• Job Description

  Req#: R-144478

  Individually we are people, but together we are Aviva. Individually these are just words, but together they are our Values – Care, Commitment, Community, and Confidence.

  As the Senior Manager of Security Advisory Services (SAS), you will be responsible for leading all aspects of Aviva Canada’s Security Advisory Services functions. This will primarily involve leading the SAS team who will conduct Information Security Risk Assessments (ISRAs) for internal solutions, technology projects; and Third Party Information Security Assessments (TPISA) to review our partners’ security posture and contractual obligations to protect Aviva.

  The Senior Manager will run a dynamic team to identify and manage cybersecurity risks, policy exception requests, and a wide-range of cybersecurity consulting requests for Aviva’s technology and business teams.

  You will ensure that cybersecurity risk at Aviva is managed appropriately and within risk tolerance levels as defined by the organization. At the same time, you will ensure the smooth day-to-day operations of managing cybersecurity risks and advisory functions. Additionally, you will also collaborate with other Aviva security and IT teams to implement new security solutions that will strengthen Aviva’s overall security posture.

  You are resourceful, forward-thinking, collaborative, and are comfortable in a fast-paced environment.

  What you’ll do:

  • You will lead a team of Security Risk Advisors and Security Analysts to conduct ISRAs, TPISAs, manage and mitigate cybersecurity risks and conduct and other consulting requests within Aviva Canada’s technology and business teams

  • Provide oversight on assessments, risk identification and risk management, processes, and tools for managing and reporting risks, and improve the quality of services

  • Identify gaps in existing processes and technology and develop remediation plans to address risks

  • Assist in the development of cybersecurity risk reporting including the ongoing development and improvement of Key Risk Indicators (KRIs)

  • Provide leadership, mentoring, growth, and development opportunities to team members.

  • Ensure all identified cybersecurity risks are mitigated and are effectively communicated to partners, and managed with risk-prioritized timelines aligned with Aviva’s risk appetite

  • Provide oversight on a wide variety of security solutions, projects, and new technologies

  • Develop and adapt the overall cybersecurity risk advisory vision for Aviva Canada as cybersecurity risk and threat-landscape industry changes

  • Provide senior management and executives with information security trends, the status of identified risks, and the effectiveness of work activities

  • Help improve Aviva’s Third Party Information Risk Management Process to continuously assess Aviva Canada’s suppliers security posture

  • Increase visibility of cybersecurity risks where and when appropriate with the respective collaborators when risk action plan target dates are not met

  • Manage the pen test and PCI compliance attestation programs

  • Preparing for internal Risks and Control Assessments

  What you’ll bring:

  • Minimum 10 years’ of progressive experience in cybersecurity risk management, vendor assessments, and application security design & architecture

  • Strong understanding of cybersecurity industry standards, principles and practices, as well as risk concepts

  • Proven management and leadership skills in communication, prioritization and developing talent

  • Demonstrated ability to communicate complex issues in a clear and concise manner to a wide range of audiences and partners

  • Demonstrated ability to navigate through ambiguity and guide team through changes

  • Ability to understand complex processes and make sound judgement calls.

  • Ability to negotiate and influence others to achieve optimal results.

  • Knowledge of Ariba, Archer GRC or equivalent platforms.

  • Post-secondary education in Computer Science, Computer Engineering, IT security, risk management, or comparable professional training.

  • Professional designation relating to cybersecurity or IT risk (e.g. CISSP, CISA, CISM, CCSP/CCSK, GIAC) preferred

  What you’ll get:

  • Compelling rewards package including base compensation, eligibility for annual bonus, retirement savings, share plan, health benefits, personal wellness, and volunteer opportunities.

  • Outstanding Career Development opportunities.

  • We’ll support your professional development education.

  • Competitive vacation package with the option to purchase 5 extra days off per year

  • Employee driven programs focused on gender, LGBTQ+, origins, diversity and inclusion

  • Corporate wellness programs to support our employees’ physical and mental health

  • Hybrid flexible work model

  Aviva Canada has an accommodation process in place to provide accommodations for employees with disabilities. If upon commencement of employment you require a specific accommodation because of a disability, please contact your Talent Acquisition Partner so that an appropriate accommodation can be arranged. This process applies throughout your career with Aviva Canada.

• About the company

  We’re here to protect our 33 million customers from life’s unexpected twists and turns – freeing them from fear of uncertainty. We are one of only a few insurance companies in the world that can provide customers with life, general and health insurance, and asset management in one place – a composite insurer. And we have a unique competitive advantage. Whether we’re protecting them from everyday risks or helping them to save for the future, we put customers at the heart of all we do – creating a bright and sustainable future for our customers, employees and our communities.

Notice