AVP Cybersecurity Risk and Governance

governance roadmap which is in your efficient hands. You will ensure that cyber risk is managed appropriately and within tolerance defined by the organization. At the same time, you will continue to ensure the day-to-day running of current cybersecurity risk, governance and advisory functions while refining and maturing their operation. Lastly, your ability to take on new tasks outside of the Cyber Risk and Governance areas will ensure that you assist the CISO with key priorities while also expanding your knowledge in a balanced manner and growing your career. Key partners and collaboration partners will include the CIO, CISO, Legal, 2nd Line, Privacy, business units, and the rest of the IT Senior Leadership team.



Advantages
Competitive rewards package including base compensation, eligibility for annual bonus, retirement savings, share plan, health benefits, personal wellness, and volunteer opportunities.
Exceptional Career Development opportunities.
We’ll support your professional development education.
Hybrid role

Responsibilities
Proficiently lead and manage team Cybersecurity Risk and Governance professionals working towards the efficient operation and continued maturation of existing cybersecurity risk and governance processes.
Develop and craft the overall cybersecurity risk and governance vision as the most senior cybersecurity risk and governance subject matter expert within the organization.
Align the cybersecurity program to the NIST Cybersecurity Framework proficiently. Lead periodic self-assessments against the framework along with independent third party assessments.
Enhance and improve Cybersecurity Risk Assessment Process. Ensure that cybersecurity risks are managed collaboratively with the business and decisions are made on a balanced risk-prioritized basis.
Build and develop a Third Party Cybersecurity Risk Management Process to continuously assess Third Party from a cybersecurity perspective to lead third party cyber risk.
Dedication to develop, improve, contribute to and enhance Security Awareness Training and Phish Test program. Introduce and encourage automation and enhanced reporting to increase efficiency of delivery and interpretation of results.
Identify gaps in existing processes and solutions then build and develop remediation plans to address such gaps with the development/re-design of processes or deployment of solutions (eg. tooling, automation, overhaul).
Develop, build and refine service metrics, KPIs and KRIs for cybersecurity risk and governance functions.
Participate in and grow in other non-risk/governance facets of cybersecurity – Identity and Access Management, Security Operations, Cybersecurity Delivery to assist the CISO supervising a diverse cybersecurity department responsible for running cybersecurity risk.
Adopt and deliver using agile-based SDLC.
Continue personal professional development as a cybersecurity risk and governance subject-matter expert, including industry training, developing interpersonal relationships with peers in industry, attending conferences, and self-study.
Train, coach, and mentor a growing cybersecurity risk and governance teams to efficiently support the requirements and to develop and build the careers of your teams to lead them to bigger and better things.

Qualifications
Minimum 10 years Cybersecurity/Information Security experience including 7 years in a management role.
Preference for a University degree in Computer Engineering/Science or Cybersecurity.
Outstanding experience managing or being responsible for a Security Advisory/Assessment team including mentoring, along with previous experience performing cybersecurity risk assessments and risk management activities.
Experience utilizing the NIST Cybersecurity Framework to lead an organization’s cybersecurity program.
Hands on experience managing Security Awareness and Phish Test campaigns proficiently.
Extensive utilization/experience with Governance, Risk and Compliance tools (GRC) tools preferred.
Excellent verbal and written communication, interpersonal and collaborative skills, and ability to communicate technical concepts to non-technical audiences in a positive manner.
Strong relationship management skills. Ability to understand various partner objectives while driving towards an outcome that appropriately manages Aviva Canada’s cybersecurity risk.
Multi-tasking on multiple projects and tasks with contending priorities in a fast-paced environment.
Resourceful, sees the benefits of automation and has experience in efficiently automating repetitive work that lends itself to being automated.
Experience with cloud environments preferred (AWS, Azure).
Outstanding delivery and problem solving skills - the ability to take a problem from start to finish and drive towards the desired outcome.
An interest in professional development and to embrace digital/cybersecurity – the resolve, resolution and ability to learn to upskill as required to stay pace with the current cyber threat landscape.

Summary
We are looking for an inquisitive and resourceful AVP, Cybersecurity Risk and Governance who will be responsible for leading all aspects of cybersecurity risk and governance functions. As the leader of the cybersecurity risk and governance function reporting to the CISO, you will embrace the vision and development of our strategic cyber risk and governance roadmap which is in your efficient hands. You will ensure that cyber risk is managed appropriately and within tolerance defined by the organization. At the same time, you will continue to ensure the day-to-day running of current cybersecurity risk, governance and advisory functions while refining and maturing their operation. Lastly, your ability to take on new tasks outside of the Cyber Risk and Governance areas will ensure that you assist the CISO with key priorities while also expanding your knowledge in a balanced manner and growing your career. Key partners and collaboration partners will include the CIO, CISO, Legal, 2nd Line, Privacy, business units, and the rest of the IT Senior Leadership team.

Randstad Canada is committed to fostering a workforce reflective of all peoples of Canada. As a result, we are committed to developing and implementing strategies to increase the equity, diversity and inclusion within the workplace by examining our internal policies, practices, and systems throughout the entire lifecycle of our workforce, including its recruitment, retention and advancement for all employees. In addition to our deep commitment to respecting human rights, we are dedicated to positive actions to affect change to ensure everyone has full participation in the workforce free from any barriers, systemic or otherwise, especially equity-seeking groups who are usually underrepresented in Canada's workforce, including those who identify as women or non-binary/gender non-conforming; Indigenous or Aboriginal Peoples; persons with disabilities (visible or invisible) and; members of visible minorities, racialized groups and the LGBTQ2+ community.

Randstad Canada is committed to creating and maintaining an inclusive and accessible workplace for all its candidates and employees by supporting their accessibility and accommodation needs throughout the employment lifecycle. We ask that all job applications please identify any accommodation requirements by sending an email to accessibility@randstad.ca to ensure their ability to fully participate in the interview process.