Job Description & How to Apply Below
Joining CPP Investments means joining one of the world’s most admired and respected institutional investors to drive a single mandate: to deliver strong, sustainable returns for generations of Canadians.
Purpose. Performance. People.
Joining CPP Investments means joining one of the world’s most admired and respected institutional investors to drive a single mandate: to deliver strong, sustainable returns for generations of Canadians.
With a long-term horizon and global reach, we deploy capital at scale across public and private markets. Our size, stability, and disciplined investment philosophy allow us to pursue complex opportunities and build enduring partnerships worldwide.
For our people, this means meaningful work with tangible impact, real opportunity, and collaboration with exceptional colleagues who value partnership and performance. Here, you’ll contribute to outcomes that matter alongside team members committed to excellence and shared success.
Role
Summary:
The Director, Information Security Operations will be a senior member of the Information Security group and Technology & Data department. The role will manage the Security Operations Center with direct responsibility for Detection & Monitoring Operations, Digital Forensics & Incident Response (DFIR), and Threat Hunting & Intelligence. The successful candidate must have a proven track-record of working closely with internal and external stakeholders to understand and safeguard the assets, people, and processes across a global firm.
Accountabilities &
Qualifications:
Lead the Security Operations Center, monitor emerging threats, oversee DFIR capabilities, enable outcomes-based metrics, and work closely with internal and external stakeholders for incident responses to determine appropriate courses of actions
Direct improvements to SIEM and SOC efforts for continuous maturity to response times and SLA compliance
Work closely with the Managing Director to ensure that information security and risk management are embedded within the culture
Implement the next generation of cyber controls and threat analytics by leveraging automation, machine learning, and rich data sets.
Identify and drive the end-to-end remediation of discovered or potential security vulnerabilities and mature operational security processes and procedures.
With the Director, IT Risk Management, execute periodic security testing and reviews, promptly remediate any findings, and ensure policies, controls, and procedures are effective, documented, and understood by relevant stakeholders/roles through training and education.
Effectively communicate investigative findings and strategies to technical staff, executive leadership, legal counsel, and internal and external clients
Qualifications
Bachelor’s degree, with a technology or business emphasis, or equivalent education and experience.
Possess one or more of the following industry certifications:
CISSP / CISA / CISM
CCSP – Certified Cloud Security Professional
SABSA - Security Architecture
Other industry recognized Information Security certifications
Demonstrated knowledge of current cloud platforms, services and security best practices for their protection
Demonstrated knowledge and understanding of information security industry standards (e.g., ISO
17799, ISO
27001, NIST, COBIT, ITIL, etc.), and legislative/regulatory requirements (e.g., SAS-70, SOX, B198, PIPEDA, etc.)
Minimum of 7-10 years experience in information security including:
Security Management, Policy & Procedure development, Governance Frameworks, Security Programs
Experience working with MSS partners
Developing and implementing cloud security architectures
Risk Assessment, Risk Management
Security Architecture, IS Infrastructure Processes
Operational security (network architecture, application, systems)
Strong vendor management
Strong sense of teamwork
Ability to create solutions to fit a diverse and complex environment
Adaptable to new technologies and challenges not previously encountered
Able to build strong relationships and communicate effectively with a diverse set of stakeholders, including business leaders, operational staff and technical engineers
Prove…
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
Search for further Jobs Here:
×