Information Security Lead - Zensurance Toronto, ON Bookmark Share Print 121 0 0

Listing Description

Zensurance is a fast-growing start-up turned “scale-up”, InsurTech company that is disrupting the property and casualty insurance market.

At Zensurance, we want to empower small businesses across Canada to thrive by offering an honest, simplified, and modern approach to insurance. We are boldly going where no insurance broker has gone before!

This role plays an integral part in Zensurance's growth as a company, as this is the very first information security role. Zensurance is growing rapidly, which means our commitment to information security is becoming even more critical for us.

In this role, you will establish and maintain a company-wide information security management program to ensure that information assets are adequately protected. In addition, you will be responsible for identifying, evaluating and reporting on information security risks in a manner that meets compliance and regulatory requirements and aligns with and supports the enterprise's risk posture.

You walk into this role with sound knowledge of business management and a working knowledge of information security technologies. The ISM will proactively work with business units to implement practices that meet defined policies and standards for information security. You will also oversee a variety of IT-related risk management activities and act as an interface between the management's strategic and process-based activities,

As an ideal candidate, you are a thought leader, a consensus builder, and an integrator of people and processes. While the Information Security Lead is the leader of the security program, you must also be able to coordinate disparate drivers, constraints and personalities while maintaining objectivity and a strong understanding that security is just one of the business's activities. It cannot be undertaken at the expense of the enterprise's ability to deliver on its goals and objectives.

This role is an individual contributor role reporting to the VP of Engineering and working closely with the IT Manager. This position has the potential to move into a role with direct reports at some point in the future as we grow our enterprise's information security function.

This is a remote role, and the team member can work from anywhere in Canada. #LI-Remote

Responsibilities

Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure that the organization owns, controls or processes the integrity, confidentiality and availability of information.

Manage the enterprise's information security function, consisting of indirect reports (such as individuals in engineering and IT operations).

Facilitate information security governance by implementing a hierarchical governance program, including forming an information security steering committee or advisory board.

Develop, maintain and publish up-to-date information security policies, standards and guidelines. Oversee the approval, training, and dissemination of security policies and practices.

Create, communicate and implement a risk-based process for vendor risk management, including assessing and treating risks that may result from partners, consultants and other service providers.

Liaise among the information security function and corporate compliance, audit, legal and HR management teams as required.

Assist resource owners and IT staff in understanding and responding to security audit failures reported by auditors.

Work with the IT and business stakeholders to define metrics and reporting strategies that effectively communicate the successes and progress of the security program.

Research, evaluate, design, test, recommend or plan the implementation of new or updated information security software, and analyze its impact on the existing environment; provide technical and managerial expertise for the administration of security tools.

Work with the IT Team to ensure a convergence of business, technical and security requirements; liaise with IT management to align existing technical installed base and skills with future architectural requirements.

Help manage outsourced vendors that provide information security functions for compliance with contracted service-level agreements along with the IT Team.

Manage and coordinate operational components of incident management, including detection, response and reporting.

Help maintain a knowledge base comprising a technical reference library, security advisories and alerts, information on security trends and practices, and laws and regulations.

Requirements

University degree or college diploma in a recognized technical, vocational or academic program (preferably in InfoSec or Cyber Security) or equivalent work experience.

A bachelor's degree in information systems or equivalent work experience; an MBA or MS in information security is an asset.

7+ years working in Information Security, preferably in an agile and fast-paced environment.

Experience facilitating implementation and execution of policies and processes across an organization.

Experience translating stakeholder expectations into technical requirements.

Experience writing and adapting cyber security policies, auditing and performing security gap analyses.

Experience with common information security management frameworks and compliance standards, such as the CIS Controls v8, NIST, ISO 27001, SOC 2, PIPEDA, and PCI.

Experience working with legal, audit and compliance staff.

Experience developing and maintaining policies, procedures, standards and guidelines.

Experience in developing and documenting security architecture and plans, including strategic, tactical and project plans.

Experience in system technology security testing (vulnerability scanning and penetration testing).Familiarity in application technology security testing (white box, black box and code review).

Proficiency in performing risk, business impact, control and vulnerability assessments and in defining treatment strategies.

Exhibit excellent analytical skills, the ability to manage multiple projects under strict timelines, and the ability to work well in a demanding, dynamic environment and meet overall objectives.

Exhibit effective verbal, written and interpersonal communication skills, including the ability to communicate with the IT organization, project and application development teams, management and business personnel.

Nice to have License and Certifications

Certified Information Systems Security Professional (CISSP) issued by ISC2.

Certified Information Systems Auditor (CISA) issued by ISACACertified Information Security Manager (CISM) issued by ISACA.

Global Information Assurance Certification (GIAC) issued by SANS.

Certified Business Continuity Professional (CBCP) issued by DRI International.

Member of Business Continuity Institute (MBCI) issued by BCI.

Perks we offer at Zensurance:

· Opportunity to work for Canada’s fastest-growing insurtech startup

· Contemporary office downtown TO, 1 minute from Osgoode Station and 7 minutes from Union Station

· Flexible work environment/work from home arrangements available to everyone

· Modern technology - laptops provided to all staff

· Comprehensive, flexible health, including mental health, and dental plans to suit all lifestyles

· Parental Leave Top Up

· Weekly Friday company-wide meetings

· Build next level relationships with your peers through scheduled companywide virtual team building events

· Be a part of something special, we are confident you won’t find any other insurance company like us :)

Who we are. What we're building.

Business is hard work, insurance doesn’t have to be!

At Zensurance we believe that teamwork makes the dream work.

We are passionate about providing business owners with the best insurance solutions at great rates through an online and easy-to-use platform.

Our secret sauce is all about our culture. Here at Zensurance our culture is built on four core values that we live and breathe every day, they are:

INTEGRITY: We do what's right.

INCLUDE: We are an open and safe space for all.

INVENT: We take an innovative approach to creating straightforward solutions for our customers.

DELIVER: We set ambitious goals and hold ourselves accountable for achieving them.

If reading all that piqued your interest, drop us a line and let us know why you would be a great fit for us. Whether it be through a resume - or something else you think is better - send us what you believe will impress us. Show us your creative process - how you think and solve problems!

True to its Canadian values, Zensurance celebrates diversity in its workforce structure and encourages applications from all backgrounds.

Zensurance is an inclusive employer that celebrates diversity in its workforce structure. We encourage applications from all qualified candidates and will accommodate applicants’ needs under the respective provincial human rights codes throughout all stages of the recruitment and selection process. Please advise the recruiter, if you require accommodation; to ensure your accessibility needs are accommodated throughout this process. Information received relating to accommodation will be addressed confidentially.

We thank all applicants in advance for their interest; however, only those candidates selected for an interview will be contacted.

Listing Details

Citizenship: Not Provided
Incentives: Not Provided

Education: Not Provided
Travel: Not Provided
Telework: Not Provided

Listing Description

Listing Details

About Us

Useful Links

Our Contacts