Senior Cybersecurity Risk Advisor

Our employees are at the heart of what we do best: helping people, businesses and society prosper in good times and be resilient in bad times. When you join our team, you’re bringing this purpose to life alongside a passionate community of experts.  

Feel empowered to learn and grow while being valued for who you are– here, diversity is a strength. You have our commitment to support you in reaching your goals with tools, opportunities, and flexibility. It’s our employee promise. 

Our hybrid work model provides the balance between working from home and enjoying meaningful in-person interactions.

Read on to see how you can shape the future, win as a team, and grow with us.

About the role

Our growing Cybersecurity Governance, Risk, and Compliance (CGRC) team is looking for an experienced cybersecurity professional who is specialized in a risk advisory and assessment role.

In collaboration with your colleagues, you will help support and promote a strong Cybersecurity risk aware culture by providing proper guidance to ensure Cybersecurity risks are understood, documented, and managed, as part of continuously enhancing the company’s overall cybersecurity posture

With a strong knowledge and innovative mindset, you will try new approaches and leverage emerging technologies to help deliver a second-to-none customer experience, shape the future of our industry, and leave your mark.
What you'll do here:

• Work in major innovative projects and initiatives involving the company’s core insurance platforms, key IT applications and critical infrastructure by supporting the initiation, design, and implementation phases of the projects to ensure the company’s security requirements are understood and proper controls are implemented.
• Act as a solution enabler in a Cybersecurity risk advisory role to foster a “security-by-design” culture by providing recommendations, as needed, to the company’s Enterprise, IT & IS Architecture teams as they design architecture diagrams and patterns.
• Act as a Cybersecurity risk assessor by conducting regular and recurring cybersecurity threat risk assessments on major critical applications and IT infrastructure using qualitative, or quantitative, approaches to raise awareness on threats, vulnerabilities, control gaps, and risks via comprehensive written reports.
• Identify and document Cybersecurity risks to support various stakeholders in determining and implementing proper mitigating measures to ensure Cybersecurity risks are managed according to the company’s risk appetite.
• Collaborate with other CGRC team members and contribute to the development of the company’s cybersecurity policies, standards, and procedures to ensure strong cybersecurity governance across the enterprise.
• Act as an expert to continuously maintain and operate the Cybersecurity risk management framework while ensuring alignment with the company’s overall Enterprise & Operational Risk Management frameworks.
• Support and track risks using the company’s GRC tool and help contribute to improving the workflow and configuration of the tool.
• Act as an expert to support various IT functions to identify, develop, measure, maintain and report on Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs).
• Support various leadership teams in their respective portfolio, as well as the company’s Affiliates as needed, to ensure consistent Cybersecurity risk management principles and practices are adopted across the enterprise.

What you bring to the table:

• Bachelor's degree in Information Technology, or equivalent education and experience.
• Technical designations such as CISSP, CRISC, CISA, CISM or equivalent.
• 10+ years of relevant work experience in Information Technology, with at least 5+ years of relevant work experience in a Cybersecurity Risk Advisory or Assessment role within the GRC function.
• Strong knowledge of risk management principles and practices in the areas of IT Infrastructure, Application Development, Cloud Computing (SaaS, IaaS, PaaS), Artificial Intelligence and Big-Data.
• Strong knowledge of common cybersecurity frameworks and standards (e.g. NIST CSF and 800-53; ISO/IEC 27001/2; CIS Controls/Benchmarks; MITRE Att&CK; PCI DSS etc.) while possessing a good understanding of vulnerability assessment calculation mechanisms (e.g. CVSS, EPSS, KEV catalog etc.) and threat modelling techniques (e.g. OCTAVE, Trike, PASTA, STRIDE, VAST etc.).
• Working knowledge and experience with regulatory requirements related to cybersecurity & data privacy (e.g. OSFI B-13 guidelines; NYDFS 23 NYCRR 500; GDPR etc.).
• Good mix of business and technical capabilities, and the ability to communicate clearly and concisely on current cyber risk & issues to management within the context of their business / IT portfolio.
• Experience with conducting holistic, comprehensive cybersecurity threat risk assessments for large global organizations in the financial industry is an asset.
• For candidates located in Quebec, bilingualism is required considering the necessity to interact on a regular basis with English-speaking colleagues across the country.
• Strong critical thinking skills with the ability to analyze complex scenarios with the right level of detail based on the intended audience.
• Self-Motivated team player who can also work independently while making sure we deliver and win as a team.
• Able to multi-task and be involved in multiple projects while consistently able to meet deadlines to algin to stakeholder expectations.
• No Canadian work experience required however must be eligible to work in Canada.

#LI-Hybrid

Salary of the successful candidate will typically be positioned between the following range, taking into consideration a number of factors including prior experience, qualifications, anticipated contribution to role, location and internal equity:

$88,500.00 - $132,700.00

What we offer

Working here means you'll be empowered to be and do your best every day. Here is some of what you can expect as a permanent member of our team:

• A financial rewards program that recognizes your success

• An industry leading Employee Share Purchase Plan; we match 50% of net shares purchased

• An extensive flex pension and benefits package, with access to virtual healthcare

• Flexible work arrangements

• Possibility to purchase up to 5 extra days off per year

• An annual wellness account that promotes an active and healthy lifestyle

• Access to tools and resources to support physical and mental health, embracing change and connecting with colleagues

• A dynamic workplace learning ecosystem complete with learning journeys, interactive online content, and inspiring programs

• Inclusive employee-led networks to educate, inspire, amplify voices, build relationships and provide development opportunities

• Inspiring leaders and colleagues who will lift you up and help you grow

• A Community Impact program, because what you care about is a part of what makes you different. And how you contribute to your community should be just as unique.

We are an equal opportunity employer

At Intact, we value diversity and strive to create an inclusive, accessible workplace where all individuals feel valued, respected, and heard.

If we can provide a specific adjustment to make the recruitment process more accessible for you, please let us know when we reach out about a job opportunity. We’ll work with you to meet your needs.

Click here to review other important information about the hiring process, including background checks, internal candidates, and eligibility to work in Canada.

If you are an employee of Intact or belairdirect, please apply for this role on Contact People.