Senior Analyst, Information Security (GRC) and Crisis Management

About The Position

Requirements

• Bachelor’s degree in Information Security, Computer Science, Engineering, or a related field
• Three (3) to five (5) years of experience in information security, with significant exposure to security GRC activities
• Experience with and awareness of incident preparedness and crisis management processes
• Familiarity with security frameworks such as ISO 27001, NIST CSF, or COBIT
• Ability to organize and work either autonomously or collaboratively, manage competing priorities, and deliver quality work with minimal supervision in a fast-paced environment
• Strong analytical and writing skills; able to translate technical information into clear documentation for non-technical audiences
• Bilingualism: English and French (frequent interactions in English with PSP employees based in our offices in Hong Kong, London and New York, and interactions in French with employees in our local offices in Montreal and Ottawa)

Nice To Haves

• Relevant certification or active pursuit thereof considered a strong asset
• Experience in financial services or a regulated industry an asset

Responsibilities

• Support the maintenance and evolution of PSP’s security governance framework, policies, standards, and procedures in alignment with ISO 27001, NIST CSF, and COBIT
• Conduct security risk assessments across business units, technology platforms, and third-party vendors; maintain the corporate security risk register
• Support internal and external audit activities related to information security; track compliance requirements, remediation activities, and control gaps
• Support the vendor risk management program, including security assessments and follow-up on outstanding action items
• Prepare security KPI/KRI reporting materials and contribute to briefings for the CISO and senior leadership
• Stay current on the evolving threat landscape and regulatory developments; share relevant findings with the team and cross-functional partners in Internal Audit, Legal, and Enterprise Risk
• Support the maintenance and improvement of PSP’s Crisis Management Plan, Cyber Incident Response Plan, and related operational playbooks across all crisis scenarios — cyber, operational, reputational, and physical
• Assist in coordinating and facilitating crisis simulations and tabletop exercises across crisis types; document findings and track remediation actions
• Participate in the operational response to incidents and crisis events, including documentation, coordination across teams, and post-incident review
• Contribute to maintaining crisis communication protocols and contact lists for internal and external stakeholders
• Monitor threat intelligence feeds and sector information sources; collaborate with Business Continuity and other stakeholders to align business continuity/ disaster recovery objectives and identify synergies across programs, plans, and exercises within the broader crisis management framework

Benefits

• Investment in career development
• Comprehensive group insurance plans
• Competitive pension plans
• Unlimited access to virtual healthcare services and wellness programs
• Gender-inclusive paid family leave policy: up to 26 weeks for primary caregivers, 5 weeks for secondary caregivers
• A personalized family-building support, from pre-pregnancy to menopause, with available financial assistance
• Vacation days available on day one with additional days on milestone service anniversaries, and summer Friday afternoons off
• A hybrid work model with a mix of in-office and remote days