Senior Manager, Cybersecurity Operations

Job Requisition ID: 10747 Position Status:  Permanent Full Time  Position Type:  Hybrid  Office Location:  Ottawa (preferred), Montreal (QC) and Toronto (ON) will be considered Travel Requirement:  Occasional  Language Designation:  Bilingual  Language Skill Levels (Read/Write/Speak):  CBC  Security Requirement:  Secret  Salary:  Our salaries generally range from $ 126024.66 to $ 157530.82 and are based on qualifications and experience.  About CMHC The work you do and the work we do together matters. We come to work every day with a common purpose: to contribute to a well-functioning housing system. At CMHC, we hold ourselves accountable for our results and support our colleagues in their achievements. We thrive on collaboration , connecting across CMHC and involving the right people to get our work done. We have  flexibility , in how, when, and where we work, within the boundaries of the business needs and the nature of your role. Our leadership style is guided by trust , where our leaders favour an adaptive approach based on the needs of their teams. Join us and be part of a team that's committed to making a real difference and be part of something meaningful. What’s in it for you We’ve got the purpose, the people and the perks you need for a fulfilling career. Here’s the comprehensive and generous benefits you get when you’re a permanent employee: Annual paid vacation. Annual individual performance incentive. Defined benefit pension plan. Comprehensive group insurance plan to support your well-being from day one. Support towards your personal and professional growth with training, mentorship and more.  An inclusive workplace culture and environment. About the role The Senior Manager, Cybersecurity Operations is responsible for ensuring the continuous security of IT operations by managing security tools, conducting vulnerability identification, and providing threat intelligence. This role leads a team of cybersecurity professionals to deliver high-quality operations to protect the organization assets and data and collaborates with other departments to integrate risk management practices and ensure a coordinated response to security incidents. Office Location:  Ottawa (preferred), Montreal (QC) and Toronto (ON) will be considered. What you’ll do:  Manage and supervise day-to-day security operations to safeguard the organization’s data and assets and ensure the effective functioning of security tools and platforms to maintain optimal service delivery including threat detection, incident response, vulnerability management, and continuous monitoring of IT infrastructure. Collaborate with key departments (e.g., IT, legal, compliance, and HR) to ensure risk management practices are integrated into all aspects of the business (proactive threat identification, vulnerability management) and lead the development of effective cybersecurity protocols to guide operations and ensure consistency across security activities.  Provide regular reporting to senior leadership to: highlighting trends, areas of concern, recommendations for continuous improvement, status of cybersecurity compliance efforts, risk management initiatives, and the effectiveness of cross-department collaboration in maintaining a secure and compliant security and IT environment. Ensure the proper configuration of security and cybersecurity tools (e.g., SIEM, firewalls, intrusion detection/prevention systems) to align with organizational security policies and best practices, and continuously optimize their performance for maximum effectiveness and relevant to regulatory requirements and that they remain current and capable of defending against the latest threats, vulnerabilities, and compliance requirements.  Oversee relationships with third-party security tool vendors, ensuring contractual obligations are met, and managing product evaluations, renewals, and escalations related to performance issues or tool enhancements. Direct and oversee regular vulnerability assessments across the organization's IT infrastructure, applications, and cloud environments, identifying potential risks and areas of weakness and collaborating with relevant teams to implement corrective actions where feasible. Establish a risk-based prioritization framework for discovered vulnerabilities, ensure continuous monitoring and automated scanning of systems for vulnerabilities in collaborate with IT infrastructure, application development, and network teams for vulnerabilities to be promptly addressed with effective remediation plans and oversee the validation and verification process post-remediation to ensure vulnerabilities are properly mitigated, and the systems have been securely patched and tested for resilience. Lead incident response efforts, ensuring a swift, coordinated, and effective response to security breaches and incidents ie: to investigate, contain, and remediate security incidents, while minimizing business impact and aligns with both operational and compliance requirements. Ensure that all departments understand their roles in responding to security incidents and mitigating any potential business impact. What you should have: Undergraduate degree in Cyber Security, Computer Security, Information Systems Security, Computer Science or in a related field. An equivalent combination of education and/or experience can be considered. A Professional designation, such as Certified Information Security Manager (CISM). 10 years experience in IT Security and/or in information security working with cybersecurity frameworks, privacy regulations, and industry standards, including data protection laws and principles governing confidentiality, integrity, availability, authentication, and non-repudiation and an expertise in incident framework and methodologies (data breaches, denial of service attacks, insider threats, etc.). 5 years of management experience providing leadership and direction to cybersecurity staff. Advanced proficiency in: identifying and assessing a wide range of cyber threats (e.g., malware, ransomware, insider threats) and vulnerabilities (e.g., software flaws, configuration weaknesses, network security gaps). identifying and remediating application vulnerabilities, including secure software development practices, common vulnerabilities (e.g., OWASP Top 10), and tools for vulnerability scanning and penetration testing to enhance application security and mitigate risks. Advance knowledge of: personally Identifiable Information (PII) data security standards and regulations (e.g., GDPR, CCPA, HIPAA), including best practices for securing sensitive data, ensuring compliance, and implementing effective privacy protections to prevent unauthorized access or breaches. current industry methods for evaluating, implementing, and using security tools for assessment, monitoring, detection, and remediation of security threats. Extensive experience in developing, documenting, and refining cybersecurity processes and procedures that align with operational requirements and ensure consistent, repeatable actions in response to security events, incidents, and audits. how traffic flows across IT networks, including knowledge of TCP/IP, the OSI model, and associated network protocols. Proficient in ITIL frameworks for service management, with the ability to design, implement, and optimize network security controls aligned with operational needs. Strong ability to: identify emerging trends in security operations (analysis of incident data, vulnerability reports, and threat intelligence) combined with extensive experience conducting vulnerability assessments, performing regular scans (using industry-leading tools) and identifying critical vulnerabilities in systems, applications, and networks. communicate (written and verbal) both in English and French combined with the ability to negotiate, influence and challenge various audiences. It would be great if you also had: Certified Information Systems Security Professional (CISSP), GIAC Security Leadership (GSLC), GIAC Critical Controls Certification (GCCC) or other relevant IT Security licence, designation, or certificate. Experience and knowledge of security technologies such as identity management, computer forensics, application security and network security technologies. Experience and/or knowledge of recognized standards. E.g. NIST CSF, ISO 27001/27002, ITSG-33, OSFI B13, CIS, etc. Knowledge of Canadian laws and Government of Canada regulatory requirements and standards. E.g. Treasury Board, Office of the Superintendent of Financial Institutes, etc. Posting closing date:  Note, the competition will remain active until filled. Our commitment to diversity, equity, and inclusion  We’re committed to employment equity and encourage women, Indigenous Peoples, persons with disabilities, veterans and persons of all races, ethnicities, religions, abilities, sexual orientations, and gender identities and expressions to apply. We also welcome applications from non-Canadians who are eligible to work in Canada. CMHC is an inclusive workplace where diversity of thought – and of people – are recognized, valued, and considered essential to achieving our mission. What happens after you apply  We know that applying for a new job can be both exciting and daunting, and we appreciate your effort. . If you are selected for an interview or testing, please advise us if you require an accommodation. If you applied before and you were not successful don’t worry – we're always posting new positions, so don’t hesitate to give it another shot. We’re excited to see what you bring to the table this time around