ABOUT US
We’re one of Canada’s largest pension investment managers, with CAD$264.9 billion of net assets as of March 31, 2024.
We invest funds for the pension plans of the federal public service, the Canadian Forces, the Royal Canadian Mounted Police and the Reserve Force. Headquartered in Ottawa, PSP Investments has its principal business office in Montréal and offices in New York, London and Hong Kong.
Capturing and leading complex global investments requires us to work as one to seize valuable opportunities, in close collaboration with some of the world’s top companies. At PSP, you’ll join a team of motivated and engaged professionals, dedicated to propelling our organization further than ever before.
EXPERIENCE THE EDGE
At PSP, we encourage our employees to grow, forge powerful relationships, contribute and fuel inspired investment launchpads. We are committed to a culture that fosters collaboration and allows us to think beyond, in an interconnected way. We advocate for our employees to speak-up, learn, experiment, share, and be part of an inclusive work environment where diversity is embraced.
We’re seeking an Information Security Senior Analyst to contribute to the development, implementation, maintenance, and oversight of our information security practices. He (she) will promote and execute the security risk management framework and security risk assessment and security architecture activities across the organization to ensure that key risk issues are understood, communicated, and tracked and to enable the implementation of current and future technologies safely and at scale. He (she) will also be a key contributor to other activities under the responsibility of the Information Security team.
At PSP, we embrace people who are eager to learn, ideate, and innovate: people who strive for excellence, challenge the status quo and seek alternative perspectives.
ABOUT YOUR ROLE
As a senior analyst in the Information Security group, you will:
- Perform security risk assessments on internally developed initiatives and third parties, and support the implementation of security requirements that will protect PSP’s information from disclosure, modification, or destruction, and improve overall security:
- Define, identify and classify critical assets
- Assess security threats, vulnerabilities, and risks
- Identify gaps in security controls and provide security recommendations (contractual, technical, operational)
- Follow-up on and assist with the implementation of these recommendations
- Contribute to the definition of policies, procedures, frameworks and processes to implement the security strategy across the organization
- Ensure derogations and exceptions from information security policies, procedures and processes are properly documented and managed
- Provide advisory on security related processes, encompassing physical and digital asset protection
- Build and maintain reporting dashboards
- Represent Information Security within working groups and projects to ensure that information security requirements are communicated and complied with
- Contribute to the Information Security team’s improvement activities and projects
- Keep abreast of industry relevant information security trends and risks
- Strong facilitation skills and clear ability to influence and foster meaningful relationships with stakeholders
- Strong, proven problem-solving skills and demonstrated initiative and curiosity to look beyond surface facts and conduct comprehensive, fact-based, value-added research
- Superior written and oral communication skills, and ability to explain complex matters in an understandable form to business partners and leaders
- Desire to be part of a dynamic team and work collaboratively with people
- Ability to effectively apply agile methodologies and navigate a fast-paced work environment with a high level of autonomy and accountability
- Capacity to adapt to change, manage time and expectations, and be flexible with evolving priorities in a growing organization
- Excellent work ethic and integrity, ability to handle confidential matters in a professional manner, applying the appropriate level of judgement and maturity
- Drive to pursue excellence and proactively challenge the status quo to seek out alternative perspectives
WHAT YOU’LL NEED
- Bachelor’s degree in information security, information technology, computer science or business administration (specialization in information systems is considered an asset)
- Relevant professional designation: CISSP, CISM, CISA, CRISC, or CGEIT, an asset
- At least five (5) years of relevant professional experience in an information security or IT risk position, including strong experience in information security governance and management
- Experience in financial institutions or in the investment sector, a strong asset
- Experience performing risk assessments of cloud-based technologies such as Microsoft Azure, an asset
- Understanding of information security, risk and control frameworks, standards and best practices (ISO 27001, NIST, COBIT, ITIL, etc.)
- Knowledge of Power BI, an asset
- Knowledge of trends and developments in the areas of information security and risk management
- Bilingualism: English and French (frequent interactions in English with PSP employees based in our offices in Hong Kong, London and New York, and interactions in French with employees in our local offices in Montreal and Ottawa)
