THE ROLE We are seeking an experienced and pragmatic cybersecurity leader to own and lead UPP’s end-to-end cybersecurity capability. This role is accountable for protecting the organization’s information and technology assets through effective strategy, governance, risk management, and security operations.Operating in a lean team environment, the Senior Director combines executive leadership with hands‑on accountability for outcomes. The role requires a leader who can translate strategy into execution, ensuring that controls are not only well‑designed but effectively implemented and operated.Reporting to the Managing Director, Data & Technology, this role acts as the first‑line owner of cyber risk and a key partner to Enterprise Risk, Technology, and business leaders.This role is based in downtown Toronto in a hybrid work environment, allowing employees the flexibility to work remotely and in‑office (minimum two days per week in‑office).SPECIFIC ACCOUNTABILITIES The Senior Director, Cybersecurity is accountable for delivering an effective, integrated cybersecurity capability across UPP. Key accountabilities are organized around outcomes rather than functional silos:Set Direction and Ensure ExecutionDefine and evolve UPP’s cybersecurity strategy and roadmap aligned to business priorities and risk appetite.Translate strategy into clear priorities, funded initiatives, and measurable outcomes.Ensure consistent execution and delivery of cybersecurity initiatives across internal teams and partners.Own Cybersecurity Risk and Control EffectivenessAct as the first-line owner of cybersecurity risk, including identification, assessment, and treatment.Ensure controls are not only defined but implemented, operating effectively, and continuously improved.Provide clear, decision-oriented reporting on risk posture, trade-offs, and emerging threats.Develop and deliver high-quality cybersecurity reporting and presentations for executive leadership and the Board, translating technical risk into business impact, options, and decisions.Ensure Effective Security Operations and Incident ResponseBe accountable for the effectiveness of security operations, including vendor-delivered SOC capabilities.Ensure readiness to detect, respond to, and recover from cybersecurity incidents.Lead or directly support response during significant incidents and drive improvements through post-incident reviews.Establish Practical Governance and AssuranceMaintain a pragmatic set of policies, standards, and control expectations aligned to UPP’s risk profile.Ensure governance processes enable timely and informed decision-making.Oversee assurance activities to validate control effectiveness and address gaps.Integrate Security into Technology and Business DeliveryEmbed security into architecture, cloud adoption, and change delivery processes.Partner with Technology and business leaders to enable secure, risk-informed decision-making.Balance security, speed, and cost in support of business outcomes.Lead a Lean, High-Performing CapabilityLead and develop a small internal team and a network of external partners.Operate as a player‑coach, stepping in as needed to ensure outcomes are achieved.Ensure clarity of accountability across governance, risk, cyber training, security operations, engineering, and incident response.Build Organizational Awareness and TrustPromote a strong, practical security culture across UPP.Enable leaders to understand and act on cyber risk in business terms.Build trusted relationships across Technology, Risk, and business stakeholders.QUALIFICATIONS & EXPERIENCEMinimum 10–12 years of progressive cybersecurity experience, including leadership of enterprise cybersecurity programs.Prior experience operating as a senior cybersecurity leader (e.g., Head of Cybersecurity or equivalent) with end-to-end accountability.Experience in financial services, asset management, pension plans, or similarly regulated environments is strongly preferred.Strong knowledge of cybersecurity frameworks (e.g., NIST CSF) and Canadian regulatory expectations.Demonstrated experience integrating cybersecurity into enterprise risk management and executive governance.Experience managing and optimizing vendor-delivered cybersecurity services (e.g., MSSP, MSP).Strong understanding of modern technology environments, including cloud (Azure, GCP), identity, and endpoint security.Relevant certifications (e.g., CISSP, CISM, CISA) are considered an asset.ATTRIBUTES & LEADERSHIP STYLEExecutive-level communicator with the ability to translate cyber risk into business impact and board-level discussions.Strong leadership presence with the ability to operate as a peer to senior executives and influence enterprise decision-making.Strategic thinker with a bias toward execution and measurable outcomes.Comfortable operating as the senior cybersecurity leader in a lean organization, balancing breadth of accountability with depth of involvement.Ability to move fluidly between strategy, governance, and operational execution.Sound judgment and decision-making in high-pressure situations.Strong leadership presence with the ability to influence across technical and non-technical stakeholders.LIFE AT UPP Do work that matters. We are duty‑bound to serve our members’ interests, and it’s a responsibility we don’t take lightly. That’s why we’ve ingrained sustainability in our work from day one—to ensure our members have a resilient future to retire into, both today and for generations to come.Stronger together. Collaboration is how UPP was born, and it’s how we work with each other and our partners day in, day out. No one at UPP is just a number (even if they are excellent at math) and every win is a shared win.Grow every day. You’ll have the opportunity to work on unique, once‑in‑a‑career projects that maximize your skill set and probably teach you some new ones—at any stage in your career.Prioritize wellness. At UPP, wellness takes many forms. Ultimately, it’s about ensuring our people are cared for in the ways that matter to them. Check out some highlights of our inclusive employee‑focused benefits program including:Paid time off—vacations, personal days and wellness daysWork remotely up to eight weeks/yearExtended paramedical and mental health service coverageHealth care and lifestyle spending accountsFertility treatments, paid parental leave, and gender affirmation coverageEducation Assistance programUPP enthusiastically welcomes applications from all qualified applicants and especially invites people with lived experience as an Indigenous person, a person with a disability or as a member of another Human Rights Code protected group that faces barriers to employment to apply. Our goal is to create a barrier‑free experience for every candidate throughout the recruitment process.#J-18808-Ljbffr