Manager Cyber And Technology Risk Management Job In Na

Job Description

Manager, Cyber and Technology Risk Management

Make an impact at a global and dynamic investment organization

When you invest your career in CPP Investments, you join one of the most respected and fastest growing institutional investors in the world. With current assets under management valued in excess of $500 billion, CPP Investments is a professional investment management organization that globally invests the funds of the Canada Pension Plan (CPP) to help ensure long-term sustainability. The CPP Fund is projected to reach $3 trillion by 2050. CPP Investments invests in all major asset classes, including public equity, private equity, real estate, infrastructure and fixed-income instruments, and is headquartered in Toronto with offices in Hong Kong, London, Luxembourg, Mumbai, New York City, San Francisco, São Paulo and Sydney.

CPP Investmentsattracts and selects high-calibre individuals from top-tier institutions around the globe. Join our team and look forward to:

• Diverse and inspiring colleagues and approachable leaders
• Stimulating work in a fast-paced, intellectually challenging environment
• Accelerated exposure and responsibility
• Being motivated every day by CPP Investments’ important social purpose and unshakable principles
• A flexible/hybrid work environment combining in office collaboration and remote working
• A deeply rooted culture of Integrity, Partnership and High Performance

If you share a passion for performance, value a collegial and collaborative culture, and approach everything with the highest integrity, here’s an opportunity for you to invest your career at CPP Investments.

Job Description

Reporting to the Managing Director, Cyber & Technology Risk Management, this Cyber and Technology Risk Manager role will be focused on mitigating cyber, technology, and data risks by assisting in the implementation of a risk management and internal control framework with particular focus on the Technology & Data (T&D) and Information Security (Infosec) departments.

In this role, you will be responsible for working collaboratively with the T&D and Infosec teams to identify, assess, and mitigate risks to the fund’s information systems, data, and infrastructure; and instill a risk and control discipline through education, consultation, and the development of risk management capabilities across core activities. You will assist the team by:

• Developing and implementing cyber and technology risk management processes and capabilities to protect the organization’s critical information assets and systems
• Enabling regular insights via KRIs and other means, to senior leaders and other stakeholders on the fund’s cyber and technology risk posture
• Supporting the enhancement and implementation of a 1st line of defence risk and control assessment capability,
• Support the development and updating of key documentation (e.g., standards, guidelines, etc.) to support T&D and Infosec processes and address fund-wide risks
• Facilitate the establishment of necessary standards and the associated governance and monitoring to ensure adherence and manage exceptions
• Support and lead on-time completion of action plans that address findings from Audits and reviews across the 3 lines of defense
• Identifying risks and partnering with colleagues from Legal, Compliance, Risk, T&D, and Infosec to implement solutions to mitigate them

This role will support the cultivation of the best view of Cyber and Technology risks across the fund through active partnership with T&D teams, Enterprise Risk, Audit, and other groups; and will support the Cyber and Technology Risk Management team in leading enterprise initiatives to address transversal risks impacting the enterprise.

You will support the team to work collaboratively with Enterprise and Operational Risk on the adoption and implementation of CPP Investments’ Integrated Risk Framework within T&D and Infosec and support enterprise risk reporting. You will work closely with both Internal and External Audit to identify risks, provide insight to maximize the value of Audit to support the department’s mandate and co-ordinate all audit activities on behalf of T&D and Infosec to assist them in execution of their mandates.

Qualifications

If you possess many of the following, we’d like to hear from you:

Knowledge/ Skills/Competencies/Qualities Sought

Education & Professional Certifications:

• Undergraduate degree required, preferably in Technology / Data Science / business / finance or related discipline; post graduate degree is a plus;
• Industry recognized IT certification (e.g., CISA, CRISC, CISM, CISSP) or equivalent certification is desirable.

Professional Experience:

• Advanced knowledge in IT, risk management, business resiliency, network management/architecture, vendor risk management, vulnerability management, information security, and data protection/management;
• Minimum 8 years of progressive management experience in technology and/or information risk management experience at complex financial institutions or investment companies;
• Knowledge of governance, risk, and compliance frameworks such as ITIL, NIST, COSO, COBIT, etc.
• Ability to evaluate components of an institution’s IT/information security program and provide advice on its ability to identify, protect, respond, and recover from threats and incidents.
• Ability to understand and communicate complex technical issues to technical and non-technical representatives.
• Able to make decisions and recommendations that effectively balance risk mitigation objectives with operational impacts to processes and departments
• Expert ability to design and evaluate risk based internal control programs, analyze situations, reach appropriate conclusions and make value-added and practical recommendations;
• Superior communication skills (written and oral) with the ability to take concepts or events and present them simply, concisely and effectively;
• Strong judgment and creativity; strong problem-solving and analytical skills; ability to effectively process a large volume of information, and draw meaningful/persuasive conclusions;
• Proven ability to build and foster professional relationships and influence others effectively at senior management, peer, and staff levels;
• Ability to adapt to rapidly changing business needs and priorities with strong attention to detail and proven consistency;
• Self-motivated and able to work independently and as part of a team having a “hands on” approach as well as appreciate diversity of thought and opinions;
• Demonstrated ability to support multiple complex engagements simultaneously, and to prioritize work and efforts of team effectively;
• Demonstrated willingness and ability to keep abreast of current investment business and professional trends and organizational developments which could impact CPP Investments’ operating and risk environment;

At CPP Investments, we are committed to diversity and equitable access to employment opportunities based on ability.

We thank all applicants for their interest but will only contact candidates selected to advance in the hiring process.

Our Commitment to Inclusion and Diversity:

In addition to being dedicated to building a workforce that reflects diverse talent, we are committed to fostering an inclusive and accessible experience. If you require an accommodation for any part of the recruitment process (including alternate formats of materials, accessible meeting rooms, etc.), please let us know and we will work with you to meet your needs.

Disclaimer:

CPP Investments does not accept resumes from employment placement agencies, head-hunters or recruitment suppliers that are not in a formal contractual arrangement with us. Our recruitment supplier arrangements are restricted to specific hiring needs and do not include this or other web-site job postings. Any resume or other information received from a supplier not approved by CPP Investments to provide resumes to this posting or web-site will be considered unsolicited and will not be considered. CPP Investments will not pay any referral, placement or other fee for the supply of such unsolicited resumes or information.

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.