Senior Manager, Information Security

About Us
We’re one of Canada’s largest pension investment managers, with CAD$230.5 billion of net assets as at March 31, 2022.
       
We invest funds for the pension plans of the federal public service, the Canadian Forces, the Royal Canadian Mounted Police and the Reserve Force. Headquartered in Ottawa, PSP Investments has its principal business office in Montréal and offices in New York, London and Hong Kong.
 
Capturing and leading complex global investments requires us to work as one to seize valuable opportunities, in close collaboration with some of the world’s top companies. At PSP, you’ll join a team of motivated and engaged professionals, dedicated to propelling our organization further than ever before.
Experience The Edge
At PSP, we encourage our employees to grow, forge powerful relationships, contribute and fuel inspired investment launchpads. We are committed to a culture that fosters collaboration and allows us to think beyond, in an interconnected way. We advocate for our employees to speak-up, learn, experiment, share, and be part of an inclusive work environment where diversity is embraced.
About The Team
As a member of the Information Security team, you will act as a partner to the technology teams and business lines on information security issues. You will support the organization in the management of security risks to ensure that PSP’s information assets are adequately protected, in line with its vision for information security and protection. You will be responsible for mitigating reputational, financial, operational, physical and personal exposure due to information security risk as the lead of the Security Advisory and GRC (governance, risk & compliance) groups.
About Your Role
As a Senior Manager, Information Security, you’ll:

• Coordinate, plan and execute the security assurance program, including security testing, tabletop exercises, configuration management, compliance monitoring, etc.;
• As an experienced manager and information security expert, actively contribute to the definition and implementation of the security strategy, in line with PSP's strategic vision and digital strategy;
• Act as a strategic partner in information security for technology and business projects and participate in the deployment of technological solutions and business systems to support their secure implementation;
• Lead security risk assessments across the organization, including third party risks, to ensure that key risks are known, communicated and adequately tracked;
• Define, implement and maintain security policies and procedures;
• Develop and maintain collaboration with the security engineering and operations teams, as well as our internal business partners (procurement, legal, etc.), to uphold the proper functioning of security processes and controls;
• Coordinate and develop the security risk and advisory offering, manage team priorities and capacity, and diligently address issues using a solution-oriented approach;
• Provide guidance, direction and coaching to the team to foster their development, support their performance and make sure objectives are met;
• As the owner of the security risk management framework, oversee its evolution, application and compliance;
• Represent Information Security on working groups for various initiatives or activities to ensure communication of and compliance with information security requirements;

What You’ll Need

• Knowledge of SDLC processes and Agile/DevOps/DevSecOps delivery methods;
• Bachelor's degree in information technology or administration (specialization in information systems or security), or a combination of education and experience deemed equivalent;
• Significant experience in a team management and development role;
• In-depth knowledge and understanding of application, cloud and systems security, and proficiency in applicable security solutions;
• Bilingualism (English and French).
• In-depth knowledge and understanding of information security management frameworks, standards and best practices (ISO 27001, NIST, COBIT, ITIL, etc.);
• Minimum of ten (10) years of relevant experience, including extensive experience in information security, technology risk or security architecture. Experience in the financial or investment sector is considered an asset;
• Relevant professional designations (CISSP, CSSLP, CISM, CISA, CRISC, CGEIT), an asset;

We offer a tailored employee experience and competitive total rewards and benefits package* designed to attract and retain global diverse talent, reward performance, and reinforce business strategies and priorities. Beyond salary and incentive pay eligibility, you have access to:

• Unlimited access to virtual healthcare services and wellness programs
• Generous and inclusive paid family leave
• Vacation days available on day one with additional days on milestone service anniversaries, and summer Friday afternoons off
• A flexible hybrid work model with a mix of in-office and remote days based on business groups, teams, and roles
• Investment in career development
• Competitive pension plans
• Comprehensive group insurance plans
• A hybrid allowance to support any hybrid related needs
• Benefits package may vary based on your employee type.

At PSP, we aim to provide an inclusive workplace where we leverage diversity and where everyone feels valued, safe, respected and empowered to grow. As part of this leadership commitment, we strongly encourage applications from all qualified applicants and strive to offer an inclusive and accessible candidate experience. If you require any accommodation for any part of the recruitment process, please let us know.
Visit us on www.investpsp.com/en/
Follow us on LinkedIn
Vaccination: We are committed to a healthy and safe work environment. As a Canadian Crown Corporation with offices around the world, we adhere to Canadian and local government guidelines regarding COVID-19. Vaccination is not currently a mandatory employment criteria. However, this is subject to change, depending on Canadian and local government guidelines.