Director, Security Operations, Information

Company DescriptionMake an impact at a global and dynamic investment organizationWhen you join CPP Investments, you are joining one of the world’s most admired and respected institutional investors. As a professional investment management organization, CPP Investments invests the funds of the Canada Pension Plan (CPP) to help ensure its financial sustainability for generations of working and retired Canadians.CPP Investments invests across regions and asset classes to build a globally diversified portfolio. It holds assets in public equity, private equity, real estate, infrastructure, and fixed income, and the CPP Fund is projected to reach $ trillion in assets by 2050. The organization is headquartered in Toronto with offices in Hong Kong, London, Mumbai, New York City, San Francisco, São Paulo, and Sydney.CPP Investments successfully attracts, selects, and retains talented individuals from top-tier institutions worldwide. Join our team for access to:Stimulating work in a fast-paced and intellectually challenging environmentAccelerated exposure and responsibilityGlobal career development opportunitiesDiverse and inspiring colleagues and approachable leadersA hybrid-flexible work environment with an emphasis on in-person collaborationA culture rooted in principles of integrity, partnership, and high performanceAn organization with an important social purpose that positively impacts livesIf you have a passion for performance, value a collegial and collaborative culture, and approach work with the highest integrity, invest your career here. Job DescriptionThe Director, Information Security Operations will be a senior member of the Information Security group and Technology & Data department. The role will manage the Security Operations Center with direct responsibility for Detection & Monitoring Operations, Digital Forensics & Incident Response (DFIR), and Threat Hunting & Intelligence. The successful candidate must have a proven track-record of working closely with internal and external stakeholders to understand and safeguard the assets, people, and processes across a global firm.Role Specific Accountabilities:Lead the Security Operations Center, monitor emerging threats, oversee DFIR capabilities, enable outcomes-based metrics, and work closely with internal and external stakeholders for incident responses to determine appropriate courses of actionsDirect improvements to SIEM and SOC efforts for continuous maturity to response times and SLA complianceWork closely with the Managing Director to ensure that information security and risk management are embedded within the cultureImplement the next generation of cyber controls and threat analytics by leveraging automation, machine learning, and rich data sets.Identify and drive the end-to-end remediation of discovered or potential security vulnerabilities and mature operational security processes and procedures. With the Director, IT Risk Management, execute periodic security testing and reviews, promptly remediate any findings, and ensure policies, controls, and procedures are effective, documented, and understood by relevant stakeholders/roles through training and education.Effectively communicate investigative findings and strategies to technical staff, executive leadership, legal counsel, and internal and external clientsQualificationsIf you possess the following, we'd like to hear from you:Bachelor’s degree, with a technology or business emphasis, or equivalent education and experience.Possess one or more of the following industry certifications:CISSP / CISA / CISMCCSP – Certified Cloud Security ProfessionalSABSA - Security ArchitectureOther industry recognized Information Security certificationsDemonstrated knowledge of current cloud platforms, services and security best practices for their protectionDemonstrated knowledge and understanding of information security industry standards (, ISO17799, ISO27001, NIST, COBIT, ITIL, etc.), and legislative/regulatory requirements (, SAS-70, SOX, B198, PIPEDA, etc.)Minimum of 7-10 years experience in information security including:Security Management, Policy & Procedure development, Governance Frameworks, Security ProgramsExperience working with MSS partnersDeveloping and implementing cloud security architecturesRisk Assessment, Risk ManagementSecurity Architecture, IS Infrastructure ProcessesOperational security (network architecture, application, systems)Strong vendor managementStrong sense of teamworkAbility to create solutions to fit a diverse and complex environmentAdaptable to new technologies and challenges not previously encounteredAble to build strong relationships and communicate effectively with a diverse set of stakeholders, including business leaders, operational staff and technical engineersProven project management experienceExcellent written and oral communication skills, with the ability to work with both technical and business usersSelf-motivated with acute attention to detailInnovative and proactiveExemplify CPP Investments’ Guiding Principles of Integrity, High Performance and Partnership