Our employees are at the heart of everything we do. Together, we help people, businesses, and society prosper in good times and be resilient in bad times.
Our employee promise represents Intact’s commitment to you in exchange for living our Values, striving to do your best work, being open to change and investing in your career. In return, we promise to provide support, opportunities and performance-led financial rewards at a workplace where you can shape the future, win as a team and grow with us.
Pay at Intact is about much more than just salary.
Flexible work arrangements and a hybrid work model
Possibility to purchase up to 5 extra days off per year
Multiple benefits offered to support physical and mental wellbeing, including telemedicine, Wellness account and much more
Share plan & other savings: up to 12% of salary or even more (ask how you could earn guaranteed income for life)
Salary range (but not limited to):
101,800 - 124,400Annual bonus target, based on the base salary, with a potential payout of up to double the target (subject to personal and company performance):
12%As part of our commitment to Win As A Team, we share our success with employees through our annual bonus plan and Employee Share Purchase Plan (ESPP) – with Intact matching 50% of your net shares.
Our pension offerings provide flexibility and long-term security for our employees beyond their careers. We are one of the few companies offering the opportunity to receive guaranteed income for life via our defined benefit pension plan.
Salary for the candidate will be determined taking into consideration a number of factors including: experience, skills, qualifications, anticipated contribution to role, internal equity, etc. The salary range presented above is based on a 35-hour workweek and would represent a majority of different candidate profiles. However, we encourage candidates who may fall outside of this range to apply as well.
About the role
Our growing team is looking for a Senior Security Advisor - SaaS Security and Cyber Supply Chain Risk
Together with our strong team of Cyber Supply Chain Risk Management (CSCRM) experts, you will work with state-of-the-art technologies to promote a strong cybersecurity compliance culture for Intact Financial Corporation. In collaboration with your colleagues, you will ensure the team success and continuously evaluate and report on the cybersecurity compliance practice to reduce cybersecurity risks for the organization. With your strong knowledge and innovative mindset, you will try new approaches and leverage emerging technologies to help deliver a second-to-none customer experience, shape the future of our industry, and leave your mark.
What you'll do here:
Conduct Security Assessments of Third Parties: Conduct security assessments of third parties by verifying key security controls and documenting risks.
Evaluate security configuration of SaaS: Perform detailed security configuration assessments of SaaS applications to verify compliance with industry standards, enhancing the organization’s security posture.
Collaborate and Risk Mitigation: Work with Risk Owners to implement risk reduction strategies and continuously monitor risks, ensuring the protection of IFC’s data and systems.
Leverage AI Technologies: Utilize AI technologies to automate the analysis of security configurations and streamline workflows, ensuring seamless integration with existing third-party risk management frameworks.
Monitor Third-Party Risk Management Requirements: Continuously identify, monitor, and respond to applicable third-party risk management framework requirements.
Develop and Enhance Risk Programs: Develop, implement, and enhance programs that monitor, measure, analyze, and report on third-party risk exposures across all business areas, comparing against the organization’s risk appetite.
Provide Security Expertise: Serve as a subject matter expert in third-party risk management governance activities, facilitating collaboration and performing risk assessments for acquisitions with existing and new contracts.
Participate in Innovative Projects: Engage in major innovative projects and collaborate with third parties on risk assessments and security key control evaluations.
Deliver Risk Reports: Create and deliver comprehensive risk reports with key risk indicators (KRIs) and key performance indicators (KPIs), offering insights into the organization’s third-party cyber risk landscape.
Develop TPRM Processes and Tools: Act as a cybersecurity expert in developing third-party risk management processes and tools.
Stay Informed on Cybersecurity Solutions: Stay vigilant on evolving cybersecurity solutions and services to ensure ongoing protection against emerging threats.
What you bring to the table:
Educational Background: Bachelor’s degree in information security, information technology, or equivalent education and experience.
Professional Experience:
5+ years of relevant work experience in information technology.
3+ years of relevant experience in cybersecurity, focusing on security risk assessments and third-party security.
Desirable Certifications: CISSP, CISA, CISM, CGEIT, CRISC, GSEC, GISP.
Tool Proficiency: Experience with Governance, Risk, and Compliance (GRC) and vendor monitoring tools is an asset.
AI Knowledge: Understanding of AI technologies applicable to security assessments and third-party risk management.
Security Frameworks and Industry Standards Knowledge: Familiarity with prevalent industry standards such as ISO 27001/27002, SOC 2, SOC 1, NIST, CIS, COBIT, and PCI DSS, and ability to translate security frameworks into practical guidance and assessments.
Vulnerability Management Knowledge: Good knowledge of common security vulnerabilities in web and cloud applications, with insight from sources like SANS, OWASP Top 10, and Cloud Security Alliance (CSA).
Communication Skills: Ability to effectively communicate cybersecurity risks to management within a business context, with a mix of technical and business acumen.
Relationship Management: Proven ability to develop and maintain relationships, and excellent facilitation and delivery skills.
Project Management: Capacity to work on multiple projects simultaneously, meet deadlines, and manage stakeholder expectations.
Commitment to Diversity: Demonstrated commitment to valuing differences and engaging with diverse stakeholders.
Ethical Standards: Adherence to strong ethical principles and a solid understanding of business and information security ethics.
For candidates located in Quebec, bilingualism is required considering the necessity to interact on a regular basis with English-speaking colleagues across the country.
No Canadian work experience required however must be eligible to work in Canada.
#LI-Hybrid
Ce poste jouera un rôle essentiel au sein de notre équipe. | This position will fill an essential role in our team.
We are an equal opportunity employer
At Intact, our Value of respect is founded on seeing diversity as a strength. We strive to create an accessible workplace where employees feel valued, included and encouraged to share their unique perspectives.
We encourage applications from individuals who are members of equity-deserving groups, including but not limited to women, Indigenous peoples, persons with disabilities, Black people, and members of the 2SLGBTQI+ community.
As part of Intact’s commitment to reconciliation, we acknowledge that we work, meet and travel across the land currently called Canada, originally inhabited by First Nations, Metis and Inuit people. This history extends through many centuries and continues to evolve today.
We have policies to ensure equal access and participation for people with disabilities, including providing workplace adjustments (accommodations). A copy of applicable policies is available on request.
If we can provide a specific adjustment to make the recruitment process more accessible for you, please let us know when we reach out about a job opportunity. We’ll work with you to meet your needs.
Learn more about our recruitment process and your candidate journey here.
Please note that Intact does not provide sponsorship or other support for immigration-related matters including but not limited to employer-specific closed work permits. Candidates must be eligible to work in Canada from the anticipated start date and throughout their employment and are solely responsible for maintaining their work eligibility.
If you are an employee of Intact or belairdirect, please apply for this role on Internal Career Site.