Manager, Cyber & Technology Risk Management, Information & Corporate Security (12 month contract)

CPP Investments View all jobs

  • Toronto, ON
  • Permanent
  • Full-time
  • 1 month ago
Make an impact at a global and dynamic investment organizationWhen you join CPP Investments, you are joining one of the world’s most admired and respected institutional investors. As a professional investment management organization, CPP Investments invests the funds of the Canada Pension Plan (CPP) to help ensure its financial sustainability for generations of working and retired Canadians.CPP Investments invests across regions and asset classes to build a globally diversified portfolio. It holds assets in public equity, private equity, real estate, infrastructure, and fixed income, and the CPP Fund is projected to reach $3.6 trillion in assets by 2050. The organization is headquartered in Toronto with offices in Hong Kong, London, Mumbai, New York City, São Paulo, and Sydney.CPP Investments successfully attracts, selects, and retains talented individuals from top-tier institutions worldwide. Join our team for access to:Stimulating work in a fast-paced and intellectually challenging environmentAccelerated exposure and responsibilityGlobal career development opportunitiesDiverse and inspiring colleagues and approachable leadersA hybrid-flexible work environment with an emphasis on in-person collaborationA culture rooted in principles of integrity, partnership, and high performanceAn organization with an important social purpose that positively impacts livesIf you have a passion for performance, value a collegial and collaborative culture, and approach work with the highest integrity, invest your career here.Role Summary:The work of our Cyber & Technology risk team plays a critical role in protecting CPP Investments as our technology landscape continues to evolve toward cloud native platforms, SaaS providers, and AI enabled products.
The Manager, Cyber & Technology Risk Management is responsible for leading end‑to‑end security and technology risk assessments for in‑house applications and systems and third‑party SaaS/PAAS/AI providers, with a strong emphasis on assessing information security risks in vendor product architecture, AI capabilities, data protection, and integration risk.Reporting to the Director, Cyber & Technology Risk, the successful candidate will partner closely with Technology, Procurement, Architecture, Legal, and Business stakeholders to support secure onboarding, risk informed decision making, and the continued maturity of the third party risk and security assessment program.Accountabilities & Qualifications:Qualifications:
  • Minimum 8 years of experience in information security, with demonstrated expertise in conducting third-party and application security assessments. Strong technical background with deep experience performing system and architecture security reviews within financial institutions, investment firms, or other large, complex enterprise or public sector environments.
  • Strong knowledge of SaaS security, Data Flow risks, and common cloud architectures, API, MCP (shared responsibility, multi-tenancy, IAM patterns, logging/monitoring). Working knowledge of security controls across IAM, data protection, application security, vulnerability management, incident response, and resilience.
  • Strong knowledge of cloud-based models (SaaS, PaaS, IaaS) and technologies used to implement controls within these environments, network security, application security, and vulnerability management.
  • Proficient in using various tools and methodologies for systems and architecture risk assessment and audit, such as SOC, NIST, ISO, COBIT, OWASP, etc.
  • Working knowledge of developing and maintaining SAAS and AI architecture patterns, control documentation, guidelines, and formal control statements aligned to common security domains and enterprise security requirements.
Competencies:
  • Demonstrated ability to perform evidence-based risk analysis beyond checklist compliance, with strong architecture literacy to critically assess real-world SaaS and cloud design patterns, and proven capability to evaluate AI/GenAI risks within vendor solutions.
  • Experience with GRC/TPRM platforms (e.g., ServiceNow GRC, Process Unity, Atlassian, Recorded Future and other Security Systems.
  • Report writing, Presentation (Power Point) and communication skills - being able to structurally document and present the assessment overview, finding and recommendation to both technical and non-technical audiences.
  • Detail-oriented individual with organizational, critical thinking, analytical, and problem-solving skills; able to maintain a balance between the details and the larger picture.
  • Undergraduate university degree, preferably in Technology and Certifications in systems and architecture security and risk management, such as CISSP, CISA, CRISC, etc., are preferred.
  • Hands on experience of effectively using AI systems such as GPT to effectively manage and automate the repeatable work.
Visit our or follow us on .At CPP Investments, we are committed to diversity and equitable access to employment opportunities based on ability.We thank all applicants for their interest but will only contact candidates selected to advance in the hiring process.Our Commitment to Inclusion and Diversity:In addition to being dedicated to building a workforce that reflects diverse talent, we are committed to fostering an inclusive and accessible experience. If you require an accommodation for any part of the recruitment process (including alternate formats of materials, accessible meeting rooms, etc.), please let us know and we will work with you to meet your needs.Disclaimer:CPP Investments does not accept resumes from employment placement agencies, head-hunters or recruitment suppliers that are not in a formal contractual arrangement with us. Our recruitment supplier arrangements are restricted to specific hiring needs and do not include this or other web-site job postings. Any resume or other information received from a supplier not approved by CPP Investments to provide resumes to this posting or web-site will be considered unsolicited and will not be considered. CPP Investments will not pay any referral, placement or other fee for the supply of such unsolicited resumes or information.#LI-ONSITE

CPP Investments