Senior Specialist, IT Security Risk Management

OverviewJob Requisition ID: 11493Sector: Technology and Business TransformationPosition Status: Permanent Full TimePosition Type: HybridOffice Location: Montreal (QC); Ottawa (ON)Language Designation: English EssentialLanguage Skill Levels (Read/Write/Speak): ZZZTravel Requirement: LimitedSecurity Requirement: SecretSalary Range: $101,639.30 to $127,049.13About CMHCThe work you do and the work we do together matters. We come to work every day with a common purpose: to contribute to a well-functioning housing system.At CMHC, we hold ourselves accountable for our results and support our colleagues in their achievements. We thrive on collaboration, connecting across CMHC and involving the right people to get our work done. Our leadership style is guided by trust, where our leaders favour an adaptive approach based on the needs of their teams.Join us and be part of a team that’s committed to making a real difference and be part of something meaningful.What’s in it for youWe’ve got the purpose, the people and the perks you need for a fulfilling career. Here’s the comprehensive and generous benefits you get when you’re a permanent employee:Annual Paid vacation.Annual individual performance incentive.Defined benefit pension plan.Comprehensive group insurance plan to support your well-being from day one.Support towards your personal and professional growth with training, mentorship and more.An inclusive workplace culture and environment.About the roleThe Senior Specialist, IT Security & Risk Management is responsible for developing, implementing, and maintaining security policies, controls, and risk management practices that safeguard the organization’s information systems. This role works closely with cross-functional teams to assess threats, respond to incidents, ensure regulatory compliance, and enhance the overall cybersecurity maturity of the organization.What you will doSecurity Governance & ComplianceDevelop and maintain IT security policies, standards, and procedures.Support compliance initiatives (e.g., ISO 27001, NIST, PCI-DSS, SOC 2, privacy regulations).Conduct regular security audits and risk assessments.Prepare documentation for internal and external audits.Risk ManagementLead risk assessments to identify gaps in systems, processes, and technologies.Maintain the enterprise IT risk register and track remediation activities.Provide recommendations to reduce risks and strengthen controls.Security Operations & Incident ResponseMonitor security alerts, investigate incidents, and coordinate response activities.Work with IT teams to ensure timely patching, vulnerability remediation, and system hardening.Support endpoint, network, cloud, and identity security initiatives.Technology & Project SupportParticipate in the security review of new systems, applications, and vendor solutions.Assess third-party security risks and support procurement due diligence.Provide expert guidance on secure architecture and security-by-design practices.Awareness & TrainingContribute to cybersecurity awareness programs and training activities.Provide guidance to employees on best practices for protecting information assets.What you should haveBachelor’s degree in Information Security, Computer Science, or related field.5–8 years of experience in IT security, risk management, or related roles.Certifications such as CISSP, CISM, CRISC, or ISO 27001 Lead Implementer (an asset).Strong understanding of security frameworks (NIST CSF, ISO 27001), cloud security, and risk methodologies.Experience with SIEM, vulnerability management tools, EDR, IAM, and cloud environments (Azure).Excellent analytical, communication, and problem-solving skills.Posting closing date: Note, the competition will remain active until filled.Our commitment to diversity, equity, and inclusionWe’re committed to employment equity and encourage women, Indigenous Peoples, persons with disabilities, veterans and persons of all races, ethnicities, religions, abilities, sexual orientations, and gender identities and expressions to apply. We also welcome applications from non-Canadians who are eligible to work in Canada.CMHC is an inclusive workplace where diversity of thought – and of people – are recognized, valued, and considered essential to achieving our mission.What happens after you applyWe know that applying for a new job can be both exciting and daunting, and we appreciate your effort. Note, the hiring process details will be provided after application. If you are selected for an interview or testing, please advise us if you require an accommodation.If you applied before and you were not successful don’t worry – we’re always posting new positions, so don’t hesitate to give it another shot. We’re excited to see what you bring to the table this time around #J-18808-Ljbffr