Senior Analyst, Information Security (GRC) And Crisis Management

Reference Code: NQ-08-JO-13-TT-20
ABOUT US

We're one of Canada's largest pension investors, with CAD$299.7 billion of net assets as of March 31, 2025.

We invest funds for the pension plans of the federal public service, the Canadian Forces, the Royal Canadian Mounted Police and the Reserve Force. Headquartered in Ottawa, PSP Investments has its principal business office in Montreal and offices in New York, London and Hong Kong.

Capturing and leading complex global investments requires us to work as one to seize valuable opportunities, in close collaboration with some of the world's top companies. At PSP Investments, you'll join a team of motivated and engaged professionals, dedicated to propelling our organization further than ever before.

ABOUT YOUR ROLE

As a Senior Analyst, Security GRC & Crisis Management, you will report to the Manager, Security GRC and be part of the broader Information Security group. You will contribute to PSP's information security governance, risk, and compliance (GRC) program as well as to its enterprise crisis management capabilities. You will support the execution and continuous improvement of security frameworks, risk assessment processes, compliance activities, and crisis preparedness planning.

You will:

Security Governance, Risk & Compliance

- Support the maintenance and evolution of PSP's security governance framework, policies, standards, and procedures in alignment with ISO 27001, NIST CSF, and COBIT
- Conduct security risk assessments across business units, technology platforms, and third-party vendors; maintain the corporate security risk register
- Support internal and external audit activities related to information security; track compliance requirements, remediation activities, and control gaps
- Support the vendor risk management program, including security assessments and follow-up on outstanding action items
- Prepare security KPI/KRI reporting materials and contribute to briefings for the CISO and senior leadership
- Stay current on the evolving threat landscape and regulatory developments; share relevant findings with the team and cross-functional partners in Internal Audit, Legal, and Enterprise Risk

Crisis Management & Resilience

- Support the maintenance and improvement of PSP's Crisis Management Plan, Cyber Incident Response Plan, and related operational playbooks across all crisis scenarios - cyber, operational, reputational, and physical
- Assist in coordinating and facilitating crisis simulations and tabletop exercises across crisis types; document findings and track remediation actions
- Participate in the operational response to incidents and crisis events, including documentation, coordination across teams, and post-incident review
- Contribute to maintaining crisis communication protocols and contact lists for internal and external stakeholders
- Monitor threat intelligence feeds and sector information sources; collaborate with Business Continuity and other stakeholders to align business continuity/ disaster recovery objectives and identify synergies across programs, plans, and exercises within the broader crisis management framework

WHAT YOU'LL NEED

- Bachelor's degree in Information Security, Computer Science, Engineering, or a related field
- Three (3) to five (5) years of experience in information security, with significant exposure to security GRC activities
- Experience with and awareness of incident preparedness and crisis management processes
- Familiarity with security frameworks such as ISO 27001, NIST CSF, or COBIT
- Ability to organize and work either autonomously or collaboratively, manage competing priorities, and deliver quality work with minimal supervision in a fast-paced environment
- Strong analytical and writing skills; able to translate technical information into clear documentation for non-technical audiences
- Relevant certification or active pursuit thereof considered a strong asset; experience in financial services or a regulated industry an asset
- Bilingualism: English and French (frequent interactions in English with PSP employees based in our offices in Hong Kong, London and New York, and interactions in French with employees in our local offices in Montreal and Ottawa)

We offer a tailored employee experience and competitive total rewards and benefits package* designed to attract and retain global diverse talent, reward performance, and reinforce business strategies and priorities. Beyond salary and incentive pay eligibility, you have access to:

- Investment in career development
- Comprehensive group insurance plans
- Competitive pension plans
- Unlimited access to virtual healthcare services and wellness programs
- Gender-inclusive paid family leave policy: up to 26 weeks for primary caregivers, 5 weeks for secondary caregivers
- A personalized family-building support, from pre-pregnancy to menopause, with available financial assistance
- Vacation days available on day one with additional days on milestone service anniversaries, and summer Friday afternoons off
- A hybrid work model with a mix of in-office and remote days

*Benefits package may vary based on your employee type.

At PSP Investments, we aim to provide a workplace where everyone feels valued, safe, respected and empowered to grow. As part of this leadership commitment, we strongly encourage applications from all qualified applicants and strive to offer an inclusive and accessible candidate experience. If you require any accommodation for any part of the recruitment process, please let us know.

Visit us on
Follow us on LinkedIn
Languages: English, French
To apply: Click Apply Now!