Managing Director, Cyber And Technology Risk Management

Company Description

Make an impact at a global and dynamic investment organization

When you invest your career in CPP Investments, you join one of the most respected and fastest growing institutional investors in the world. With current assets under management valued in excess of $500 billion, CPP Investments is a professional investment management organization that globally invests the funds of the Canada Pension Plan (CPP) to help ensure long-term sustainability. The CPP Fund is projected to reach $3 trillion by 2050. CPP Investments invests in all major asset classes, including public equity, private equity, real estate, infrastructure and fixed-income instruments, and is headquartered in Toronto with offices in Hong Kong, London, Luxembourg, Mumbai, New York City, San Francisco, São Paulo and Sydney.

CPP Investments attracts and selects high-calibre individuals from top-tier institutions around the globe. Join our team and look forward to:

• A deeply rooted culture of Integrity, Partnership and High Performance
• Accelerated exposure and responsibility
• Global career development opportunities
• A flexible/hybrid work environment combining in office collaboration and remote working
• Being motivated every day by CPP Investments’ important social purpose and unshakable principles
• Stimulating work in a fast-paced, intellectually challenging environment
• Diverse and inspiring colleagues and approachable leaders

If you share a passion for performance, value a collegial and collaborative culture, and approach everything with the highest integrity, here’s an opportunity for you to invest your career at CPP Investments.

Reporting directly to the GLT - Managing Director, Head of Information & Corporate Security, the Managing Director, Cyber & Technology Risk Management, is a role that will be focused on mitigating cyber, technology, and data risks by driving the implementation of a risk management and internal control framework across the fund with particular focus on the Technology & Data (T&D) and Information Security (Infosec) departments.

In this role, you will be responsible for leading a team that will work collaboratively with the T&D and Infosec leadership teams to identify, assess, and mitigate risks to the fund’s information systems, data, and infrastructure; and instill a risk and control discipline through education, consultation, and the development of risk management capabilities across core activities. You will be the central source of risk mitigation for the leadership teams by:

• Utilizing technology, automation, and effective process design to optimize resources, and ensure the adoption of key risk processes across teams
• Monitoring emerging cyber and technology risks and trends and providing guidance on risk management strategies
• Establishing necessary standards and the associated governance and monitoring to ensure adherence and manage exceptions
• Enabling the on-time completion of action plans that address findings from Audits and reviews across the 3 lines of defense
• Providing regular insights via KRIs and other means, to senior leaders and other stakeholders on the fund’s cyber and technology risk posture
• Developing and implementing cyber and technology risk management processes and capabilities to protect the organization’s critical information assets and systems
• Enhancing and implementing a 1st line of defence risk and control assessment capability,
• Identifying risks and partnering with colleagues from Legal, Compliance, Risk, T&D, and Infosec to implement solutions to mitigate them
• Ensuring the development and updating of key documentation (e.g., standards, guidelines, etc.) to support T&D and Infosec processes and address fund-wide risks

This role will cultivate the best view of Cyber and Technology risks across the fund through active partnership with T&D leaders, Enterprise Risk, Audit, and other groups; and will lead enterprise initiatives to address transversal risks impacting the enterprise.

You will work collaboratively with Enterprise and Operational Risk to adopt and implement CPP Investments’ Integrated Risk Framework within T&D and Infosec and support enterprise risk reporting to Management and Board Risk Committees. You will work closely with both Internal and External Audit to identify risks, provide insight to maximize the value of Audit to support the department’s mandate and co-ordinate all audit activities on behalf of T&D and Infosec to assist them in execution of their mandates.

This role is also accountable for aspects of Vendor Risk Management including the execution of 3rd party information and cyber risk assessments as well as ensuring ongoing oversight and monitoring of vendor risks and performance. You will also partner with the Business Continuity management team to address business resilience and other risks holistically for the Fund.

Qualifications

If you possess many of the following, we’d like to hear from you:

Education & Professional Certifications:

• Undergraduate degree required, preferably in Technology / Data Science / business / finance or related discipline; post graduate degree is a plus.
• Industry recognized IT certification (e.g., CISA, CRISC, CISM, CISSP) or equivalent certification is desirable.

Professional Experience:

• Expert ability to design and evaluate risk based internal control programs, analyze situations, reach appropriate conclusions, and make value-added and practical recommendations.
• Able to make decisions and recommendations that effectively balance risk mitigation objectives with operational impacts to processes and departments
• Ability to evaluate an institution’s IT/information security program and provide advice on its ability to identify, protect, respond, and recover from threats and incidents.
• Ability to understand and communicate complex technical issues to technical and non-technical representatives.
• Advanced knowledge in IT, risk management, business resiliency, network management/architecture, vendor risk management, vulnerability management, information security, and data protection/management.
• Minimum 10 years of progressive management experience in technology and/or information risk management experience at complex financial institutions or investment companies.
• Knowledge of governance, risk, and compliance frameworks such as ITIL, NIST, COSO, COBIT, etc.

Personal Competencies:

• Ability to adapt to rapidly changing business needs and priorities with strong attention to detail and proven consistency.
• Demonstrated willingness and ability to keep abreast of current investment business and professional trends and organizational developments which could impact CPP Investments’ operating and risk environment.
• Proven ability to build and foster professional relationships and influence others effectively at senior management, peer, and staff levels.
• Superior communication skills (written and oral) with the ability to take concepts or events and present them simply, concisely, and effectively.
• Demonstrated ability to manage multiple complex engagements simultaneously, and to prioritize work and efforts of team effectively.
• Self-motivated and able to work independently and as part of a team having a “hands on” approach as well as appreciate diversity of thought and opinions.
• Strong judgment and creativity; strong problem-solving and analytical skills; ability to effectively process a large volume of information and draw meaningful/persuasive conclusions.

Additional Information

Mandatory Vaccine Policy

All employees in the Toronto, Sydney and Hong Kong offices will be required to be vaccinated against COVID-19. Accommodations to this policy will be made for medical or other protected grounds. Please contact us to discuss any accommodation needs.