Specialist, IT Security Risk Management (Ottawa, Toronto or Montreal)

Bring your risk management skills as well as your IT security expertise to this IT Security Risk Management Specialist position.

Join the Security Team as a Specialist where you will be responsible for supporting CMHC’s information technology risk, privacy, compliance and security programs. While working in conjunction with other professional colleagues and specialists, you will be acting as an expert advisor to management concerning IT security risks that involves and/or affects security, such as conducting security threats and risk assessments related to existing and new technologies. You will also be developing and implementing CMHC's security awareness program as well as its technology risk management policies, directives, procedures and guidelines.

Responsibilities:

• Developing and maintaining an IT security risk management framework to quickly identify and flag current and evolving threats to CMHC.
• Identifying and assessing the severity and potential impact of risks to IT Security and recommending a risk management strategy that optimizes the trade-offs between risk mitigation and business performance.
• Conducting security threat and risk analysis including information from any technical vulnerability assessment and penetration testing.
• Elaborating, characterizing, assessing and evaluating risks and making decisions dispassionately.
• Investigating, assessing, tracking, resolving and reporting on mitigated actions and/or on suspected violations of policies and procedures in coordination with appropriate entities (e.g., Internal Audit team, Chief Risk Officer's delegates).
• Communicating IT security risk models and risk assessment findings to various risk management teams within CMHC.
• Developing new or identifying existing information security training, education and awareness activities appropriate for various audiences.
• Facilitating, guiding and overseeing audits and oversight activities concerning, physical security and the security of information systems.
• Ensuring decisions are aligned to the enterprise security architecture plans and guidelines.
• Conducting research to stay abreast of security strategies, technologies and techniques that may have an impact on IT security at CMHC.
• Reviewing contracts with third-party vendors for adequacy of coverage of security and compliance requirements.

Minimum Qualifications:

• A commitment to demonstrating CMHC’s values.
• Bachelor’s degree, preferably in Cyber Security, Computer Security, Information Systems Security, Computer Science or in a related field. An equivalent combination of related education and work experience may be considered.
• Minimum of five (5) years of increasing responsibilities and relevant work, experience/expertise in IT Security and/or in information security.
• Demonstrated experience in overseeing the IT/network operations of a corporation.
• Demonstrated experience in writing complex risk analysis/risk assessment reports for a variety of audiences (technical and non-technical).
• Demonstrated experience and skills in working with various computer applications and software (e.g., MS Office, MS Project as well as software and tools related to IT Security).
• Demonstrated experience and knowledge of security technologies such as identity management, computer forensics, application security and network security technologies.
• Experience and/or knowledge of recognized standards. E.g. NIST CSF, ISO 27001/27002, ITSG-33, etc.
• Knowledge of Canadian laws and Government of Canada regulatory requirements and standards. E.g. Treasury Board, Office of the Superintendent of Financial Institutes, etc.
• Ability to act as an information security subject matter expert on projects and provide input on project risks and contribute to the security design of new solutions.
• Strong organizational skills, including an ability to manage several ongoing and competing tasks and/or projects.
• Ability to build and manage effective working relationships with peers, and internal and external stakeholders.
• Strong communication (written and verbal) and interpersonal skills, including the ability to negotiate, influence and challenge various audiences.

Preferred Qualifications:

• Professional designations, such as Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Security Professional (CISSP), Certified in the Governance of Enterprise IT (CGEIT) or other relevant IT Security licence, designation, or certificate.
• Experience working in a highly regulated environment (such as a financial institution).
• Bilingualism (English and French).

Posting closing date: Note, the competition may remain active until filled.

IMPORTANT NOTICE – COVID-19 MEASURES

On June 14, 2022, the Government of Canada announced that as of June 20, 2022, it will suspend vaccination requirements for federal government employees. This decision followed a review of the current public health situation, including the evolution of the virus and vaccination rates in Canada. As a result, and consistent with the Government of Canada decision, CMHC has suspended its Vaccination Policy, effective June 20, 2022.

As a result, at this time, CMHC does not require employees to be fully vaccinated as a condition of employment. CMHC will continue to monitor the public health situation and may at any time make adjustments and adopt or reintroduce measures, including mandatory vaccination, attestation and verification requirements. Any such vaccination measures, as updated from time to time, shall form a term and condition of your employment at CMHC.