PSP Investments manages roughly $299.7 billion in net assets on behalf of Canada's public service pension plans. Founded in 1999, the Crown corporation operates from offices in Montreal, Ottawa, New York, London, and Hong Kong, running a global investment portfolio that spans multiple asset classes and jurisdictions.
For cybersecurity professionals, the threat surface here is the whole stack: a financial institution responsible for the retirement security of public-sector workers, operating across five countries with distinct regulatory regimes. The attack model isn't theoretical - it's nation-state actors targeting financial infrastructure, supply-chain risk across global vendors, insider threats with access to privileged financial data, and the compliance burden of cross-border data protection laws. The stakes are concrete: a breach doesn't just mean lost data, it means potential exposure of pension entitlements for hundreds of thousands of public servants.
PSP Investments' Montreal headquarters anchors the operation, with satellite offices in Ottawa, New York, London, and Hong Kong providing both geographic reach and jurisdictional complexity. Security teams operating in this environment work across cloud and on-prem infrastructure, manage identity and access at scale for a globally distributed workforce, and interface directly with regulators in multiple territories. The work is less about perimeter defense and more about defending a sprawling, high-value financial operation where the assets under management are the target.