Manager, Cyber and Technology Risk Management

Team Summary

Cyber & Technology Risk Management is the frontline risk partner within the Information & Corporate Security function, working closely with Technology & Data (T&D), Information Security, and business teams to strengthen CPP Investments’ resilience and safeguard critical information and platforms. We provide an enterprise‑wide view of technology and cyber risk for senior leadership and steward the practices and governance that enable secure, reliable delivery of business outcomes.

Job Description

Reporting to the Managing Director, Cyber & Technology Risk Management, this Cyber and Technology Risk Manager role will be focused on mitigating cyber, technology, and data risks by assisting in the implementation of a risk management and internal control framework with particular focus on the Technology & Data (T&D) and Information Security (Infosec) departments.

In this role, you will be responsible for working collaboratively with the T&D and Infosec teams to identify, assess, and mitigate risks to the fund’s information systems, data, and infrastructure; and instill a risk and control discipline through education, consultation, and the development of risk management capabilities across core activities. You will assist the team by:

• Developing and implementing cyber and technology risk management processes and capabilities to protect the organization’s critical information assets and systems
• Enabling regular insights via KRIs and other means, to senior leaders and other stakeholders on the fund’s cyber and technology risk posture
• Supporting the enhancement and implementation of a 1st line of defence risk and control assessment capability,
• Support the development and updating of key documentation (e.g., standards, guidelines, etc.) to support T&D and Infosec processes and address fund-wide risks
• Facilitate the establishment of necessary standards and the associated governance and monitoring to ensure adherence and manage exceptions
• Support and lead on-time completion of action plans that address findings from Audits and reviews across the 3 lines of defense
• Identifying risks and partnering with colleagues from Legal, Compliance, Risk, T&D, and Infosec to implement solutions to mitigate them

This role will support the cultivation of the best view of Cyber and Technology risks across the fund through active partnership with T&D teams, Enterprise Risk, Audit, and other groups; and will support the Cyber and Technology Risk Management team in leading enterprise initiatives to address transversal risks impacting the enterprise.

You will support the team to work collaboratively with Enterprise and Operational Risk on the adoption and implementation of CPP Investments’ Integrated Risk Framework within T&D and Infosec and support enterprise risk reporting. You will work closely with both Internal and External Audit to identify risks, provide insight to maximize the value of Audit to support the department’s mandate and co-ordinate all audit activities on behalf of T&D and Infosec to assist them in execution of their mandates.