Job Details


| Print

Information Technology & Security Governance Consultant


Position ID: J0317-1254
Job Type: Permanent Full Time
Job Location: Toronto, Ontario, Canada
Division: IT/IS
Region: Head Office
Job Category: IT
Number of Positions 1

Keeping You Moving:

RSA is one of the world’s leading multinational insurance groups with over 300 years of experience and over 20 million customers worldwide.Our people are committed to building a dynamic internal culture where our people love what they do and feel motivated to keep things moving – for customers, for their colleagues and as part of their own growth and development. In RSA, employing positive people is how we achieve success. You will be working in an environment that encourages you to do great work and you constantly will be faced with fresh challenges that have a direct impact on our business. We believe your personality and passion will keep RSA and our business moving forward. At RSA we have a culture that supports and rewards high performance with a competitive reward policy for top performers. Our rewards package includes competitive compensation, work / life balance, opportunities to learn and the chance to make a difference working for a worldwide industry leader.

Position Overview:

Reporting to the Chief Information Security Officer, the incumbent will be responsible for ensuring Information Security & Technology Risks are managed appropriately and ensuring compliance to all Policies that are owned by IT.

Who you are:

Your enthusiasm is infectious. You challenge the status quo. You find solutions to problems. You go the extra mile to exceed customers’ expectations. You get things done the right way. You represent our brand with passion and pride. You are a team player. You have fun and you make work fun for those working around you.

What you will achieve in this role:

- Perform control testing to provide assurance over compliance with the Group Policies owned by Information Services. These include, but are not limited to Information Security Policies, Information Technology, End User Computing Application and Business Continuity Management policies.
- Provide guidance to control owners on what is deemed ‘acceptable’ compliance and the type and level of evidence required.
- In conjunction with stakeholders review evidence, assess, challenge and conclude on the design and operating effectiveness of controls as defined by our Policies.
- Report on findings and agree remediation plans with control owners.
- Design and produce awareness materials in support of control delivery
- Track & follow up on remediation items identified from control testing, internal & external audit issues
- Work closely with other governance teams such as Enterprise Risk, Internal & External auditors, business stakeholders and the IT Executive team.
- Assist in developing material for the IT Risk Committee, Canada Risk Committee
- Will also be required to support the Information Security & Compliance team in meeting some of their Operational requirements
- Provide reporting to the respective stakeholders on status of controls, remediation, issues etc. This will include preparing materials and presenting at the Quarterly Controls Committee regarding the annual plan for control validation results and progress over control validation work performed for each quarter.
- Provide input into planning, budgeting etc.
- Responsible for maintaining Compliance with the Payment Card Industry Standard (PCI)
- Be point of contact for internal & external audit.
- Provide recommendations for Policy improvements, changes and determine when regional variations are required.

What you bring to this role:

To achieve the above you will;
- Take initiative and own your accountabilities
- Have a strong problem solving ability
- Lead/facilitate & influence discussions with Senior Leaders in IT, Enterprise Risk etc.
- Have a good working knowledge of IT and Information Security Governance models & controls, in order to provide effective challenge and guidance to control owners.
- Have experience working with risk management methodologies.
- Knowledge of PCI requirements
- Be able to multi-task and change direction/priorities quickly.

Education & Experience
• B.Sc computer science or in a related field
• Professional Designation in IT compliance or Security such as Certified Information Systems Auditor (CISA) and Certified Information Security Professional (CISSP) is preferable
• Advanced knowledge of excel
• Previous IT Audit experience required

#LI-RS1

Other Information:

Applicants agree that by providing personal information in response to this ad, and otherwise in any recruitment process with RSA or its affiliated companies (the “Company”) such personal information may be retained and used for a period of one (1) year from the date of this application, for the purpose of consideration for employment opportunities which may arise during that time period, unless an applicant notifies the Company to the contrary.We thank all applicants. However, only those selected for an interview will be contacted.We invite you to learn more about us at our Career Site, www.rsagroup.ca, where you can apply on line. RSA group of Companies is strongly committed to diversity and welcomes applications from visible minority group members, women, Aboriginal persons, and persons with disabilities, members of the LGBT community, and others who may contribute to the further diversification of ideas.RSA group of Companies will provide reasonable accommodation for qualified individuals with disabilities in the job application process.If you have difficulty using our online application system and you need an accommodation due to a disability, please email AODA@RSAGROUP.CA or call us at toll free 1 (800)-855-0511. Please note this email is only for accommodation requests. Resumes sent to this email address will not be considered.

Skills:
  • Bachelors Degree
  • Influencing skills
  • Multi tasking
  • Risk management
  • Verbal Communication Skills
  • Written Communication skills


Where did you first learn about this position?*

Applicants agree that by providing personal information in response to this ad, and otherwise in any recruitment process with RSA or its affiliated companies (the “Company”) such personal information may be retained and used for a period of one (1) year from the date of this application, for the purpose of consideration for employment opportunities which may arise during that time period, unless an applicant notifies the Company to the contrary.




Johnson is an equal opportunity employer. We thank all applicants for their interest. However, only those selected for an interview will be contacted.