Bilingual Senior Specialist, It Security Risk Management

Job Requisition ID: 9920  

Position Status: Permanent Full Time 

Position Type: Hybrid  

 Office Location: Montreal (QC); Ottawa (ON); Toronto (ON)

Travel Requirement: Occasional 

Language Designation: Bilingual 

Language Skill Levels (Read/Write/Speak): BBB 

About CMHC

At CMHC, the work you do and the work we do together matters. We come to work every day with a common purpose: to realize a future where everyone in Canada has a home that they can afford and meets their needs.

Our people are second to none. We lean in with courage, band together as a community and try new things to make a lasting impact on housing from coast to coast to coast.

Join us and be part of a team that's committed to making a real difference and be part of something meaningful.

What’s in it for you

We’ve got the purpose, the people and the perks you need for a fulfilling career. Here’s what you get when you’re a permanent employee:

• 5 weeks of vacation.
• Annual individual performance bonus.
• Defined benefit pension plan.
• Comprehensive group insurance plan to support your well-being from day one.
• Support in your personal and professional growth with training, mentorship and more – because when you thrive, we thrive.
• An inclusive workplace culture and environment with Employee Resource Groups and more.
• A hybrid work model that lets you balance working from home and nurturing in-person connections by coming into your region’s office at a minimum of 4 times a month.

About the role
Join the IT Security Team in the Bilingual Senior Specialist, IT Security Risk Management position. In this role you will be responsible to implement and execute the strategy for IT Security Risk Management in line with the objectives of the security program and CMHC’s needs, as well as safeguarding the interest of CMHC’s security overall environment. You will provide oversight and governance of IT Security Risk Management and continuously evaluate overall effectiveness of the service by tracking and reporting key performance and key risk indicators of the overall service and material components of the service.

What you’ll do:

• Act as a senior subject matter expert in cybersecurity.
• Provide expert level advice to senior management to guide and influence the management of Security Risks across the corporation.
• Identify and facilitate the implementation of appropriate controls to effectively manage information risks. Provide complex consultative advice to relevant stakeholders that enables them to suggest informed Risk Management decisions.
• Support the Director, Security on the overall status of Security Risks within CMHC, the impact of security initiatives in mitigating risk, and on the overall Security Program and CMHC Corporate Strategy.
• Develop, gather and track key risk and performance indicators to track overall risk status and program performance.
• Support the Director, Security in executive and board level reporting on program performance, overall risk status for CMHC, and key indicators.
• Communicate overall program performance to relevant stakeholders and engage and foster collaboration with business, other organizational risk sectors, and IT to improve the overall information Security Risk profile of the organization.
• Identify and support the development and evolution of information security program.

What you should have: 

• An undergraduate degree in a related field such as information technology, information security and information management.
• A minimum of 7 years of relevant experience in information security, including work experience in leading complex security projects or risk evaluations.
• Strong communication (written and verbal) and interpersonal skills, including the ability to negotiate, influence and challenge various audiences.
• Bilingualism (English and French).
• An experience in working in a highly regulated environment (such as a financial institution).
• An experience in overseeing the IT/network operations of a corporation.
• An experience in writing complex risk analysis/risk assessment reports for a variety of audiences (technical and non-technical).

It would be great if you also had:

• A Professional designation, such as Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Security Professional (CISSP), Certified in the Governance of Enterprise IT (CGEIT) or other relevant IT Security licence, designation, or certificate.
• An experience and knowledge of security technologies such as identity management, computer forensics, application security and network security technologies.
• An experience and/or knowledge of recognized standards. E.g. NIST CSF, ISO 27001/27002, ITSG-33, etc.
• A knowledge of Canadian laws and Government of Canada regulatory requirements and standards. E.g. Treasury Board, Office of the Superintendent of Financial Institutes, etc.

Posting closing date: Note, the competition will remain active until filled.

Our commitment to diversity, equity, and inclusion 

We’re committed to employment equity and encourage women, Indigenous Peoples, persons with disabilities, veterans and persons of all races, ethnicities, religions, abilities, sexual orientations, and gender identities and expressions to apply. We also welcome applications from non-Canadians who are eligible to work in Canada.

CMHC is an inclusive workplace where diversity of thought – and of people – are recognized, valued, and considered essential to achieving our mission.

Learn more about our commitment to diversity and inclusion 

What happens after you apply 

We know that applying for a new job can be both exciting and daunting, and we appreciate your effort. Learn more about our hiring process.  If you are selected for an interview or testing, please advise us if you require an accommodation.

If you applied before and you were not successful don’t worry – we're always posting new positions, so don’t hesitate to give it another shot. We’re excited to see what you bring to the table this time around!