About this role
Job Description Senior Information Security Advisor (Cybersecurity Risk & Advisory)
Support impactful cybersecurity initiatives within a leading insurance environment where your expertise will help strengthen security practices, protect critical business information, and influence enterprise-wide projects. Enjoy a hybrid work model, collaborate with diverse stakeholders, and contribute to meaningful security and risk management initiatives in a dynamic, technology-driven setting.
What is in it for you:
? Salaried: $55-65 per hour.
? Incorporated Business Rate: $65-75 per hour.
? 12-month contract with the potential for permanent employment.
? Full-time position: 37.50 hours per week.
? Day schedule, 37.50 hours per week.
? Hybrid work model with one day per week in the office.
Responsibilities:
? Conduct information security risk assessments for business initiatives, applications, suppliers, and third parties.
? Review contracts to ensure appropriate security provisions and requirements are included.
? Assess supplier and third-party security risks.
? Advise stakeholders on information security best practices.
? Ensure security controls implemented within projects and initiatives align with organizational security policies and directives.
? Provide security consulting and technical guidance to support the implementation of appropriate security controls that protect confidential information from accidental disclosure, modification, or destruction.
? Review emerging information security strategies.
? Provide preliminary recommendations to management regarding information security risks.
? Track and manage open information security risks, ensuring remediation plans and target dates are established and monitored with the appropriate risk owners.
? Report to management on the status of information security risk assessments, identified risks, policy exception requests, and current work activities.
? Collaborate with business, architecture, infrastructure, compliance and risk, legal, privacy, and external third-party stakeholders.
What you will need to succeed:
? Post-secondary education in Computer Engineering, Computer Science, Information Technology, Information Security and Risk Management, or comparable professional education or training in a related field.
? Professional information security certification such as CISSP, CCSP, CISM, or CISA is preferred.
? 7 years of experience in Information Security and/or Information Technology, preferably including Information Security Risk Management.
? Experience performing information security risk assessments.
? Experience performing cloud security risk assessments.
? Experience assessing cloud-based (SaaS) technologies, including AWS and Azure.
? In-depth knowledge of information security and IT principles, protocols, practices, and industry standards.
? Strong understanding of existing and emerging information security technologies, including encryption, network and web application firewalls, IDS/IPS, advanced malware protection, DDoS, DLP, and SIEM.
? Extensive knowledge of attack and threat vectors and the corresponding security controls used to mitigate risk.
? Strong understanding of cloud security and cloud-based technologies, including AWS and Azure.
? Familiarity with contract wording and the interpretati