Senior Analyst, Security Operations, Information & Corporate Security

Make an impact at a global and dynamic investment organization

When you join CPP Investments, you are joining one of the world’s most admired and respected institutional investors. As a professional investment management organization, CPP Investments invests the funds of the Canada Pension Plan (CPP) to help ensure its financial sustainability for generations of working and retired Canadians.

CPP Investments invests across regions and asset classes to build a globally diversified portfolio. It holds assets in public equity, private equity, real estate, infrastructure, and fixed income, and the CPP Fund is projected to reach $3.6trillion in assets by 2050. The organization is headquartered in Toronto with offices in Hong Kong, London, Mumbai, New York City, San Francisco, São Paulo, and Sydney.

CPP Investments successfully attracts, selects, and retains talented individuals from top-tier institutions worldwide. Join our team for access to:

• Stimulating work in a fast-paced and intellectually challenging environment
• Accelerated exposure and responsibility
• Diverse and inspiring colleagues and approachable leaders
• A hybrid-flexible work environment with an emphasis on in-person collaboration
• A culture rooted in principles of integrity, partnership, and high performance
• An organization with an important social purpose that positively impacts lives

If you have a passion for performance, value a collegial and collaborative culture, and approach work with the highest integrity, invest your career here.

Information Security partners with departments to advance technology and third-party information/cyber risk management capabilities that enable the Fund to compete effectively and take advantage of innovative technologies. The security operations team is responsible for security incident management and response, vulnerability management, security awareness and training, email security, data protection, and various other support areas with information security.

The Senior Analyst, Information Security, supports the delivery of enterprise-wide information security activities and capabilities, including assessing, quantifying and communicating security risk across the operational and project spectrums, participating in threat detection and incident response activities, proactively identifying vulnerabilities, participating in the management of security tools and technology, assisting with the development of security policies, procedures and technical standards, and other activities to support the mandate of the fund.

Accountabilities:

• Collaborate to solve complex security problems as part of a highly dynamic, close-knit team of dedicated security professionals.
• Manage the effective response to security related incidents in accordance with the established incident response framework.
• Analyze, manage, investigate, and document from various sources such as logs and security tools.
• Deploy and manage information security controls for assigned areas
• Collect relevant data to support the preparation of information security dashboards.
• Participate in the administration of information security-related governance activities.
• Strong analytical and troubleshooting abilities to investigate, identify and resolve security incidents quickly and effectively.
• Perform real-time monitoring of third-party threat intelligence feeds, forums, and mailing lists to gather information on vulnerabilities, exploits and threat actors applicable to the fund.
• Produce threat intelligence reports to support operational and strategic security planning workstreams.
• Assess security incident trend data to determine systemic operational risks and then support the development of solutions to mitigate risks.
• Conduct information security risk assessments, recording issues in the risk register and driving mitigating actions.
• Coordinate the remediation of audit and/or self-identified control deficiencies.
• Act as a security advisor on various security risks and issues to various departments.
• 24 hour a day on-call requirement for up to 30% of the month.
• Works well in high-pressure and fast paced environment
• Undergraduate degree or college diploma in related field
• 5+ years of relevant experience
• Experience managing and deploying IT infrastructure or cyber security technologies preferred.
• Possess relevant cybersecurity certifications (i.e., CISSP, CompTIA Security+, or equivalent).
• Strong technical capabilities in the areas of firewalls, anti-virus, content filtering, SIEM, threat intelligence, security orchestration and automation, vulnerability management and cloud security
• Knowledge of common attack vectors, malware behavior, and security frameworks (e.g., MITRE ATT&CK, NIST, ISO 27001).
• Familiarity with SIEM, EDR, DLP, and other security technologies.
• Strong written and verbal communication skills
• Preferred: Scripting and querying skills (e.g., Python, PowerShell, KQL or Bash) for automation and investigation

At CPP Investments, we are committed to diversity and equitable access to employment opportunities based on ability.

We thank all applicants for their interest but will only contact candidates selected to advance in the hiring process.

Our Commitment to Inclusion and Diversity:

In addition to being dedicated to building a workforce that reflects diverse talent, we are committed to fostering an inclusive and accessible experience. If you require an accommodation for any part of the recruitment process (including alternate formats of materials, accessible meeting rooms, etc.), please let us know and we will work with you to meet your needs.

Disclaimer:

CPP Investments does not accept resumes from employment placement agencies, head-hunters or recruitment suppliers that are not in a formal contractual arrangement with us. Our recruitment supplier arrangements are restricted to specific hiring needs and do not include this or other web-site job postings. Any resume or other information received from a supplier not approved by CPP Investments to provide resumes to this posting or web-site will be considered unsolicited and will not be considered. CPP Investments will not pay any referral, placement or other fee for the supply of such unsolicited resumes or information.