Senior Manager, Cybersecurity Operations

Job Requisition ID: 10747

Position Status: Permanent Full Time

Position Type: Hybrid

Office Location: Ottawa (preferred), Montreal (QC) and Toronto (ON) will be considered

Travel Requirement: Occasional

Language Designation: Bilingual

Language Skill Levels (Read/Write/Speak): CBC

Security Requirement: Secret

Salary: Our salaries generally range from $123553.59 to $154441.98 and are based on qualifications and experience.

About CMHC

The work you do and the work we do together matters. We come to work every day with a common purpose: to contribute to a well-functioning housing system.

At CMHC, we hold ourselves accountable for our results and support our colleagues in their achievements. We thrive on collaboration, connecting across CMHC and involving the right people to get our work done. We have flexibility in how, when, and where we work, within the boundaries of the business needs and the nature of your role. Our leadership style is guided by trust, where our leaders favour an adaptive approach based on the needs of their teams.

Join us and be part of a team that's committed to making a real difference and be part of something meaningful.

What's in it for you

We've got the purpose, the people, and the perks you need for a fulfilling career. Here's the comprehensive and generous benefits you get when you're a permanent employee:

• Annual paid vacation.
• Annual individual performance incentive.
• Defined benefit pension plan.
• Comprehensive group insurance plan to support your well-being from day one.
• Support towards your personal and professional growth with training, mentorship, and more.
• An inclusive workplace culture and environment.

About the role

The Senior Manager, Cybersecurity Operations is responsible for ensuring the continuous security of IT operations by managing security tools, conducting vulnerability identification, and providing threat intelligence. This role leads a team of cybersecurity professionals to deliver high-quality operations to protect the organization's assets and data and collaborates with other departments to integrate risk management practices and ensure a coordinated response to security incidents.

What you'll do:

• Manage and supervise day-to-day security operations to safeguard the organization's data and assets and ensure the effective functioning of security tools and platforms to maintain optimal service delivery including threat detection, incident response, vulnerability management, and continuous monitoring of IT infrastructure.
• Collaborate with key departments (e.g., IT, legal, compliance, and HR) to ensure risk management practices are integrated into all aspects of the business and lead the development of effective cybersecurity protocols to guide operations and ensure consistency across security activities.
• Provide regular reporting to senior leadership to highlight trends, areas of concern, recommendations for continuous improvement, status of cybersecurity compliance efforts, risk management initiatives, and the effectiveness of cross-department collaboration in maintaining a secure and compliant security and IT environment.
• Ensure the proper configuration of security and cybersecurity tools (e.g., SIEM, firewalls, intrusion detection/prevention systems) to align with organizational security policies and best practices, and continuously optimize their performance for maximum effectiveness and relevance to regulatory requirements.
• Oversee relationships with third-party security tool vendors, ensuring contractual obligations are met, and managing product evaluations, renewals, and escalations related to performance issues or tool enhancements.
• Direct and oversee regular vulnerability assessments across the organization's IT infrastructure, applications, and cloud environments, identifying potential risks and areas of weakness and collaborating with relevant teams to implement corrective actions where feasible.
• Establish a risk-based prioritization framework for discovered vulnerabilities, ensure continuous monitoring and automated scanning of systems for vulnerabilities in collaboration with IT infrastructure, application development, and network teams for vulnerabilities to be promptly addressed with effective remediation plans.
• Lead incident response efforts, ensuring a swift, coordinated, and effective response to security breaches and incidents to investigate, contain, and remediate security incidents, while minimizing business impact and aligning with both operational and compliance requirements.

What you should have:

• Undergraduate degree in Cyber Security, Computer Security, Information Systems Security, Computer Science or in a related field. An equivalent combination of education and/or experience can be considered.
• A Professional designation, such as Certified Information Security Manager (CISM).
• 10 years of experience in IT Security and/or information security working with cybersecurity frameworks, privacy regulations, and industry standards, including data protection laws and principles governing confidentiality, integrity, availability, authentication, and non-repudiation.
• 5 years of management experience providing leadership and direction to cybersecurity staff.
• Advanced proficiency in identifying and assessing a wide range of cyber threats (e.g., malware, ransomware, insider threats) and vulnerabilities (e.g., software flaws, configuration weaknesses, network security gaps).
• Advanced knowledge of personally identifiable information (PII) data security standards and regulations (e.g., GDPR, CCPA, HIPAA), including best practices for securing sensitive data and ensuring compliance.
• Strong ability to identify emerging trends in security operations combined with extensive experience conducting vulnerability assessments and identifying critical vulnerabilities in systems, applications, and networks.
• Strong communication skills (written and verbal) in both English and French.

It would be great if you also had:

• Certified Information Systems Security Professional (CISSP), GIAC Security Leadership (GSLC), GIAC Critical Controls Certification (GCCC) or other relevant IT Security license, designation, or certificate.
• Experience and knowledge of security technologies such as identity management, computer forensics, application security, and network security technologies.
• Experience and/or knowledge of recognized standards (e.g., NIST CSF, ISO 27001/27002, ITSG-33, OSFI B13, CIS).
• Knowledge of Canadian laws and Government of Canada regulatory requirements and standards.

Posting closing date: Note, the competition will remain active until filled.

Our commitment to diversity, equity, and inclusion

We're committed to employment equity and encourage women, Indigenous Peoples, persons with disabilities, veterans and persons of all races, ethnicities, religions, abilities, sexual orientations, and gender identities and expressions to apply.

CMHC is an inclusive workplace where diversity of thought – and of people – are recognized, valued, and considered essential to achieving our mission.

Learn more about our commitment to diversity and inclusion

What happens after you apply

We know that applying for a new job can be both exciting and daunting, and we appreciate your effort. Learn more about our hiring process. If you are selected for an interview or testing, please advise us if you require an accommodation.

If you applied before and you were not successful, don't worry – we're always posting new positions, so don't hesitate to give it another shot. We're excited to see what you bring to the table this time around