Manager, Cybersecurity - Old Toronto, Canada - University Pension Plan

Description

Tuesday, February 13, 2024

ABOUT UPP

UPP is the first pension plan of its kind in Ontario's university sector, proudly serving over 39,000 members across four universities and 12 affiliate organizations. Our purpose is to bring greater retirement peace of mind to the university sector by investing with integrity and serving members with care. As a sector-wide plan designed for growth, our doors are open to all Ontario universities.

Together, we're a team of progressive thinkers and agile doers operating within a fast-paced culture of collaboration and respect. We believe in bringing smart and capable people together to create, solve and grow with a clear shared vision and values of integrity, inclusivity, ingenuity, and impact.

Our culture is intentionally welcoming and purposefully rooted in equity, diversity, inclusion, and reconciliation (EDIR). We believe diverse teams, perspectives, and lived experiences contribute to better decisions and a better workplace.

As a long-term investor, we recognize that environmental, social and governance ("ESG") factors support risk management and value creation. As stated in our Responsible Investing Policy , we are committed to incorporating ESG considerations into our investment management activities and we collaborate with other industry participants in the promotion of a sustainable economy and society.

Join us in building a bright future for our members, our organization, and each other.

THE ROLE

We are looking for a Manager, Cybersecurity, with strong experience and expertise in cybersecurity. The ideal candidate should have a proven track record of implementing a robust and scalable security strategy. We value individuals who are proactive, effective communicators, and team players.

As the Manager, Cybersecurity, you will report directly to the Cybersecurity Lead. Your primary responsibilities will include advancing the organization's security program with your expertise through analysis, prioritizing additional controls, and creating a roadmap for continuous improvement of our security posture.

This presents an excellent opportunity for an experienced security professional to join a high-performing team and make a significant impact in a rapidly growing and dynamic organization.

UPP is based in Toronto's financial district and has a hybrid work model (~2 days / week in office).

KEY ACCOUNTABILITIES:

The Manager, Cybersecurity will be responsible for a variety of duties, including but not limited to the following:

• Advocate for a cybersecurity-aware culture across the organization, fostering a sense of responsibility for security among all employees.
• Provide Cybersecurity expertise to implement best practices, delivering comprehensive program updates focusing on high-level risks, threats, and mitigation strategies.
• Educate business users to raise awareness of cybersecurity risks and encourage proactive collaboration in maintaining a secure environment.
• Conduct thorough risk assessments and analysis to identify potential vulnerabilities and threats to UPP.
• Provide guidance and leadership during high profile cybersecurity incidents involving third-party providers, ensuring a swift and effective response.
• Manage the organization's adherence to relevant cybersecurity regulations.
• Leverage and manage cybersecurity vendors, ensuring that third-party services align and successfully deliver UPP security initiatives.
• Assist in the development and delivery of cybersecurity training programs and specialized modules for key areas within UPP.
• Create plans of action for the security program target state and roadmap milestones for improving the organization's security posture
• Identify compliance, information security, and business continuity risks to the organization and partner with architecture and operations to make recommendations for corrective actions/mitigation of risks.
• Assess, define, and document security solutions, controls, and processes for cloud platforms.
• Identify compliance, information security, and business continuity risks to the organization and partner with architecture and operations to make recommendations for corrective actions/mitigation of risks.
• Development of technology risk reporting and governance practices to identify, protect, detect, respond, and recover to current and emerging security threats.
• Development and/or implementation of standards, policies, procedures, and solutions as it relates to key Access Management controls.
• Ensure all required information security requirements and related reporting are met.

QUALIFICATIONS & EXPERIENCE:

• Bachelor's degree in Cybersecurity, Information Technology, or a related field. Advanced degree or relevant certifications (e.g., CISSP, CISM) preferred.
• 5+ years of proven experience in a senior-level cybersecurity role with a focus on Cyber program development and vendor management.
• In-depth knowledge of cybersecurity frameworks, risk management, and compliance standards.
• Strong communication and presentation skills, with the ability to translate technical concepts into business-oriented language.
• Demonstrated experience in incident response and crisis management.
• Exceptional leadership skills and the ability to collaborate with cross-functional teams.
• Experience with Information Security and Risk Management governance structures and programs
• Experience collaborating across various business units to ensure that technology operations and information security requirements are included in contracts by liaising with vendor compliance and finance/procurement teams.
• Expertise in cybersecurity, firewalls, network security, application security.
• Proven experience estimating duration of initiatives.

ATTRIBUTES:

• Excellent written and verbal communications
• Ability to design and implement repeatable processes.
• Ability to organize and drive results from different contributors.
• Strong analytic skills
• Self-motivated with a hands-on attitude
• Strong commitment to innovation and continuous improvement
• Ability to effectively identify emerging technologies, trends, threats, standards, and products that have a strong potential to improve the organization's security posture.

PERSONALITY TRAITS:

• Self-driven
• Strong work ethic
• Passion for learning
• Personable
• Confident

LIFE AT UPP

Do work that matters . We are duty-bound to serve our members' interests, and it's a responsibility we don't take lightly. That's why we've ingrained sustainability in our work from day one—to ensure our members have a resilient future to retire into, both today and for generations to come.

Stronger together . Collaboration is how UPP was born, and it's how we work with each other and our partners day in, day out. No one at UPP is just a number (even if they are excellent at math) and every win is a shared win.

Grow every day . You'll have the opportunity to work on unique, once-in-a-career projects that maximize your skill set and probably teach you some new ones—at any stage in your career.

Prioritize wellness . At UPP, wellness takes many forms. Ultimately, it's about ensuring our people are cared for in the ways that matter to them. Check out some highlights of our inclusive employee-focused benefits program including:

• Work from abroad up to eight weeks/year
• Extended paramedical and mental health service coverage
• Health care and lifestyle spending accounts
• Fertility treatments, paid parental leave, and gender affirmation coverage
• Education Assistance program

UPP enthusiastically welcomes applications from all qualified applicants and especially invites people with lived experience as an Indigenous person, a person with a disability or as a member of another Human Rights Code protected group that faces barriers to employment to apply. Our goal is to create a barrier-free experience for every candidate throughout the recruitment process, so if you require accommodation at any point during the process, please let us know so that we can make the appropriate arrangements. It would be our honor to work with you to adapt our processes to ensure that you can meaningfully participate.