarding information security with respect to agreements and contracts.Mentoring/ coaching/ guidance for other team membersJob Category:IT - Technology Services,

Keyskills :
record keepingms officepresentation skillscontent management