Information Security Advisor ensuring risk assessment and compliance for Sun Life business groups. Conducting risk assessments and advising on information security best practices.
About the role
- Information Security Manager driving information security program and leading security engineering at Thndr. Collaborating cross-functionally to ensure compliance and manage cyber risks.
Responsibilities
- Supervise security engineering practices and ensure their secure, efficient operations.
- Lead the development, implementation, and continuous improvement of the organization’s information security program.
- Lead adversary research, threat modeling, risk assessment and supervise defense control selection for products, infrastructure, and third-party services and products.
- Oversee identity and access management (IAM) strategies, tooling, and implementation.
- Define and monitor key performance indicators to measure technical security maturity, control effectiveness, and overall capabilities progress of the security program.
- Ensure traceability and consistency across policies, risks, and controls.
- Lead on the security awareness training program, tooling, and continuous KPI improvement.
- Provide strategic guidance on the security implications of business initiatives, projects, and technology choices.
- Implement and maintain automated supervision tooling (e.g., Sprinto or custom integrations) to support governance reporting.
- Establish and maintain technical security guidelines, policies, standards, and procedures aligned with business needs, regulatory obligations (e.g., CMA, ADGM, FRA), and frameworks such as ISO 27001, NIST CSF, and PCI DSS.
- Manage, maintain, and evolve the information security risk register and risk management framework (e.g., NIST RMF).
- Lead, mentor, and develop members of the information security team.
- Serve as a trusted advisor to senior management on information security posture.
- Prepare clear, actionable reports and recommendations for executive stakeholders and governance committees.
Requirements
- 7+ years of experience in information security, with proven leadership in governance, risk, and compliance.
- Bachelor’s degree in Information Security, Computer Science, Risk Management, or a related field.
- CISSP, CISM, CISA, CRISC, or ISO 27001 Lead Implementer/Auditor preferred.
- Strong understanding of frameworks such as ISO 27001, NIST CSF, PCI DSS, SOC 2, and relevant regional regulations (CMA, ADGM, FRA, GDPR).
Benefits
- Health insurance
- Professional development opportunities
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Location requirements
Auditing clients' organisations and products against ISO 27001 and ISO 22301 standards. Building relationships and improving business performance with a client - centric approach.
Cloud Cybersecurity Engineer modernizing leading multi - cloud environments for Leidos. Supporting USAF system resiliency and security with hands - on cloud experience.
Senior Developer in Application Security at Clio focusing on innovative security solutions. Responsible for proactive vulnerability management in core applications and advising on security best practices.
Enterprise Services Manager leading the Technical Account Management team at Proofpoint. Responsible for maximizing customer value of products and services while ensuring high customer satisfaction.
Information Systems Security Engineer providing technical solutions and support for Department of Defense systems. Leveraging industry knowledge to increase operational efficiencies focusing on classified data systems.
Network Security Architect at Dell influencing security culture and designing secure network environments. Collaborating across teams and developing strategies for modern network security.
Senior Enterprise Security Engineer performing security assessments and threat modeling for Salesforce systems. Collaborating with teams and defining security standards across diverse technology environments.
Fullstack Software Engineer focusing on security to ensure resilience and data protection at health tech company Alan. Involved in building foundational security and authentication systems.
Security Engineer building trust foundations for bare - metal platforms at OpenAI. Designing and operating core security infrastructure for reliable compute platforms across global infrastructure.