No more applications are being accepted for this job
- Oversee the Information Security Management System (ISMS) within the organization.
- Develop and implement ISMS procedures, and controls which ensure conformity with the ISO/IEC 27001 and ISO/IEC 27017 standards.
- Ensure alignment of the ISMS with organizational objectives and risk management priorities.
- Work with leaders and subject matter experts to review, update, and submit a variety of compliance requirements pertaining to ISO/IEC 27001 and ISO/IEC 27017.
- Prepare subject matter expert (SME) control owners for their auditor walkthrough meetings.
- Collected requested control evidence files from SMEs for walkthrough meetings and testing.
- Conduct quality checks to ensure accuracy of information.
- Respond to auditor follow up inquiries.
- Participate in status meetings with external auditors and internal working groups.
- Ensure process and control response reference documents are current and stored appropriately.
- Monitor and improve activities after certification.
- Builds strong relationships with SME control owners fostering collaboration and teamwork.
- Interpersonal skills – in dealing with all levels of individual in the organization
- Service-oriented – ensuring that requirements of all Business Units are satisfied
- University degree or college diploma graduate in Business and/or Information Technology
- 3 years experience in a business setting developing, analysing, documenting, and implementing IT policies, procedures, and controls.
- ISO/IEC 27001 Lead Implementer and/or ISO/IEC 27001 Lead Auditor certified
- Advanced knowledge about auditing according to ISO/IEC 27001
- Experience in Risk Assessment and treatment plan development
- Experience in governance and compliance for IT
- Knowledge of Information Security principles, protocols, practices, and industry standards
- Advanced experience with Microsoft Office Products like Outlook, PowerPoint, Excel and Word
- Knowledge of Risk, Governance and Compliance frameworks and activities
- Willingness to undertake information security training and obtain a security certification (e.g., CISSP)
- Strong verbal & written communication skills
- Strong organizational, time management and facilitation abilities
- Self-motivated and highly resourceful with an ability to think outside the box
- Flexible; ability to pivot from one task to another to adjust to changing priorities
- Able to work in a fast paced environment with strict deadlines
- Demonstrates accuracy and thoroughness
- We're honoured to be recognized as a 2024 Best Workplaces in Ontario by Great Place to Work Canada.
- We're proud to be recognized as a company with a 2023 Most Trusted Executive team by Great Place to Work Canada.
- Wellness programs that support the three pillars of your health – mental, physical, and financial
- The opportunity to move along a variety of career paths with amazing networking potential..
- As a hybrid organization, you and your leader use business and Client needs to choose where you work, at home or in the office.
Senior Audit, Security Governance Analyst - Toronto, Canada - Sun Life
Description
Job Description
:The Senior Audit, Security Governance Analyst is a key member of the Security Governance and Client Programs team who partners with internal stakeholders to drive the planning, preparation and execution of the ISO/IEC 27001 and ISO/IEC 27017 certifications with a focus on security controls owned by the Security, Risk and Crisis Management department.
Our client base is increasingly aware of Cybersecurity, resulting in requests for information regarding Sun Life's Risk Management and Cybersecurity Program. ISO certifications are third-party validation that our security controls are operating effectively against an evolving threat landscape.
What Will You Do?
What Do You Need to Succeed?
Preferred Skills:
What's in it for you:
# LI – SJ