Manager, Technology & Data Audit

Make an impact at a global and dynamic investment organization

When you join CPP Investments, you are joining one of the world’s most admired and respected institutional investors. As a professional investment management organization, CPP Investments invests the funds of the Canada Pension Plan (CPP) to help ensure its financial sustainability for generations of working and retired Canadians.

CPP Investments invests across regions and asset classes to build a globally diversified portfolio. It holds assets in public equity, private equity, real estate, infrastructure, and fixed income, and the CPP Fund is projected to reach $3.6trillion in assets by 2050. The organization is headquartered in Toronto with offices in Hong Kong, London, Mumbai, New York City, San Francisco, São Paulo, and Sydney.

CPP Investments successfully attracts, selects, and retains talented individuals from top-tier institutions worldwide. Join our team for access to:

• Stimulating work in a fast-paced and intellectually challenging environment
• Accelerated exposure and responsibility
• Diverse and inspiring colleagues and approachable leaders
• A hybrid-flexible work environment with an emphasis on in-person collaboration
• A culture rooted in principles of integrity, partnership, and high performance
• An organization with an important social purpose that positively impacts lives

If you have a passion for performance, value a collegial and collaborative culture, and approach work with the highest integrity, invest your career here.

OurAssurance & Advisory (A&A) teamplays a critical role inevaluating and enhancing CPP Investments' technology risk management, IT governance, cybersecurity, and data governance frameworks. We are seeking aManager, Technology & Data, A&Ato lead and executehigh-impact technology audits and advisory engagements.

This role requires7+ years of experienceinIT auditing, technology risk management, or cybersecurity, with expertise inIT governance, data analytics, and emerging technology risks.

Role Overview

Reporting to a Director, A&A, the Manager, Technology & Data, Audit will be responsible forleading and executing technology-focused audits, providingstrategic insights on IT risk management, and ensuring compliance withindustry standards and best practices. You will work closely withsenior leadership, risk management, and compliance teamsto enhance CPP Investments'technology governance and cybersecurity posture.

This role will provideexecution, guidance, and trainingto the broader A&A team, ensuringcomprehensive coverage of technology riskswithin the audit universe. All activities will be conducted in strict adherence to theInternational Standards for the Professional Practice of Internal Auditing, as well asaccepted industry practices and other commonly recognized frameworksthat exceed the profession’s mandatory requirements.

Key Responsibilities

• Lead and participatein technology audits, evaluating the design and effectiveness of controls related to:
  • Technology infrastructure(networks, servers, databases).
  • Enterprise applications and systems.
  • Cybersecurity frameworks and controls.
  • Cloud services(Azure).
  • Identity Access Management (IAM) and data security.
  • ITGCs, Interface and application controls.
• Develop and implementaudit approaches and coverage strategiesto ensure comprehensive risk assessment.
• Provideassurance over key risk management strategies, ensuring alignment with industry best practices.
• Provide coaching and guidance to junior auditors ensuring timeliness and quality of deliverables.
• Performcontinual assessment of emerging risks, suggesting adjustments to audit plans accordingly.
• Ensure audit work is conducted in accordance withindustry standards(e.g., ISACA, IIA, NIST, ISO 27001, COBIT).
• Documentaudit findings and recommendationsin a clear, concise, and actionable manner for senior leadership.

2. Strategic Advisory & Stakeholder Collaboration

• Work closely withTechnology & Data leadership, Enterprise Risk, and Compliance teamsto align audit activities with business objectives.
• Act as atrusted advisorto business units, offering insights on best practices forIT governance, risk, and compliance.
• Influencestrategic decisionsby providingdata-driven insights on IT risk management.
• Fosterstrong relationships with business partners and other stakeholdersto enhance risk awareness and control effectiveness.
• Leveragedata analytics and automationto enhance audit efficiency and effectiveness.
• Stay updated onemerging technologies, cybersecurity threats, and regulatory changesto ensure audit methodologies remain relevant.
• Analyzecomplex IT systemsto identify areas for improvement and recommend effective solutions.
• Communicatecomplex technical risksin a business-friendly manner to senior leadership.

Education & Certifications

• Bachelor’s degreeinComputer Science, Information Systems, Business, Accounting, or a related field.
• Professional certifications(at least one required): CISA, CISSP, CRISC, CISM, CGEIT, CIA
• Knowledge of IT governance frameworks(COBIT, NIST, ISO 27001) is essential.

Professional Experience

• 7+ years of experienceinIT auditing, internal audit, technology risk management, or cybersecurity assessments.
• Strong understanding ofIT general controls (ITGCs), application controls, cloud security, and data governance.
• Experience withaudit methodologies, risk management practices, and regulatory compliancein financial services or investment management.
• Proven ability towrite succinct audit findings/reportsthat provide meaningful insights to senior leadership.
• Strong organizational/project management skills, the ability to manage end to end audits and achieve multiple deadlines, both internal and external.
• Critical Thinking & Attention to Detail: Ability to identify risks and assess control effectiveness with a keen eye for detail.
• Communications & Simplification: Superior communication skills (written and oral) with the ability to take concepts or risks or technical control gaps and present them simply, concisely and effectively.
• Collaboration & Influence: Strong interpersonal skills to work effectively with cross-functional teams.
• Adaptability & Innovation: Willingness to embrace change and leverage new technologies to enhance audit processes.
• Integrity & Accountability: Commitment to ethical auditing practices and professional standards.

At CPP Investments, we are committed to diversity and equitable access to employment opportunities based on ability.

We thank all applicants for their interest but will only contact candidates selected to advance in the hiring process.

Our Commitment to Inclusion and Diversity:

In addition to being dedicated to building a workforce that reflects diverse talent, we are committed to fostering an inclusive and accessible experience. If you require an accommodation for any part of the recruitment process (including alternate formats of materials, accessible meeting rooms, etc.), please let us know and we will work with you to meet your needs.

Disclaimer:

CPP Investments does not accept resumes from employment placement agencies, head-hunters or recruitment suppliers that are not in a formal contractual arrangement with us. Our recruitment supplier arrangements are restricted to specific hiring needs and do not include this or other web-site job postings. Any resume or other information received from a supplier not approved by CPP Investments to provide resumes to this posting or web-site will be considered unsolicited and will not be considered. CPP Investments will not pay any referral, placement or other fee for the supply of such unsolicited resumes or information.