Job Requisition ID: 9921
Position Status: Permanent Full Time
Position Type: Hybrid
Office Location: Ottawa (ON); Calgary (AB); Montreal (QC); Toronto (ON)
Travel Requirement: Occasional
Language Designation: English Essential
Language Skill Levels (Read/Write/Speak): ZZZ
Salary: Our salaries generally range from $ 81410.14 to $ 101762.68 and are based on qualifications and experience.
About CMHC
At CMHC, the work you do and the work we do together matters. We come to work every day with a common purpose: to realize a future where everyone in Canada has a home that they can afford and meets their needs.
Our people are second to none. We lean in with courage, band together as a community and try new things to make a lasting impact on housing from coast to coast to coast.
Join us and be part of a team that's committed to making a real difference and be part of something meaningful.
What’s in it for you
We’ve got the purpose, the people and the perks you need for a fulfilling career. Here’s what you get when you’re a permanent employee:
- 5 weeks of vacation.
- Annual individual performance bonus.
- Defined benefit pension plan.
- Comprehensive group insurance plan to support your well-being from day one.
- Support in your personal and professional growth with training, mentorship and more – because when you thrive, we thrive.
- An inclusive workplace culture and environment with Employee Resource Groups and more.
- A hybrid work model that lets you balance working from home and nurturing in-person connections by coming into your region’s office at a minimum of 4 times a month.
About the role
Join the IT Security Team in the Specialist, IT Security Risk Management position. In this role, you will be responsible for supporting CMHC’s information technology risk, privacy, compliance and security programs. While working in conjunction with other professional colleagues and specialists, you will be acting as an expert advisor to management concerning IT Security Risks that involve and/or affect security, such as conducting security threats and risk assessments related to existing and new technologies. You will also be developing and implementing CMHC's security awareness program as well as its technology Risk Management policies, directives, procedures and guidelines.
What you’ll do:
- Develop and maintaining an IT Security Risk Management framework to quickly identify and flag current and evolving threats to CMHC.
- Identify and assess the severity and potential impact of risks to IT Security and recommending a Risk Management strategy that optimizes the trade-offs between risk mitigation and business performance.
- Conduct security threat and risk analysis including information from any technical vulnerability assessment and penetration testing.
- Elaborate, characterize, assess and evaluate risks and making decisions dispassionately.
- Investigate, assess, track, resolve and report on mitigated actions and/or on suspected violations of policies and procedures in coordination with appropriate entities (e.g., Internal Audit team, Chief Risk Officer's delegates).
- Develop new or identify existing information security training, education and awareness activities appropriate for various audiences.
- Facilitate, guide and oversee audits and oversight activities concerning physical security and the security of information systems.
- Conduct research to stay abreast of security strategies, technologies and techniques that may have an impact on IT security at CMHC.
What you should have:
- A bachelor’s degree, preferably in Cyber Security, Computer Security, Information Systems Security, Computer Science or in a related field. An equivalent combination of related education and work experience may be considered.
- A minimum of five (5) years of increasing responsibilities and relevant work, experience/expertise in IT Security and/or in information security.
- Strong communication (written and verbal) and interpersonal skills, including the ability to negotiate, influence and challenge various audiences.
- An experience working in a highly regulated environment (such as a financial institution).
- An experience in overseeing the IT/network operations of a corporation.
- An experience in writing complex risk analysis/risk assessment reports for a variety of audiences (technical and non-technical).
It would be great if you also had:
- A professional designation, such as Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Security Professional (CISSP), Certified in the Governance of Enterprise IT (CGEIT) or other relevant IT Security licence, designation, or certificate.
- Bilingualism (English and French).
- An experience and knowledge of security technologies such as identity management, computer forensics, application security and network security technologies.
- An experience and/or knowledge of recognized standards. E.g. NIST CSF, ISO 27001/27002, ITSG-33, etc.
- A knowledge of Canadian laws and Government of Canada regulatory requirements and standards. E.g. Treasury Board, Office of the Superintendent of Financial Institutes, etc.
Posting closing date: Note, the competition may remain active until filled.
Our commitment to diversity, equity, and inclusion
We’re committed to employment equity and encourage women, Indigenous Peoples, persons with disabilities, veterans and persons of all races, ethnicities, religions, abilities, sexual orientations, and gender identities and expressions to apply. We also welcome applications from non-Canadians who are eligible to work in Canada.
CMHC is an inclusive workplace where diversity of thought – and of people – are recognized, valued, and considered essential to achieving our mission.
Learn more about our commitment to diversity and inclusion
What happens after you apply
We know that applying for a new job can be both exciting and daunting, and we appreciate your effort. Learn more about our hiring process. If you are selected for an interview or testing, please advise us if you require an accommodation.
If you applied before and you were not successful don’t worry – we're always posting new positions, so don’t hesitate to give it another shot. We’re excited to see what you bring to the table this time around!