AVP, Threat and Vulnerability Management

You are as unique as your background, experience and point of view. Here, you'll be encouraged, empowered and challenged to be your best self. You'll work with dynamic colleagues - experts in their fields - who are eager to share their knowledge with you. Your leaders will inspire and help you reach your potential and soar to new heights. Every day, you'll have new and exciting opportunities to make life brighter for our Clients - who are at the heart of everything we do.

Discover how you can make a difference in the lives of individuals, families and communities around the world.

Job Description:

As the AVP, Global Threat & Vulnerability Management (TVM) within Digital Security Threat Management (DSTM) under Security, Risk & Crisis Management (SRC), you will lead Sun Life's global capability for identifying, assessing, prioritizing, and mitigating cyber vulnerabilities and threats across the enterprise. You will oversee multiple sub‑disciplines—vulnerability management, red teaming, threat intelligence, defensive security (blue team), application security platform & testing, and incident management & process development—ensuring Sun Life maintains a resilient and compliant security posture.

This role partners closely with Security Engineering & Advisory, Technology Risk & Compliance, Security Governance & Client Programs, Security Initiatives & Awareness, and Security Operations to drive measurable improvements in cyber resilience and reduce enterprise attack surface.

You are the Responsible Person/Contact for the enterprise Vulnerability Management Directive, overseeing the entire vulnerability lifecycle across Sun Life: identification, prioritization, reporting, remediation governance, and compliance monitoring.

Your VM program encompasses:

• Internal and external vulnerability scanning
• Database scanning
• Security Scorecard monitoring
• Threat‑intel‑driven vulnerability monitoring
• Classification of vulnerabilities and zero‑day response
• Audit, Client and Regulatory responses.
• Management of platforms related to Vulnerability Management.
• Produce Senior Leadership and Executive Reporting for all areas of Vulnerability Management.

You oversee the Cyber Threat Intelligence (CTI) and Cyber Threat Hunting (CTH) function responsible for:

• Lead the collection, analysis, and operationalization of internal and external threat intelligence.
• Monitoring global threats affecting Sun Life brands, staff, infrastructure, and clients
• Identifying indicators of compromise, campaign activity, and attacker behaviors
• Producing actionable threat briefings for Security teams, Technology Risk, and senior leadership.
• Maintain relationships with intelligence‑sharing communities, industry groups, and government partners.
• Ensure threat intelligence directly informs detection engineering, vulnerability prioritization, and offensive testing.
• Perform continuous Threat Hunting activities based on Cyber Threat Intelligence and internal Red/Blue team information.
• Develop and refine use cases based on threat intelligence and work with Security Operations and Engineering teams to implement for alerting to Defensive Security teams.

You lead the Offensive Security (Red Team) program, which conducts:

• Application, network, social engineering, and physical penetration tests
• Adversary emulation engagements
• Intelligence Led Penetration Testing
• Executes Security Control validation testing to ensure coverage and identify gaps across security controls.
• Ensure offensive testing aligns with threat intelligence and focuses on high‑risk assets and emerging attack vectors.
• Partner with technology teams to validate remediation effectiveness.
• Translate offensive findings into prioritized remediation actions and long‑term security improvements.

• Responds to detections from security controls
• Ensure defensive capabilities evolve based on threat intelligence and offensive testing results.
• Partner with Offensive Security, Cyber Threat Intelligence and Security Operations to enhance detection…