*Senior Information Security Advisor (Cybersecurity Risk & Advisory) - WTL, ON
Recrute Action · Waterloo, Ontario, Canada · CA$135K–CA$156K/yr
Staffing and Recruiting · 2-10 employees
About the role
Conduct information security risk assessments for business initiatives, applications, and third-party suppliers. Provide technical guidance and consulting to ensure security controls align with organizational policies and protect confidential data.
What they look for
Requirements
Requires a post-secondary degree in a technical field and 7 years of experience in Information Security or IT. Proficiency in cloud security (AWS/Azure) and professional certifications like CISSP, CISM, or CISA are preferred.
Full description
Senior Information Security Advisor (Cybersecurity Risk & Advisory)
Support impactful cybersecurity initiatives within a leading insurance environment where your expertise will help strengthen security practices, protect critical business information, and influence enterprise-wide projects. Enjoy a hybrid work model, collaborate with diverse stakeholders, and contribute to meaningful security and risk management initiatives in a dynamic, technology-driven setting.
What is in it for you:
- Salaried: $55-65 per hour.
- Incorporated Business Rate: $65-75 per hour.
- 12-month contract with the potential for permanent employment.
- Full-time position: 37.50 hours per week.
- Day schedule, 37.50 hours per week.
- Hybrid work model with one day per week in the office.
Responsibilities:
- Conduct information security risk assessments for business initiatives, applications, suppliers, and third parties.
- Review contracts to ensure appropriate security provisions and requirements are included.
- Assess supplier and third-party security risks.
- Advise stakeholders on information security best practices.
- Ensure security controls implemented within projects and initiatives align with organizational security policies and directives.
- Provide security consulting and technical guidance to support the implementation of appropriate security controls that protect confidential information from accidental disclosure, modification, or destruction.
- Review emerging information security strategies.
- Provide preliminary recommendations to management regarding information security risks.
- Track and manage open information security risks, ensuring remediation plans and target dates are established and monitored with the appropriate risk owners.
- Report to management on the status of information security risk assessments, identified risks, policy exception requests, and current work activities.
- Collaborate with business, architecture, infrastructure, compliance and risk, legal, privacy, and external third-party stakeholders.
What you will need to succeed:
- Post-secondary education in Computer Engineering, Computer Science, Information Technology, Information Security and Risk Management, or comparable professional education or training in a related field.
- Professional information security certification such as CISSP, CCSP, CISM, or CISA is preferred.
- 7 years of experience in Information Security and/or Information Technology, preferably including Information Security Risk Management.
- Experience performing information security risk assessments.
- Experience performing cloud security risk assessments.
- Experience assessing cloud-based (SaaS) technologies, including AWS and Azure.
- In-depth knowledge of information security and IT principles, protocols, practices, and industry standards.
- Strong understanding of existing and emerging information security technologies, including encryption, network and web application firewalls, IDS/IPS, advanced malware protection, DDoS, DLP, and SIEM.
- Extensive knowledge of attack and threat vectors and the corresponding security controls used to mitigate risk.
- Strong understanding of cloud security and cloud-based technologies, including AWS and Azure.
- Familiarity with contract wording and the interpretation of security clauses.
- Excellent verbal communication skills, with the ability to interact with executives and negotiate with clients.
- Excellent written communication skills, with a strong emphasis on report writing.
- Ability to work independently with minimal supervision.
- Strong strategic thinking, negotiation, consensus-building, and consulting skills.
- Ability to influence positive outcomes across stakeholders.
- Ability to understand diverse business units and communicate technical concepts in clear, plain language.
- Ability to obtain Canadian Reliability Security Clearance prior to the start date.
Why Recruit Action?
Recruit Action (agency permit: AP-2504511) provides recruitment services through quality support and a personalized approach. As part of the screening process, some applications may be reviewed using artificial intelligence tools. Only candidates who meet the hiring criteria will be contacted.