Senior Audit, Security Governance Analyst

at  Sun Life

You are as unique as your background, experience and point of view. Here, you’ll be encouraged, empowered and challenged to be your best self. You’ll work with dynamic colleagues - experts in their fields - who are eager to share their knowledge with you. Your leaders will inspire and help you reach your potential and soar to new heights. Every day, you’ll have new and exciting opportunities to make life brighter for our Clients - who are at the heart of everything we do. Discover how you can make a difference in the lives of individuals, families and communities around the world.

JOB DESCRIPTION:

The Senior Audit, Security Governance Analyst is a key member of the Security Governance and Client Programs team who partners with internal stakeholders to drive the planning, preparation and execution of the ISO/IEC 27001 and ISO/IEC 27017 certifications with a focus on security controls owned by the Security, Risk and Crisis Management department.
Our client base is increasingly aware of Cybersecurity, resulting in requests for information regarding Sun Life’s Risk Management and Cybersecurity Program. ISO certifications are third-party validation that our security controls are operating effectively against an evolving threat landscape.

PREFERRED SKILLS:

• Strong verbal & written communication skills
• Strong organizational, time management and facilitation abilities
• Self-motivated and highly resourceful with an ability to think outside the box
• Flexible; ability to pivot from one task to another to adjust to changing priorities
• Able to work in a fast paced environment with strict deadlines
• Demonstrates accuracy and thoroughness

• Oversee the Information Security Management System (ISMS) within the organization.
• Develop and implement ISMS procedures, and controls which ensure conformity with the ISO/IEC 27001 and ISO/IEC 27017 standards.
• Ensure alignment of the ISMS with organizational objectives and risk management priorities.
• Work with leaders and subject matter experts to review, update, and submit a variety of compliance requirements pertaining to ISO/IEC 27001 and ISO/IEC 27017.
• Prepare subject matter expert (SME) control owners for their auditor walkthrough meetings.
• Collected requested control evidence files from SMEs for walkthrough meetings and testing.
• Conduct quality checks to ensure accuracy of information.
• Respond to auditor follow up inquiries.
• Participate in status meetings with external auditors and internal working groups.
• Ensure process and control response reference documents are current and stored appropriately.
• Monitor and improve activities after certification.
• Builds strong relationships with SME control owners fostering collaboration and teamwork.
• Interpersonal skills – in dealing with all levels of individual in the organization
• Service-oriented – ensuring that requirements of all Business Units are satisfied