You are as unique as your background, experience and point of view. Here, you’ll be encouraged, empowered and challenged to be your best self. You'll work with dynamic colleagues - experts in their fields - who are eager to share their knowledge with you. Your leaders will inspire and help you reach your potential and soar to new heights. Every day, you'll have new and exciting opportunities to make life brighter for our Clients - who are at the heart of everything we do. Discover how you can make a difference in the lives of individuals, families and communities around the world.

Job Description:

About the job

• The increasing scope, scale, complexity of the cyber environment and regulatory emphasis upon Second Line oversight and in particular updates to OSFI B13 and E21, require us to increase our focus and resourcing for leadership roles across the Technology and Cyber Security domains.

• This role will hold be responsible for second line cyber challenge activities globally, including maintaining a relationship with our Business Group Risk Teams focused upon Cyber Risk Management.

• Key areas of focus will be:

  • Adopting an approach that is proactive, embedded with first line leadership and able to provide real-time challenge across key initiatives and processes such as Cyber Incident Management.
  • Ensuring that challenge processes and artifacts provide management with the appropriate insight to provide the Executive Team and Boards with the required assurance as to our Cyber Security Program and risk posture vs. our risk appetite.
  • Ensuring that the Cyber Second Line practice adapt and support the SLF growth trajectory, changing business through the rapid adopting of Digital Enterprise practices and addressing new and emerging business types.

What you'll be doing

• Lead the execution, maintenance, and ongoing enhancement of an independent Security Risk program. Independently confirming the effectiveness of DBTS's management of security risks to identify, measure, manage, monitor and report on SLF's Security Risk profile.

• Quarterly reporting to the Operational Risk and Compliance Committee (ORCC) and Risk Review Committee (RC) on Sun Life’s Cyber Security Risk profile. Annually reporting to the Risk Committee on the enterprise-wide state of compliance with the Security Risk Policy.

• Actively support and liaise with BG located risk professionals with responsibility for Cyber Risk Management. Support the growth and advancement of these practices to ensure they develop a level of maturity consistent with the Corporate team. Ensure these teams operate in a manner which is consistent in practice, tone, risk appetite and approach aligned with the Corporate team, with particular focus upon the US and Asia teams.

• Lead the development, execution and maintenance of an independent Cyber Risk oversight program:
  o Perform annual challenge of Security Risk Policy, EOG and supporting Directives
  o Provide challenge based on subject matter expertise in Risk and Control Self Assessments (RCSA)
  o Partner with 1LOD to establish and renew Key Risk Indicators (KRIs)
  o Challenge and report on notable Cyber Risk related incidents and Operational Risk Events (OREs)
  o Provide proactive challenge services to 1LOD ensuring effective management of our Cyber Risk posture through regular, interactive challenge and consulting to 1LOD.

What you'll need to succeed

• In-depth understanding of global information security standards and requirements (e.g., regulatory) and industry best practices, including the NIST Cyber Security Framework.

• In-depth understanding of first line of defense information security processes (e.g., risk management, pen testing, vulnerability scanning), controls (e.g., IDS, SIEM, anti-malware, system hardening), and systems at Sun Life is an asset.

• In-depth understanding and direct experience with the execution of:

• RCSAs

• Operational Risk Events or their external equivalent

• Key Risk Indicators

• Scenario Analysis

• Effective presentation, communication, negotiation, and conflict management skills.

• Strong relationship management skills and a proven ability to gain and maintain credibility with key front-line stakeholders.

• Effective change management, through strong impact and influence skills.

Education/Accreditations

• University degree and professional designation with over 10 years of experience or an equivalent combination of education and experience.

• Information security professional certification, such as the CISSP, CISM, or CISA

#LI-Remote

The Base Pay range is for the primary location for which the job is posted. It may vary depending on the work location of the successful candidate or other factors. In addition to Base Pay, eligible Sun Life employees participate in various incentive plans, payment under which is discretionary and subject to individual and company performance. Certain sales focused roles have sales incentive plans based on individual or group sales results.

Diversity and inclusion have always been at the core of our values at Sun Life. A diverse workforce with wide perspectives and creative ideas benefits our clients, the communities where we operate and all of us as colleagues. We welcome applications from qualified individuals from all backgrounds.

Persons with disabilities who need accommodation in the application process or those needing job postings in an alternative format may e-mail a request to thebrightside@sunlife.com.

At Sun Life we strive to create a flexible work environment where our employees are empowered to do their best work. Several flexible work options are available and can be discussed throughout the selection process depending on the role requirements and individual needs.

We thank all applicants for showing an interest in this position. Only those selected for an interview will be contacted.

Salary Range:

125,500/125 500 - 207,100/207 100

Job Category:

Risk Management

Posting End Date:

18/05/2023