As a not-for-profit organization, Équité Association supports Canadian insurers to fight fraud by using advanced analytics, intelligence best practices, and coordinated investigations. Combining expert investigative services and advanced analytics, Équité serves as a unified organization, delivering improved service and fraud analytics for vehicle and cargo recovery. Leveraging relationships with law enforcement, partners and industry organizations, Équité serves as a centre point for insurance crime across all insurers, and is protecting Canadians by working to eradicate insurance fraud and crime. Équité, is invested in diminishing crime in Canada, and protecting all Canadians against exploitation.
About the Role
We use a wide range of data and intelligence to achieve four objectives:
- Help insurers identify fraud through integrated advanced analytics and investigations;
- Enhance and enable cross-insurer investigations coordinated by Équité;
- Lead stakeholder in vehicle and hard-asset recover & identification services; and
- Support law enforcement, regulators, professional colleges and other public investigative agencies to identify criminals and bring them to justice. We will also endeavour to raise public awareness about consumer scams: how they work and how to detect and prevent them.
The Cybersecurity Risk and Compliance Manager, reporting to the Director and Head of Cyber Security, is responsible for overseeing and enforcing cybersecurity policies, regulations, and best practices, as well as identifying and addressing security risks proactively.
Specific accountabilities include:
- Develop and implement a comprehensive cybersecurity risk management framework.
- Identify, assess, and prioritize cybersecurity risks based on potential impact and likelihood.
- Conduct risk assessments, gap analyses, and threat modeling exercises.
- Develop risk mitigation strategies and recommend controls to minimize identified risks.
- Monitor and report on the effectiveness of risk mitigation efforts to senior management.
- Act as a liaison between Équite and external clients and auditors.
- Facilitate the audits and risk reviews, and help with the collection of evidence / required audit information, in a timely manner.
- Respond to the audit findings, and track the remediation process until closure.
- Validate the risk and compliance level of various vendors and third-party service providers.
- Review security clauses in contracts. Evaluate third-party audit reports / compliance assessments.
- Ensure compliance with relevant industry standards, frameworks, and regulatory requirements (e.g., ISO 27001, PIPEDA etc.).
- Establish and maintain an effective compliance program, including policies, procedures, and controls.
- Provide guidance and support to cross-functional teams to address compliance gaps and implement corrective actions.
- Communicate policies effectively across the organization and ensure employee awareness and adherence.
- University Degree or College Diploma in Computer Science, Cybersecurity, or a related field.
- 5+ years of experience in cybersecurity risk management, compliance, or a similar role.
- In-depth understanding of cybersecurity principles, frameworks, and best practices (e.g., ISO 27001, NIST Cybersecurity Framework).
- Familiarity with relevant regulatory requirements such as PIPEDA, OSFI, or other industry-specific standards.
- Strong knowledge of risk assessment methodologies and frameworks.
- Experience in conducting risk assessments, gap analyses, and threat modeling exercises.
- Ability to translate risk findings into actionable recommendations and controls.
- Familiarity with compliance requirements related to data protection, privacy, and information security.
- Excellent written and verbal communication skills.
- Ability to effectively collaborate with cross-functional teams and senior management.
- Strong presentation skills to communicate complex concepts to non-technical stakeholders.
- Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), ISO27001 Lead Implementer/Auditor, Certified Information Security Manager (CISM) or other related certification.
- Results-focused approach and strong work ethic.
- Energized by a fast-paced environment.
- Comfortable and excels within remote work.
We encourage applications from all backgrounds and communities. We highly value our diversity and inclusion culture and welcome all candidates, including women, BIPOC, LGBTQ2S+ and allies.