Senior Analyst, Business Information Security
EXPERIENCE THE EDGE
We’re one of Canada’s largest pension investment managers, with CAD$153 billion of net assets. We invest funds for the pension plans of the federal public service, the Canadian Forces, the Royal Canadian Mounted Police and the Reserve Force.
Capturing and leading complex global investments requires us to work as one to seize valuable opportunities, in close collaboration with some of the world’s top companies. At PSP, you’ll join a team of motivated and engaged professionals, dedicated to propelling our organization further than ever before.
Do you have what it takes to spot the edge?
We’re seeking a Senior Analyst to act as a Business Information Security specialist and contribute to the identification, development, implementation, maintenance and oversight of information security policies, procedures, and processes across the organization in order to reduce risks and limit exposure to liability in all areas of reputational, financial, physical and personal risk.
ABOUT YOUR ROLE
As a Senior Analyst, Business Information Security you’ll
- Conduct security risk assessments across the organization to ensure that key risk issues are understood, communicated, and tracked on the risk register
- Perform security risk assessments to define, identify and classify critical assets, assess threats and vulnerabilities, and provide safeguard recommendations; follow-up on and assist with the implementation of recommendations stemming from assessments
- Collaborate to the definition and communication of information security metrics and key performance indicators, which will ultimately be reported to executive management
- Contribute to the security awareness and training program to support continuous education on security-related topics
- Contribute to the definition of policies, procedures, frameworks and processes to implement the security strategy across the organization
- Contribute to the definition of security controls and audit requirements to monitor the effectiveness of security policies, procedures and management frameworks
- Ensure derogations from information security policies, procedures and processes are properly managed
- Coordinate security related processes, encompassing physical and digital asset protection
- Represent Business Information Security within working groups to ensure that information security requirements are communicated and complied with
- Keep abreast of industry-relevant information security trends and risks
WHAT WE’RE LOOKING FOR
- Strong facilitation skills and clear ability to foster meaningful relationships with stakeholders at all levels
- Strong, proven problem-solving skills and ability to identify, analyze, and resolve problems, driving solutions through to completion
- Demonstrated consultative approach to planning and managing projects, and driving change
- Superior written and oral communication skills, and ability to explain complex matters in an understandable form to business partners and leaders
- Excellent work ethic and integrity, ability to handle confidential matters in a professional manner, applying the appropriate level of judgment and maturity
- Capacity to adapt to change and be flexible with evolving priorities in a growing organization
- Proactive, hardworking and results-oriented; ability to handle pressure in a fast-paced environment
- Desire to be part of a dynamic team and work collaboratively
WHAT YOU’LL NEED
- Bachelor’s degree in information technology, computer science or administration (major/specialization in information systems is considered an asset)
- Relevant professional designation CISSP, CISM, CISA, CRISC, or CGEIT
- At least five (5) years of relevant professional experience in an information security or IT risk position, including strong experience in information security governance and consultative stakeholder management
- Experience in financial institutions or in the investment sector, an asset
- Deep knowledge and understanding of information security and risk frameworks, standards and best practices (ISO 27001, NIST, COBIT, etc.)
- Knowledge of trends and developments in the areas of information security and risk management
- Bilingualism required (French and English)
PSP Investments is an equal opportunity employer. PSP Investments does not discriminate against applicants based on race, color, sex, religion, national origin, disability or any other status or condition protected by applicable law.
This position is located at our Montreal offices.
Visit us on LinkedIn.