Specialist, IT Security Risk Management (Ottawa, Toronto or Montreal)

March 16 2023
Industries Public administration
Categories Bank, Insurance, Financial services, Credit, Risk,
Ottawa, ON • Full time

Job Requisition ID: 8934

Language Designation: English Essential

Language Skill Levels (Read/Write/Speak): ZZZ

Position Status: Permanent Full Time

Travel Requirement: Occasional

Office Location: Ottawa (ON); Montreal (QC); Toronto (ON)

Salary: Our salaries generally range from $ 78657.14 to $ 98321.43 and are based on qualifications and experience.

At CMHC, we trust you to get the job done. We empower our employees to be fully autonomous and accountable in achieving their results. Employees focus on how they achieve results rather than when and where they choose to work.

Here are some of the reasons why we were chosen as one of Canada's top employers:

  • Enjoy 5 weeks of vacation;
  • An annual individual performance bonus;
  • Defined benefit pension plan;
  • Comprehensive group insurance to support your well-being from day one;
  • Access to a catalogue of courses for individual learning;
  • An inclusive workplace culture and environment with multiple Employee Resource Groups and much more!

Help make a difference for Canadians. CMHC’s aspiration is that by 2030, everyone in Canada has a home that they can afford and that meets their needs. All of our programs and activities support this singular goal.
Be part of an inclusive workplace. Diversity and Inclusion guides everything we do at CMHC. We’re taking concrete actions to eradicate racism and advance equity within CMHC and the housing system.

Bring your risk management skills as well as your IT security expertise to this IT Security Risk Management Specialist position.

Join the Security Team as a Specialist where you will be responsible for supporting CMHC’s information technology risk, privacy, compliance and security programs. While working in conjunction with other professional colleagues and specialists, you will be acting as an expert advisor to management concerning IT security risks that involves and/or affects security, such as conducting security threats and risk assessments related to existing and new technologies. You will also be developing and implementing CMHC's security awareness program as well as its technology risk management policies, directives, procedures and guidelines.


  • Developing and maintaining an IT security risk management framework to quickly identify and flag current and evolving threats to CMHC.
  • Identifying and assessing the severity and potential impact of risks to IT Security and recommending a risk management strategy that optimizes the trade-offs between risk mitigation and business performance.
  • Conducting security threat and risk analysis including information from any technical vulnerability assessment and penetration testing.
  • Elaborating, characterizing, assessing and evaluating risks and making decisions dispassionately.
  • Investigating, assessing, tracking, resolving and reporting on mitigated actions and/or on suspected violations of policies and procedures in coordination with appropriate entities (e.g., Internal Audit team, Chief Risk Officer's delegates).
  • Communicating IT security risk models and risk assessment findings to various risk management teams within CMHC.
  • Developing new or identifying existing information security training, education and awareness activities appropriate for various audiences.
  • Facilitating, guiding and overseeing audits and oversight activities concerning, physical security and the security of information systems.
  • Ensuring decisions are aligned to the enterprise security architecture plans and guidelines.
  • Conducting research to stay abreast of security strategies, technologies and techniques that may have an impact on IT security at CMHC.
  • Reviewing contracts with third-party vendors for adequacy of coverage of security and compliance requirements.

Minimum Qualifications:

  • A commitment to demonstrating CMHC’s values.
  • Bachelor’s degree, preferably in Cyber Security, Computer Security, Information Systems Security, Computer Science or in a related field. An equivalent combination of related education and work experience may be considered.
  • Minimum of five (5) years of increasing responsibilities and relevant work, experience/expertise in IT Security and/or in information security.
  • Demonstrated experience in overseeing the IT/network operations of a corporation.
  • Demonstrated experience in writing complex risk analysis/risk assessment reports for a variety of audiences (technical and non-technical).
  • Demonstrated experience and skills in working with various computer applications and software (e.g., MS Office, MS Project as well as software and tools related to IT Security).
  • Demonstrated experience and knowledge of security technologies such as identity management, computer forensics, application security and network security technologies.
  • Experience and/or knowledge of recognized standards. E.g. NIST CSF, ISO 27001/27002, ITSG-33, etc.
  • Knowledge of Canadian laws and Government of Canada regulatory requirements and standards. E.g. Treasury Board, Office of the Superintendent of Financial Institutes, etc.
  • Ability to act as an information security subject matter expert on projects and provide input on project risks and contribute to the security design of new solutions.
  • Strong organizational skills, including an ability to manage several ongoing and competing tasks and/or projects.
  • Ability to build and manage effective working relationships with peers, and internal and external stakeholders.
  • Strong communication (written and verbal) and interpersonal skills, including the ability to negotiate, influence and challenge various audiences.

Preferred Qualifications:

  • Professional designations, such as Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Security Professional (CISSP), Certified in the Governance of Enterprise IT (CGEIT) or other relevant IT Security licence, designation, or certificate.
  • Experience working in a highly regulated environment (such as a financial institution).
  • Bilingualism (English and French).

Posting closing date: Note, the competition may remain active until filled.


On June 14, 2022, the Government of Canada announced that as of June 20, 2022, it will suspend vaccination requirements for federal government employees. This decision followed a review of the current public health situation, including the evolution of the virus and vaccination rates in Canada. As a result, and consistent with the Government of Canada decision, CMHC has suspended its Vaccination Policy, effective June 20, 2022.

As a result, at this time, CMHC does not require employees to be fully vaccinated as a condition of employment. CMHC will continue to monitor the public health situation and may at any time make adjustments and adopt or reintroduce measures, including mandatory vaccination, attestation and verification requirements. Any such vaccination measures, as updated from time to time, shall form a term and condition of your employment at CMHC.

CMHC is an inclusive workplace where diversity of thought – and of people – are recognized, valued, and considered essential to achieving our aspiration.
We are committed to employment equity and actively encourage applications from women, Indigenous Peoples, persons with disabilities, veterans and persons of all races, ethnicities, religions, abilities, sexual orientations, and gender identities and expressions. We also welcome applications from non-Canadians who are eligible to work in Canada.
We sincerely thank all candidates for their interest, however, please note that only applicants selected for further consideration will be contacted. If selected for an interview or testing, please advise us if you require an accommodation.

Apply now!

Similar offers

No similar offer found.
An error has occured, try again later.

Jobs.ca network