Manager, Cyber & Technology Risk (12 months contract)
Toronto, ON, Canada
Make an impact at a global and dynamic investment organization
When you invest your career in CPP Investments, you join one of the most respected and fastest growing institutional investors in the world. With current assets under management valued in excess of $500 billion, CPP Investments is a professional investment management organization that globally invests the funds of the Canada Pension Plan (CPP) to help ensure long-term sustainability. The CPP Fund is projected to reach $3 trillion by 2050. CPP Investments invests in all major asset classes, including public equity, private equity, real estate, infrastructure and fixed-income instruments, and is headquartered in Toronto with offices in Hong Kong, London, Luxembourg, Mumbai, New York City, San Francisco, São Paulo and Sydney.
CPP Investments attracts and selects high-calibre individuals from top-tier institutions around the globe. Join our team and look forward to:
- Diverse and inspiring colleagues and approachable leaders
- Stimulating work in a fast-paced, intellectually challenging environment
- Accelerated exposure and responsibility
- Global career development opportunities
- Being motivated every day by CPP Investments’ important social purpose and unshakable principles
- A flexible/hybrid work environment combining in office collaboration and remote working
- A deeply rooted culture of Integrity, Partnership and High Performance
If you share a passion for performance, value a collegial and collaborative culture, and approach everything with the highest integrity, here’s an opportunity for you to invest your career at CPP Investments.
The work of our Technology and Operation (T&O) Risk team is essential to the organization. We are looking for someone who can lead the delivery of information security risk assessments and control reviews for our existing in-house and third party SAAS applications and systems, including pre-onboarding assessment and third-party security review. The Manager, Cyber & Technology risk Management role is part of the Information Security & Risk Management group and reports to the Director, Cyber & Technology Risk. This position provides an opportunity to build rapport through engagement with key stakeholders across the organization.
Complete timely security assessments of third-party engagements, vendor controls and network integration to identify, document, and communicate key risks and gaps.
Review contracts to ensure appropriate data security terms are included to protect CPP from data and content security risks.
Perform risk assessments on Critical systems, applications, and networks to identify control gaps and vulnerabilities, and recommend corrective actions or countermeasures. Raise issues in the Issues Management system and work with the business for timely completion of the recommended actions.
Collaborate with business and security architecture team to gauge the current state and target state architecture, future developments, and critical change to Identify and document the risk exposure, mitigation plans and track remediation.
Lead and support the cyber and technology projects, managing multiple deliverables simultaneously and dynamically prioritizing in alignment with the changes in technology and business environment.
Maintain and evolve active partnership with Technology & Operations, Operational Risk, corporate functions, and Audit team to ensure an alignment across technology and risk domains.
At least 8 years of experience in information security and/or third-party risk management, with experience in a technical setting and expert in information security review of systems and architecture risk assessment at financial institutions, investment companies, or other large industry or public sector companies.
Strong knowledge and skills in various systems and architecture domains, such as cloud computing, network security, web services, data protection, encryption, SDLC, authentication, etc.
Strong knowledge of cloud-based models (SaaS, PaaS, IaaS) and technologies used to implement controls within these environments, network security, application security, and vulnerability management.
Proficient in using various tools and methodologies for systems and architecture risk assessment and audit, such as SOC, NIST, ISO, COBIT, OWASP, etc
Report writing and communication skills - being able to structurally document and present the assessment overview, finding and recommendation to both technical and non-technical audiences.
Detail-oriented individual with organizational, critical thinking, analytical, and problem-solving skills; able to maintain a balance between the details and the larger picture.
Undergraduate university degree, preferably in Technology and Certifications in systems and architecture security and risk management, such as CISSP, CISA, CRISC, etc., are preferred.
Visit our LinkedIn Career Page or Follow us on LinkedIn. #LI-KE1
At CPP Investments, we are committed to diversity and equitable access to employment opportunities based on ability.
We thank all applicants for their interest but will only contact candidates selected to advance in the hiring process.
Our Commitment to Inclusion and Diversity:
In addition to being dedicated to building a workforce that reflects diverse talent, we are committed to fostering an inclusive and accessible experience. If you require an accommodation for any part of the recruitment process (including alternate formats of materials, accessible meeting rooms, etc.), please let us know and we will work with you to meet your needs.
CPP Investments does not accept resumes from employment placement agencies, head-hunters or recruitment suppliers that are not in a formal contractual arrangement with us. Our recruitment supplier arrangements are restricted to specific hiring needs and do not include this or other web-site job postings. Any resume or other information received from a supplier not approved by CPP Investments to provide resumes to this posting or web-site will be considered unsolicited and will not be considered. CPP Investments will not pay any referral, placement or other fee for the supply of such unsolicited resumes or information.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security CISA CISSP Cloud COBIT CRISC Encryption IaaS Network security NIST OWASP PaaS Risk assessment Risk management SaaS SDLC Security assessment SOC Vulnerabilities Vulnerability management
More jobs like this
Santa Clara, CA, United … Santa Clara, CA, United States Full TimeSenior Senior-levelUSD 145K - 235K USD 145K+
Palo Alto Networks
Sr Staff Security EngineerAutomation Endpoint security Firewalls Incident response SaaS SIEM +2
Career development Flex vacation Medical leave Salary bonus Startup environment +1
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Penetration Tester jobs
- Open Senior Security Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Analyst jobs
- Open Security Operations Engineer jobs
- Open Product Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open IT Security Analyst jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Specialist jobs
- Open Chief Information Security Officer jobs
- Open Senior Security Architect jobs
- Open Senior Cyber Security Engineer jobs
- Open Security Specialist jobs
- Open Ingénieur DevSecops H/F jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Information System Security Officer (ISSO) jobs
- Open Agile-related jobs
- Open C-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open CISM-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Analytics-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open SaaS-related jobs
- Open DevOps-related jobs
- Open Threat intelligence-related jobs
- Open Security Clearance-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open Malware-related jobs
- Open CI/CD-related jobs
- Open Splunk-related jobs
- Open APIs-related jobs
- Open DevSecOps-related jobs
- Open IDS-related jobs