Director, Cyber Security

The opportunity

As the Director, Cyber Security, you will be responsible for leading and overseeing the cyber security strategy, architecture, governance, and program delivery for Ontario Teachers' Pension Plan (OTPP), one of the world's largest and most innovative pension funds. You will ensure that OTPP's cyber security posture is aligned with its business objectives, cyber risk appetite, and required cyber security regulatory obligations. You will also foster a culture of cyber resilience and awareness across the organization and its external partners.

Who you'll work with

You will report to the Managing Director, and Chief Information Security Officer, and lead a team of cyber security professionals. You will partner with business leaders and technology teams across OTPP to provide cyber security guidance, standards, oversight, and support. You will also engage with external stakeholders, such as auditors, vendors, and industry peers, to represent OTPP's cyber security interests and best practices.

What you'll do- Develop and implement a comprehensive and integrated cyber security strategy, framework, program, and roadmap for OTPP, aligned with its cyber risk appetite, vision, mission, and values.- Establish and maintain cyber security policies, standards, procedures, and controls to protect OTPP's information assets, systems, and networks from cyber threats and incidents.- Manage and coordinate the cyber security incident response process, ensuring awareness, training, timely identification, containment, mitigation, and resolution of cyber incidents.- Provide cyber security advisory and consulting services to business and technology stakeholders, ensuring that cyber security requirements and best practices are documented, approved, embedded in the design, development, and delivery of OTPP's products, services, and initiatives.- Lead and manage the cyber security awareness and education program, promoting a cyber-savvy culture and enhancing the cyber security competencies and capabilities of OTPP's staff and Board members.- Manage and oversee the cyber-security due diligence process for third-party service providers that store and/or process OTPP’s Confidential or Secret data. Including ensuring that cyber security risks/controls are identified, any gaps are adequately addressed or accepted, and that they’re included in the ongoing monitoring of third-party service providers.- Conduct and facilitate cyber security, assessments, and testing, ensuring that cyber security practices are working as expected and gaps/issues are identified, reported, and remediated.- Research and evaluate emerging cyber security trends, threats, and technologies, and provide recommendations and insights to enhance OTPP's cyber security posture and capabilities.- Build and maintain effective relationships with internal and external stakeholders, and represent OTPP in various cyber security forums, committees, and working groups.- Manage and oversee OTPP’s Cyber Security Program, including annual third-party reviews of the program.

What you'll need- A minimum of 10 years of progressive experience in cyber security, information security, or IT risk management, preferably in the financial services industry.- A minimum of 5 years of experience in leading and managing highly specialized technology and security teams, projects, and initiatives.- A bachelor's degree or equivalent in computer science, information systems, engineering, or a related field.- A recognized cyber security certification, such as CISSP.- Extensive knowledge and experience in cyber security domains, such as governance, risk management, compliance, architecture, networks, operations, incident response, threat intelligence, and awareness.- Strong knowledge and experience in cyber security frameworks, standards, and best practices, such as NIST CSF and ISO27001.- Strong knowledge and experience in cyber security technologies, tools, and solutions, such as DLP, EDR, IAM, encryption, cloud security, zero-trust architecture, and SASE.- Strong knowledge and experience in cyber security regulations, laws, and guidelines.- Excellent communication, presentation, and interpersonal skills, with the ability to communicate complex cyber security concepts and issues to various audiences and levels, such as OTPP executive team and the Board.- Excellent analytical, problem-solving, and decision-making skills, with the ability to identify, assess, and manage cyber security risks and issues.- Excellent leadership, collaboration, and innovation skills, with the ability to inspire, motivate, and influence others.- High degree of professionalism, ethics, and integrity, with the ability to handle highly sensitive information.

LI-OTPP, #LI-EO, #LI-Hybrid

What we’re offering- Pay-for-performance environment that offers competitive salary and incentive- Numerous opportunities for professional growth and development- Comprehensive employer paid benefits coverage- Retirement income