Job Details

| Print

Chief Information Security Officer (CISO)

Position ID: J0917-0380
Job Type: Permanent Full Time
Job Location: Toronto, Ontario, Canada
Division: IT/IS
Region: Head Office
Job Category: IT
Number of Positions 1

Keeping You Moving:

RSA is one of the world’s leading multinational insurance groups with over 300 years of experience and over 20 million customers worldwide.

Our people are committed to building a dynamic internal culture where our people love what they do and feel motivated to keep things moving – for customers, for their colleagues and as part of their own growth and development.

In RSA, employing positive people is how we achieve success. You will be working in an environment that encourages you to do great work and you constantly will be faced with fresh challenges that have a direct impact on our business. We believe your personality and passion will keep RSA and our business moving forward.

At RSA we have a culture that supports and rewards high performance with a competitive reward policy for top performers. Our rewards package includes competitive compensation, work / life balance, opportunities to learn and the chance to make a difference working for a worldwide industry leader.

Position Overview:

The Chief Information Security Officer (CISO) will be responsible for leading the Information Security and Compliance at RSA Canada. You will be responsible for leading and defining the company’s information and physical security strategy and associated compliance program for Information Security, Continuity Management and Compliance for RSA Canada. In this position, the CISO will be a key partner and process owner on key security issues including security assurance policies and standards working to deliver results within the broader guidelines set out by the CIO.

The CISO will perform in a matrix environment reporting to the CIO and will work closely with the Chief Risk Officer.

Who you are:

Your enthusiasm is infectious. You challenge the status quo. You find solutions to problems. You go the extra mile to exceed customers’ expectations. You get things done the right way. You represent our brand with passion and pride. You are a team player. You have fun and you make work fun for those working around you.

What you will achieve in this role:

• Manage the Information Security, IT Risk, IT General Controls, BCM & Compliance Functions in RSA Canada.
• Lead the information security planning process to identify protection goals, objectives and metrics consistent with the corporate strategic plan.
• Identifies issues and concerns of a security nature raised by company initiatives and advises on solutions to help resolve them. Fosters and maintains appropriate working relationship with the firm’s primary regulators and stakeholders.
• Establish, implement and facilitate an effective enterprise-wide information security governance program that ensures the strategic alignment of information security and broader corporate objectives and drives accountability; implement a metrics-based reporting framework to measure the efficiency and effectiveness of the program and facilitate appropriate resource allocation to increase the maturity of the information security program
• Develop and implement cost-effective and business neutral response strategies that result in risk and exposure in appetite levels with no adverse impact to our business objectives.
• Act as the representative for Canada on the Virtual Information Security Team in the development of global security policy, standards, guidelines and procedures.
• Accountable for implementation of such policies in RSA Canada and monitoring compliance of same to ensure ongoing maintenance of security.
• Accountable for ensuring Information Security goals and objectives are represented appropriately in Key Organizational Activities and that they are aligned with the business goals of the Organisation.
• Develop & maintain strategic customer relationships both within IS&CM and the business to identify and support, new initiatives, current projects, existing and emerging regulatory compliance requirements.
• Accountable for recommending risk-based and cost-effective Security solutions that meet business needs, Information Security and regulatory compliance requirements.
• Direct and control the activities involved with ensuring a Security and Compliance Framework is implemented and maintained with Third Party Service Providers. Perform regular security reviews of processes and security controls. Lead and facilitate continuous improvement activities with respect to Information Security.
• Accountable for computer security incident response planning, execution and awareness. Responsible for investigation of security breaches, and assist with disciplinary and legal matters associated with such breaches as necessary.
• Act as Compliance Officer for IS&CM and manage relations with Internal Audit, Group Risk, Legal, External auditor and other external Compliance institutions.
• Oversee and efficiently deliver a portfolio of projects and initiatives to remediate:
o All audit findings (passing both tests of design and tests of effectiveness) by the agreed dates
o Risks and exposures that are considered out of appetite
• Develop and implement the IT General Controls Framework in IT at RSA; ensure ongoing ownership (especially during staff transitions) and oversee Level 1 & 2 validation of the controls
• Oversee the development and be the enterprise champion of a corporate security awareness training program.
• Accountable for ensuring compliance with Business Continuity and Disaster Recovery policies and procedures and ensuring appropriate plans are in place to facilitate recovery of critical business functions and systems. Also accountable to ensure ongoing testing of BCM plans to ensure currency, awareness and readiness to implement in an appropriate situation.
• Lead, mentor, motivate, train, develop, and appraise a large and /broad functional area to build their individual and collective performance and capability to the standards that will meet the current and future needs of the Business.
• Provide ongoing status updates, reports and recommendations to GCC CISO and Chief Risk Officer (CRO) and to the RSA Canada CRO and Canada Regional Risk Committee with the CIO.
• Create and communicate a clear and compelling vision for the information security strategy balancing costs and appropriate risks

What you bring to this role:

• Must have a Bachelor’s Degree in Computer Science, Information Technology, Information Security, Information Management Systems, or related field; or equivalent in relevant work experience.
• Current information security certification, including Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP)
• 10+ years’ of progressive experience in various aspects of Information Technology Security and Governance roles, with a proven track record of IT Leadership and managing teams
• Current or recent CISO responsibility or equivalent experience.
• Demonstrated success leading large scale initiatives/transformations across an enterprise
• A very broad and technical understanding of IT and Information Security regulations, compliance requirements, systems, architectures, technologies and processes employed at R&SA Canada.
• Comprehensive and advance understanding of IT and Information Security frameworks such as ISO27001/NIST/SANs, Payment Card Industry Standard (PCI), COBIT and external regulatory compliance requirements for IT areas
• Advanced knowledge and understanding of Security and Compliance in the Canadian Environment to the degree where they would be considered by colleagues within R&SA and externally to be an expert in Security and Compliance in the Canadian environment.
• Ability and willingness to maintain knowledge, skills and certifications as mentioned above through significant efforts during and outside of work hours with an emphasis on continuous learning to maintain “expert” rating.
• Carry out complex work requirements as generally directed by the CIO working largely autonomously to meet needs of teams, projects and timelines. Expected to work on multiple projects simultaneously.
• Willingness to travel occasionally for international conferences and meetings.
• Excellent analytical and project management skills
• Excellent relationship management and interpersonal skills with the ability to collaborate, influence and network effectively.
• Significant level of maturity and the ability to interact with and present to senior leadership
• Exceptional communication skills, both verbal and written
• Ability to manage multiple competing priorities and tight deadlines.
• Strong negotiating, facilitation, influencing and problem resolution skills
• Demonstrated ability to assess customer/client needs, creatively approach solutions, decide and influence appropriate courses of action
• Proven skills and experience in: Project Management, Risk Management, Management and leadership, Planning and organizing
• Strong presentation skills – capable of delivering information and decision presentations to the RSA Executive Committee and the RSA of Canada Board of Directors

Other Information:

Applicants agree that by providing personal information in response to this ad, and otherwise in any recruitment process with RSA or its affiliated companies (the “Company”) such personal information may be retained and used for a period of one (1) year from the date of this application, for the purpose of consideration for employment opportunities which may arise during that time period, unless an applicant notifies the Company to the contrary.

We thank all applicants. However, only those selected for an interview will be contacted.

We invite you to learn more about us at our Career Site,, where you can apply on line.

RSA group of Companies is strongly committed to diversity and welcomes applications from visible minority group members, women, Aboriginal persons, and persons with disabilities, members of the LGBT community, and others who may contribute to the further diversification of ideas.

RSA group of Companies will provide reasonable accommodation for qualified individuals with disabilities in the job application process.

If you have difficulty using our online application system and you need an accommodation due to a disability, please email AODA@RSAGROUP.CA or call us at toll free 1 (800)-855-0511. Please note this email is only for accommodation requests. Resumes sent to this email address will not be considered.

  • Information Technology
  • Leadership
  • Security

Where did you first learn about this position?*

Applicants agree that by providing personal information in response to this ad, and otherwise in any recruitment process with RSA or its affiliated companies (the “Company”) such personal information may be retained and used for a period of one (1) year from the date of this application, for the purpose of consideration for employment opportunities which may arise during that time period, unless an applicant notifies the Company to the contrary.

Johnson is an equal opportunity employer. We thank all applicants for their interest. However, only those selected for an interview will be contacted.