Senior Director, Cybersecurity

University Pension Plan Ontario • Full-time • Toronto, ON, CA • 1w ago

Our Company Background & Culture

UPP is the first pension plan of its kind in Ontario’s university sector, proudly serving over 44,000 members across six universities and eighteen sector organizations. Our purpose is to bring greater retirement peace of mind to the university sector by investing with integrity and serving members with care. As a sector-wide plan designed for growth, our doors are open to all Ontario universities.

UPP is recognized as one of Greater Toronto’s Top Employers for 2026. Together, we’re a team of progressive thinkers and agile doers operating within a fast-paced culture of collaboration and respect. We believe in bringing smart and capable people together to create, solve, and grow with a clear shared vision and values of integrity, inclusivity, ingenuity, and impact.

Our culture is intentionally welcoming and purposefully rooted in equity, diversity, inclusion, and reconciliation (EDI&R). We believe diverse teams, perspectives, and lived experiences contribute to better decisions and a better workplace.

As a pension plan, UPP approaches investing through a long-term lens to generate and safeguard value. Our commitment to investing responsibly accounts for material risks that impact our investment portfolio to generate sufficient risk-adjusted returns to meet the pension needs of our members.

Join us in building a bright future for our members, our organization, and each other.

THE ROLE

We are seeking an experienced and pragmatic cybersecurity leader to own and lead UPP’s end-to-end cybersecurity capability. This role is accountable for protecting the organization’s information and technology assets through effective strategy, governance, risk management, and security operations.

Operating in a lean team environment, the Senior Director combines executive leadership with hands-on accountability for outcomes. The role requires a leader who can translate strategy into execution, ensuring that controls are not only well-designed but effectively implemented and operated.

Reporting to the Managing Director, Data & Technology, this role acts as the first-line owner of cyber risk and a key partner to Enterprise Risk, Technology, and business leaders.

This role is based in downtown Toronto in a hybrid work environment, allowing employees the flexibility to work remotely and in-office (minimum two days per week in-office).

This posting is for an existing vacancy.

Specific Accountabilities

The Senior Director, Cybersecurity is accountable for delivering an effective, integrated cybersecurity capability across UPP. Key accountabilities are organized around outcomes rather than functional silos:

Set Direction and Ensure Execution

Define and evolve UPP’s cybersecurity strategy and roadmap aligned to business priorities and risk appetite.
Translate strategy into clear priorities, funded initiatives, and measurable outcomes.
Ensure consistent execution and delivery of cybersecurity initiatives across internal teams and partners

Own Cybersecurity Risk and Control Effectiveness

Act as the first-line owner of cybersecurity risk, including identification, assessment, and treatment.
Ensure controls are not only defined but implemented, operating effectively, and continuously improved.
Provide clear, decision-oriented reporting on risk posture, trade-offs, and emerging threats.
Develop and deliver high-quality cybersecurity reporting and presentations for executive leadership and the Board, translating technical risk into business impact, options, and decisions.

Ensure Effective Security Operations and Incident Response

Be accountable for the effectiveness of security operations, including vendor-delivered SOC capabilities.
Ensure readiness to detect, respond to, and recover from cybersecurity incidents.
Lead or directly support response during significant incidents and drive improvements through post-incident reviews.

Establish Practical Governance and Assurance

Maintain a pragmatic set of policies, standards, and control expectations aligned to UPP’s risk profile.
Ensure governance processes enable timely and informed decision-making.
Oversee assurance activities to validate control effectiveness and address gaps.

Integrate Security into Technology and Business Delivery

Embed security into architecture, cloud adoption, and change delivery processes.
Partner with Technology and business leaders to enable secure, risk-informed decision-making.
Balance security, speed, and cost in support of business outcomes.

Lead a Lean, High-Performing Capability

Lead and develop a small internal team and a network of external partners.
Operate as a player-coach, stepping in as needed to ensure outcomes are achieved.
Ensure clarity of accountability across governance, risk, cyber training, security operations, engineering, and incident response

Build Organizational Awareness and Trust

Promote a strong, practical security culture across UPP.
Enable leaders to understand and act on cyber risk in business terms.
Build trusted relationships across Technology, Risk, and business stakeholders.

Qualifications & Experience

Minimum 10–12 years of progressive cybersecurity experience, including leadership of enterprise cybersecurity programs.
Prior experience operating as a senior cybersecurity leader (e.g., Head of Cybersecurity or equivalent) with end-to-end accountability.
Experience in financial services, asset management, pension plans, or similarly regulated environments is strongly preferred.
Strong knowledge of cybersecurity frameworks (e.g., NIST CSF) and Canadian regulatory expectations.
Demonstrated experience integrating cybersecurity into enterprise risk management and executive governance.
Experience managing and optimizing vendor-delivered cybersecurity services (e.g., MSSP, MSP).
Strong understanding of modern technology environments, including cloud (Azure, GCP), identity, and endpoint security.
Relevant certifications (e.g., CISSP, CISM, CISA) are considered an asset.

ATTRIBUTES & LEADERSHIP STYLE

Executive-level communicator with the ability to translate cyber risk into business impact and board-level discussions.
Strong leadership presence with the ability to operate as a peer to senior executives and influence enterprise decision-making.
Strategic thinker with a bias toward execution and measurable outcomes.
Comfortable operating as the senior cybersecurity leader in a lean organization, balancing breadth of accountability with depth of involvement.
Ability to move fluidly between strategy, governance, and operational execution.
Sound judgment and decision-making in high-pressure situations.
Strong leadership presence with the ability to influence across technical and non-technical stakeholders.

LIFE AT UPP

Do work that matters. We are duty-bound to serve our members’ interests, and it’s a responsibility we don’t take lightly. That’s why we’ve ingrained sustainability in our work from day one—to ensure our members have a resilient future to retire into, both today and for generations to come.

Stronger together. Collaboration is how UPP was born, and it’s how we work with each other and our partners day in, day out. No one at UPP is just a number (even if they are excellent at math) and every win is a shared win.

Grow every day. You’ll have the opportunity to work on unique, once-in-a-career projects that maximize your skill set and probably teach you some new ones—at any stage in your career.

Benefits

Prioritize wellness. At UPP, wellness takes many forms. Ultimately, it’s about ensuring our people are cared for in the ways that matter to them. Check out some highlights of our inclusive employee-focused benefits program including:

Defined benefit pension plan
Flexible hybrid work model
Paid time off – vacations, personal days and wellness days
Work remotely up to eight weeks/year
Comprehensive group benefits including medical, dental, vision, etc.
Extended paramedical and mental health service coverage
Health care and lifestyle spending accounts
Fertility treatments, paid parental leave, and gender affirmation coverage
Education Assistance program

This posting will remain open for a minimum of seven (7) days and will remain open until a sufficient number of qualified applications are received or finalist candidates have been identified.

Artificial intelligence (AI) tools may be used to support certain stages of the recruitment process, including sourcing, screening, and assessment. All hiring decisions involve human review and intervention by UPP employees.

UPP enthusiastically welcomes applications from all qualified applicants and especially invites people with lived experience as an Indigenous person, a person with a disability or as a member of another Human Rights Code protected group that faces barriers to employment to apply. Our goal is to create a barrier-free experience for every candidate throughout the recruitment process.

UPP respects your privacy. For information on how UPP handles the personal information you provide during the application process, please see our Job Applicant Privacy Statement.