Job Description

Company Description

Make an impact at a global and dynamic investment organization

When you invest your career in CPP Investments, you join one of the most respected and fastest growing institutional investors in the world. With current assets under management valued in excess of $500 billion, CPP Investments is a professional investment management organization that globally invests the funds of the Canada Pension Plan (CPP) to help ensure long-term sustainability. The CPP Fund is projected to reach $3 trillion by 2050. CPP Investments invests in all major asset classes, including public equity, private equity, real estate, infrastructure and fixed-income instruments, and is headquartered in Toronto with offices in Hong Kong, London, Luxembourg, Mumbai, New York City, San Francisco, S\xc3\xa3o Paulo and Sydney.

CPP Investments attracts and selects high-calibre individuals from top-tier institutions around the globe. Join our team and look forward to:

• Diverse and inspiring colleagues and approachable leaders
• Stimulating work in a fast-paced, intellectually challenging environment
• Accelerated exposure and responsibility
• Global career development opportunities
• Being motivated every day by CPP Investments\' important social purpose and unshakable principles
• A flexible/hybrid work environment combining in office collaboration and remote working
• A deeply rooted culture of Integrity, Partnership and High Performance

If you share a passion for performance, value a collegial and collaborative culture, and approach everything with the highest integrity, here\'s an opportunity for you to invest your career at CPP Investments.



The Director, Information Security Operations will be a senior member of the Information Security group and Technology & Data department. The role will manage the Security Operations Center with direct responsibility for Detection & Monitoring Operations, Digital Forensics & Incident Response (DFIR), and Threat Hunting & Intelligence. The successful candidate must have a proven track-record of working closely with internal and external stakeholders to understand and safeguard the assets, people, and processes across a global firm.

Role Specific Accountabilities:

• Lead the Security Operations Center, monitor emerging threats, oversee DFIR capabilities, enable outcomes-based metrics, and work closely with internal and external stakeholders for incident responses to determine appropriate courses of actions
• Direct improvements to SIEM and SOC efforts for continuous maturity to response times and SLA compliance
• Work closely with the Managing Director to ensure that information security and risk management are embedded within the culture
• Implement the next generation of cyber controls and threat analytics by leveraging automation, machine learning, and rich data sets.
• Identify and drive the end-to-end remediation of discovered or potential security vulnerabilities and mature operational security processes and procedures.
• With the Director, IT Risk Management, execute periodic security testing and reviews, promptly remediate any findings, and ensure policies, controls, and procedures are effective, documented, and understood by relevant stakeholders/roles through training and education.
• Effectively communicate investigative findings and strategies to technical staff, executive leadership, legal counsel, and internal and external clients

Qualifications

If you possess the following, we\'d like to hear from you:

• Bachelor\'s degree, with a technology or business emphasis, or equivalent education and experience.
• Possess one or more of the following industry certifications:

• CISSP / CISA / CISM
• CCSP - Certified Cloud Security Professional
• SABSA - Security Architecture
• Other industry recognized Information Security certifications
• Demonstrated knowledge of current cloud platforms, services and security best practices for their protection
• Demonstrated knowledge and understanding of information security industry standards (e.g., ISO17799, ISO27001, NIST, COBIT, ITIL, etc.), and legislative/regulatory requirements (e.g., SAS-70, SOX, B198, PIPEDA, etc.)
• Minimum of 7-10 years experience in information security including:

• Security Management, Policy & Procedure development, Governance Frameworks, Security Programs
• Experience working with MSS partners
• Developing and implementing cloud security architectures
• Risk Assessment, Risk Management
• Security Architecture, IS Infrastructure Processes
• Operational security (network architecture, application, systems)
• Strong vendor management
• Strong sense of teamwork
• Ability to create solutions to fit a diverse and complex environment
• Adaptable to new technologies and challenges not previously encountered
• Able to build strong relationships and communicate effectively with a diverse set of stakeholders, including business leaders, operational staff and technical engineers
• Proven project management experience
• Excellent written and oral communication skills, with the ability to work with both technical and business users
• Self-motivated with acute attention to detail
• Innovative and proactive
• Exemplify CPP Investments\' Guiding Principles of Integrity, High Performance and Partnership

Additional Information

Visit our or Follow us on LinkedIn. #LI-KE1

#LI-Hybrid

At CPP Investments, we are committed to diversity and equitable access to employment opportunities based on ability.

We thank all applicants for their interest but will only contact candidates selected to advance in the hiring process.

Our Commitment to Inclusion and Diversity:

In addition to being dedicated to building a workforce that reflects diverse talent, we are committed to fostering an inclusive and accessible experience. If you require an accommodation for any part of the recruitment process (including alternate formats of materials, accessible meeting rooms, etc.), please let us know and we will work with you to meet your needs.

Disclaimer:

CPP Investments does not accept resumes from employment placement agencies, head-hunters or recruitment suppliers that are not in a formal contractual arrangement with us. Our recruitment supplier arrangements are restricted to specific hiring needs and do not include this or other web-site job postings. Any resume or other information received from a supplier not approved by CPP Investments to provide resumes to this posting or web-site will be considered unsolicited and will not be considered. CPP Investments will not pay any referral, placement or other fee for the supply of such unsolicited resumes or information.

Mandatory Vaccine Policy

All employees in the Toronto, Sydney and Hong Kong offices will be required to be vaccinated against COVID-19. Accommodations to this policy will be made for medical or other protected grounds. Please contact us to discuss any accommodation needs.

CPP Investments