Manager, Cybersecurity

at  University Pension Plan

ABOUT UPP

UPP is the first pension plan of its kind in Ontario’s university sector, proudly serving over 39,000 members across four universities and 12 affiliate organizations. Our purpose is to bring greater retirement peace of mind to the university sector by investing with integrity and serving members with care. As a sector-wide plan designed for growth, our doors are open to all Ontario universities.
Together, we’re a team of progressive thinkers and agile doers operating within a fast-paced culture of collaboration and respect. We believe in bringing smart and capable people together to create, solve and grow with a clear shared vision and values of integrity, inclusivity, ingenuity, and impact.
Our culture is intentionally welcoming and purposefully rooted in equity, diversity, inclusion, and reconciliation (EDIR). We believe diverse teams, perspectives, and lived experiences contribute to better decisions and a better workplace.
As a long-term investor, we recognize that environmental, social and governance (“ESG”) factors support risk management and value creation. As stated in our Responsible Investing Policy, we are committed to incorporating ESG considerations into our investment management activities and we collaborate with other industry participants in the promotion of a sustainable economy and society.
Join us in building a bright future for our members, our organization, and each other.

KEY ACCOUNTABILITIES:

The Manager, Cybersecurity will be responsible for a variety of duties, including but not limited to the following:

• Advocate for a cybersecurity-aware culture across the organization, fostering a sense of responsibility for security among all employees.
• Provide Cybersecurity expertise to implement best practices, delivering comprehensive program updates focusing on high-level risks, threats, and mitigation strategies.
• Educate business users to raise awareness of cybersecurity risks and encourage proactive collaboration in maintaining a secure environment.
• Conduct thorough risk assessments and analysis to identify potential vulnerabilities and threats to UPP.
• Provide guidance and leadership during high profile cybersecurity incidents involving third-party providers, ensuring a swift and effective response.
• Manage the organization’s adherence to relevant cybersecurity regulations.
• Leverage and manage cybersecurity vendors, ensuring that third-party services align and successfully deliver UPP security initiatives.
• Assist in the development and delivery of cybersecurity training programs and specialized modules for key areas within UPP.
• Create plans of action for the security program target state and roadmap milestones for improving the organization’s security posture
• Identify compliance, information security, and business continuity risks to the organization and partner with architecture and operations to make recommendations for corrective actions/mitigation of risks.
• Assess, define, and document security solutions, controls, and processes for cloud platforms.
• Identify compliance, information security, and business continuity risks to the organization and partner with architecture and operations to make recommendations for corrective actions/mitigation of risks.
• Development of technology risk reporting and governance practices to identify, protect, detect, respond, and recover to current and emerging security threats.
• Development and/or implementation of standards, policies, procedures, and solutions as it relates to key Access Management controls.
• Ensure all required information security requirements and related reporting are met.

QUALIFICATIONS & EXPERIENCE:

• Bachelor’s degree in Cybersecurity, Information Technology, or a related field. Advanced degree or relevant certifications (e.g., CISSP, CISM) preferred.
• 5+ years of proven experience in a senior-level cybersecurity role with a focus on Cyber program development and vendor management.
• In-depth knowledge of cybersecurity frameworks, risk management, and compliance standards.
• Strong communication and presentation skills, with the ability to translate technical concepts into business-oriented language.
• Demonstrated experience in incident response and crisis management.
• Exceptional leadership skills and the ability to collaborate with cross-functional teams.
• Experience with Information Security and Risk Management governance structures and programs
• Experience collaborating across various business units to ensure that technology operations and information security requirements are included in contracts by liaising with vendor compliance and finance/procurement teams.
• Expertise in cybersecurity, firewalls, network security, application security.
• Proven experience estimating duration of initiatives.

THE ROLE

We are looking for a Manager, Cybersecurity, with strong experience and expertise in cybersecurity. The ideal candidate should have a proven track record of implementing a robust and scalable security strategy. We value individuals who are proactive, effective communicators, and team players.
As the Manager, Cybersecurity, you will report directly to the Cybersecurity Lead. Your primary responsibilities will include advancing the organization’s security program with your expertise through analysis, prioritizing additional controls, and creating a roadmap for continuous improvement of our security posture.
This presents an excellent opportunity for an experienced security professional to join a high-performing team and make a significant impact in a rapidly growing and dynamic organization.
UPP is based in Toronto’s financial district and has a hybrid work model (~2 days / week in office).

The Manager, Cybersecurity will be responsible for a variety of duties, including but not limited to the following:

• Advocate for a cybersecurity-aware culture across the organization, fostering a sense of responsibility for security among all employees.
• Provide Cybersecurity expertise to implement best practices, delivering comprehensive program updates focusing on high-level risks, threats, and mitigation strategies.
• Educate business users to raise awareness of cybersecurity risks and encourage proactive collaboration in maintaining a secure environment.
• Conduct thorough risk assessments and analysis to identify potential vulnerabilities and threats to UPP.
• Provide guidance and leadership during high profile cybersecurity incidents involving third-party providers, ensuring a swift and effective response.
• Manage the organization’s adherence to relevant cybersecurity regulations.
• Leverage and manage cybersecurity vendors, ensuring that third-party services align and successfully deliver UPP security initiatives.
• Assist in the development and delivery of cybersecurity training programs and specialized modules for key areas within UPP.
• Create plans of action for the security program target state and roadmap milestones for improving the organization’s security posture
• Identify compliance, information security, and business continuity risks to the organization and partner with architecture and operations to make recommendations for corrective actions/mitigation of risks.
• Assess, define, and document security solutions, controls, and processes for cloud platforms.
• Identify compliance, information security, and business continuity risks to the organization and partner with architecture and operations to make recommendations for corrective actions/mitigation of risks.
• Development of technology risk reporting and governance practices to identify, protect, detect, respond, and recover to current and emerging security threats.
• Development and/or implementation of standards, policies, procedures, and solutions as it relates to key Access Management controls.
• Ensure all required information security requirements and related reporting are met