The IT Security Governance Analyst conducts and manages Compliance functions for the US. There is interaction with all business groups, including Application Services, Enterprise Infrastructure, Architecture, Legal, Compliance and Risk, Privacy, and external service providers and vendors. The IT Security Governance Analyst applies IT Compliance legislation and Sun Life security policy or directives to assists business units with compliance matters. The incumbent in this process will gather information for analysis to make recommendations for any action as necessary. Accountabilities: Conduct the quarterly Compliance (i.e. SOX, HIPAA, NYDFS, etc.) review process for IT Controls. Create templates for self-assessment to security directives, and ensure completion. Provide guidance on any waivers needed for compliance, and track action plans to completion. Provide support to Sun Life Business groups by ensuring alignment with Information Security policies and directives. Provide support to business groups by ensuring alignment to IT Controls (i.e. SOX GCC, NYDFS, etc.). Provide support to business groups by suggesting ways to implement security requirements to protect Company information from intentional or accidental disclosure, modification, or destruction and improve overall Security. Perform research on issues as needed to ensure suggestions meet necessary business and regulatory requirements. Participate in internal and external audits for IT Security, IT Controls and Sun Lifes Business Groups under the direction of the Associate Director IT Compliance. Provide support on IT security events and work with IT and business organization within the Incident Management processes for those events by gathering information for analysis from various internal and external sources. Provide reports to the management team outlining the status of information security, internal audit, and IT Control non-compliance issues. Competencies: In depth knowledge of Sun Life IT Security Policy and Directives Strong abilities in all areas of communication, able to interface and negotiate with senior staff Advanced skills in report writing An understanding of Sun Lifes Business and ability to work with diverse groups Good technology generalist, with a good understanding of all aspects of technology Good consulting skills and ability to influence a win - win outcome Must be able to work with the business on a business perspective and interpret technical context into common business language Self- Starter, strategic thinker, negotiator, detail orientated and consensus builder University degree or college diploma in Computer Science, engineering, IT security management, risk management, or comparable professional education/training in a field relevant to IT Security management Minimum 5 years in technical job function either related to information security or in close working relationship with information security Able to obtain a professional designation relating to Information Security or Compliance Associated topics: attack, cybersecurity, identity, idm, leak, protect, security, security analyst, security engineer, violation
* The salary listed in the header is an estimate based on salary data for similar jobs in the same area. Salary or compensation data found in the job description is accurate.