ABOUT US
We’re one of Canada’s largest pension investors, with CAD$299.7 billion of net assets as of March 31, 2025.
We invest funds for the pension plans of the federal public service, the Canadian Forces, the Royal Canadian Mounted Police and the Reserve Force. Headquartered in Ottawa, PSP Investments has its principal business office in Montréal and offices in New York, London and Hong Kong.
Capturing and leading complex global investments requires us to work as one to seize valuable opportunities, in close collaboration with some of the world’s top companies. At PSP Investments, you’ll join a team of motivated and engaged professionals, dedicated to propelling our organization further than ever before.
ABOUT YOUR ROLE
As a Senior Analyst, Security GRC & Crisis Management, you will report to the Manager, Security GRC and be part of the broader Information Security group. You will contribute to PSP’s information security governance, risk, and compliance (GRC) program as well as to its enterprise crisis management capabilities. You will support the execution and continuous improvement of security frameworks, risk assessment processes, compliance activities, and crisis preparedness planning.
You will:
Security Governance, Risk & Compliance
Support the maintenance and evolution of PSP’s security governance framework, policies, standards, and procedures in alignment with ISO 27001, NIST CSF, and COBIT
Conduct security risk assessments across business units, technology platforms, and third-party vendors; maintain the corporate security risk register
Support internal and external audit activities related to information security; track compliance requirements, remediation activities, and control gaps
Support the vendor risk management program, including security assessments and follow-up on outstanding action items
Prepare security KPI/KRI reporting materials and contribute to briefings for the CISO and senior leadership
Stay current on the evolving threat landscape and regulatory developments; share relevant findings with the team and cross-functional partners in Internal Audit, Legal, and Enterprise Risk
Crisis Management & Resilience
Support the maintenance and improvement of PSP’s Crisis Management Plan, Cyber Incident Response Plan, and related operational playbooks across all crisis scenarios — cyber, operational, reputational, and physical
Assist in coordinating and facilitating crisis simulations and tabletop exercises across crisis types; document findings and track remediation actions
Participate in the operational response to incidents and crisis events, including documentation, coordination across teams, and post-incident review
Contribute to maintaining crisis communication protocols and contact lists for internal and external stakeholders
Monitor threat intelligence feeds and sector information sources; collaborate with Business Continuity and other stakeholders to align business continuity/ disaster recovery objectives and identify synergies across programs, plans, and exercises within the broader crisis management framework
WHAT YOU’LL NEED
Bachelor’s degree in Information Security, Computer Science, Engineering, or a related field
Three (3) to five (5) years of experience in information security, with significant exposure to security GRC activities
Experience with and awareness of incident preparedness and crisis management processes
Familiarity with security frameworks such as ISO 27001, NIST CSF, or COBIT
Ability to organize and work either autonomously or collaboratively, manage competing priorities, and deliver quality work with minimal supervision in a fast-paced environment
Strong analytical and writing skills; able to translate technical information into clear documentation for non-technical audiences
Relevant certification or active pursuit thereof considered a strong asset; experience in financial services or a regulated industry an asset
Bilingualism: English and French (frequent interactions in English with PSP employees based in our offices in Hong Kong, London and New York, and interactions in French with employees in our local offices in Montreal and Ottawa)
We offer a tailored employee experience and competitive total rewards and benefits package* designed to attract and retain global diverse talent, reward performance, and reinforce business strategies and priorities. Beyond salary and incentive pay eligibility, you have access to:
Investment in career development
Comprehensive group insurance plans
Competitive pension plans
Unlimited access to virtual healthcare services and wellness programs
Gender-inclusive paid family leave policy: up to 26 weeks for primary caregivers, 5 weeks for secondary caregivers
A personalized family-building support, from pre-pregnancy to menopause, with available financial assistance
Vacation days available on day one with additional days on milestone service anniversaries, and summer Friday afternoons off
A hybrid work model with a mix of in-office and remote days
*Benefits package may vary based on your employee type.
At PSP Investments, we aim to provide a workplace where everyone feels valued, safe, respected and empowered to grow. As part of this leadership commitment, we strongly encourage applications from all qualified applicants and strive to offer an inclusive and accessible candidate experience. If you require any accommodation for any part of the recruitment process, please let us know.
Visit us on www.investpsp.com/en/
Follow us on LinkedIn
#LI-AB2