{bc}
linkedin

Senior Analyst, Information Security (GRC) and Crisis Management

PSP Investments | Investissements PSP
Montreal, CAN
Full Time
Senior
Hybrid
2 days ago
ISO 27001NIST CSFCOBITSecurity Risk AssessmentVendor Risk ManagementCrisis Management
Free

Job Fit Check

Base Career helps you apply smarter for this job.

?%
Ready to Scan

Key skills for this role

ISO 27001NIST CSFCOBIT
Smart Apply

Full Job Posting

About Us

  • We’re one of Canada’s largest pension investors, with CAD 299.7 billion of net assets as of March 31, 2025.
  • We invest funds for the pension plans of the federal public service, the Canadian Forces, the Royal Canadian Mounted Police and the Reserve Force.

About Your Role

  • As a Senior Analyst, Security GRC & Crisis Management, you will report to the Manager, Security GRC and be part of the broader Information Security group.
  • You will contribute to PSP’s information security governance, risk, and compliance (GRC) program as well as to its enterprise crisis management capabilities.

Security Governance, Risk & Compliance

  • Support the maintenance and evolution of PSP’s security governance framework, policies, standards, and procedures in alignment with ISO 27001, NIST CSF, and COBIT
  • Conduct security risk assessments across business units, technology platforms, and third party vendors; maintain the corporate security risk register
  • Support internal and external audit activities related to information security; track compliance requirements, remediation activities, and control gaps
  • Support the vendor risk management program, including security assessments and follow up on outstanding action items
  • Prepare security KPI/KRI reporting materials and contribute to briefings for the CISO and senior leadership.
  • Stay current on the evolving threat landscape and regulatory developments; share relevant findings with the team and cross functional partners in Internal Audit, Legal, and Enterprise Risk

Crisis Management & Resilience

  • Support the maintenance and improvement of PSP’s Crisis Management Plan, Cyber Incident Response Plan, and related operational playbooks across all crisis scenarios — cyber, operational, reputational, and physical
  • Assist in coordinating and facilitating crisis simulations and tabletop exercises across crisis types; document findings and track remediation actions
  • Participate in the operational response to incidents and crisis events, including documentation, coordination across teams, and post incident review
  • Contribute to maintaining crisis communication protocols and contact lists for internal and external stakeholders
  • Monitor threat intelligence feeds and sector information sources; collaborate with Business Continuity and other stakeholders to align business continuity/ disaster recovery objectives and identify synergies across programs, plans, and exercises within the broader crisis management framework

What You’ll Need

  • Bachelor’s degree in Information security, Computer Science, Engineering, or a related field
  • Three (3) to five (5) years of experience in information security, with significant exposure to security GRC activities
  • Experience with and awareness of incident preparedness and crisis management processes.
  • Familiarity with security frameworks such as ISO 27001, NIST CSF, or COBIT
  • Ability to organize and work either autonomously or collaboratively, manage competing priorities, and deliver quality work with minimal supervision in a fast paced environment
  • Strong analytical and writing skills; able to translate technical information into clear documentation for non technical audiences
  • Relevant certification or active pursuit thereof considered a strong asset; experience in financial services or a regulated industry an asset
  • Bilingualism: English and French (frequent interactions in English with PSP employees based in our offices in Hong Kong, London and New York, and interactions in French with employees in our local offices in Montreal and Ottawa)

Total Rewards

  • Investment in career development
  • Comprehensive group insurance plans
  • Competitive pension plans
  • Unlimited access to virtual healthcare services and wellness programs
  • Gender inclusive paid family leave policy: up to 26 weeks for primary caregivers, 5 weeks for secondary caregivers
  • A personalized family building support, from pre pregnancy to menopause, with available financial assistance
  • Vacation days available on day one with additional days on milestone service anniversaries, and summer Friday afternoons off
  • A hybrid work model with a mix of in office and remote days

Apply for this job in 1 click

Skip the repetitive application forms

Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.

Sarah M.James T.Maya R.

Trusted by over 500,000 job seekers on Base Career

Start Free Today

More from this employer

More jobs at PSP Investments | Investissements PSP