Manager, Cyber & Technology Risk Management, Information & Corporate Securi

at  CPP Investments

MAKE AN IMPACT AT A GLOBAL AND DYNAMIC INVESTMENT ORGANIZATION

When you join CPP Investments, you are joining one of the world’s most admired and respected institutional investors. With more than $600 billion in assets under management, CPP Investments is a professional investment management organization that globally invests the funds of the Canada Pension Plan (CPP) to help ensure it is financially sustainable for generations of working and retired Canadians.
CPP Investments invests across regions and asset classes to build a globally diversified portfolio. It holds assets in public equity, private equity, real estate, infrastructure, and fixed income, and the CPP Fund is projected to reach $3 trillion in assets by 2050. The organization is headquartered in Toronto with offices in Hong Kong, London, Mumbai, New York City, San Francisco, São Paulo, and Sydney.

CPP Investments successfully attracts, selects, and retains talented individuals from top-tier institutions worldwide. Join our team for access to:

• Stimulating work in a fast-paced and intellectually challenging environment
• Accelerated exposure and responsibility
• Global career development opportunities
• Diverse and inspiring colleagues and approachable leaders
• A hybrid-flexible work environment with an emphasis on in-person collaboration
• A culture rooted in principles of integrity, partnership, and high performance
• An organization with an important social purpose that positively impacts lives

If you have a passion for performance, value a collegial and collaborative culture, and approach work with the highest integrity, invest your career here.
Job Description

TEAM DESCRIPTION

The Cyber and Technology Risk Team partners with departments to advance technology and third-party information risk management capabilities that enable the Fund to compete effectively and take advantage of innovative technologies.

ACCOUNTABILITIES

• Develop reporting dashboards, collect core security metric data to support reporting, manage compliance with established policies and procedures, and manage of exceptions process.
• Support the development of security policies, procedures, and standards, designing core program metrics for the measurement of program effectiveness, measurement and monitoring program cost, schedule, and performance against established operational and project timelines.
• Develop training program content aligned to core CPPIB risks supporting the bolstering of security awareness across the fund, developing role-based security training, conducting in-person training, designing computer-based education programs, and conducting other security awareness activities.
• Manage the relationships with external third parties including vendors, suppliers, and other partners to support core information security program goals.
• Collaborate to solve complex security problems as part of a highly dynamic, close-knit team of dedicated security professionals.
• Manage the effective response to security related incidents in accordance with the established incident response framework.
• Provide security advisory and assessment to the organization on various security issues.

QUALIFICATIONS

• Undergraduate degree or college diploma in related field
• 6+ years of relevant experience
• Advanced knowledge in IT, risk management, business resiliency, network management/architecture, vendor risk management, vulnerability management, information security, and data protection/management
• Knowledge of governance, risk, and compliance frameworks such as ITIL, NIST, COSO, COBIT, etc.
• Experience managing and deploying IT infrastructure or cyber security technologies preferred.
• Possess one or more of the following certifications - / CISSP /CISA/ CISM
• Strong technical capabilities in the areas of firewalls, anti-virus, content filtering, SIEM, threat intelligence, security orchestration and automation, vulnerability management and cloud security
• Familiarity with SIEM, EDR, DLP, and other security technologies.
• Strong written and verbal communication skills
  Additional Information
  Visit our LinkedIn Career Page or Follow us on LinkedIn. #LI-KE1 #LI-Onsite
  At CPP Investments, we are committed to diversity and equitable access to employment opportunities based on ability.
  We thank all applicants for their interest but will only contact candidates selected to advance in the hiring process.

As a Manager, Information Security, you will be accountable for the development of internal governance processes for the Information security team, managing and overseeing reporting to senior management, other internal stakeholders such as Audit and Assurance, Enterprise Risk, Business Continuity and Crisis Management. You will also compile and analyze risk metrics to proactively identify Information Security risks supporting alignment with the funds Integrated Risk Framework. Participate in incident response and remediation activities.