Manager, Cybersecurity Risk Assessment

**Job Requisition ID**: 10748

**Position Status**: Permanent Full Time

**Position Type**:Hybrid

**Office Location**:Ottawa (ON) preferred, Montreal (QC) and Toronto will be considered

**Travel Requirement**: Occasional

**Language Designation**: Bilingual

**Language Skill Levels (Read/Write/Speak)**: CBC

**Security Requirement**: Secret

**Salary**: Our salaries generally range from $ 99646.37 to $ 124557.97 and are based on qualifications and experience.

About CMHC

The work you do and the work we do together matters. We come to work every day with a common purpose: to contribute to a well-functioning housing system.

At CMHC, we hold ourselves accountable for our **results** and support our colleagues in their achievements. We thrive on **collaboration**, connecting across CMHC and involving the right people to get our work done. We have **flexibility**, in how, when, and where we work, within the boundaries of the business needs and the nature of your role. Our leadership style is guided by **trust**, where our leaders favour an adaptive approach based on the needs of their teams.

Join us and be part of a team that's committed to making a real difference and be part of something meaningful.

What’s in it for you

We’ve got the purpose, the people and the perks you need for a fulfilling career. Here’s the comprehensive and generous benefits you get when you’re a permanent employee:

- Annual paid vacation.
- Annual individual performance incentive.
- Defined benefit pension plan.
- Comprehensive group insurance plan to support your well-being from day one.
- Support towards your personal and professional growth with training, mentorship and more.
- An inclusive workplace culture and environment.

About the role

The Manager, Cybersecurity Risk Assessment, is responsible for supporting the development and implementation of cybersecurity risk mitigation strategies and monitoring cybersecurity risk levels within the organization. This role assists in identifying and assessing potential threats, ensures alignment with organizational objectives, and collaborates with other departments to integrate risk management practices into business operations.

**Office Location**:Ottawa (ON) preferred, Montreal (QC) and Toronto will be considered.**

**What you’ll do**:

- Support the identification of potential risks and vulnerabilities to develop targeted risk mitigation strategies to reduce the impact of identified risks (technological, operational, financial, and compliance-related threats). Oversee the implementation of risk mitigation plans in collaboration with 1-B. Monitor and support the execution of these strategies and support the continuous monitoring of risks, the effectiveness of mitigation strategies and ensure they comply with relevant industry standards, regulations, and best practices.
- Contribute to ongoing monitoring of IT and cybersecurity risk levels across the organization. Assist in evaluating and enhancing the risk assessment methodologies to identify vulnerabilities, threats, and potential impacts on organizational assets, including systems, data, and infrastructure so they remain effective and aligned with industry best practices and regulatory requirements. Recommend improvements to strengthen the organization's ability to identify, assess, mitigate and respond to these risks. Leverage risk management tools and frameworks to provide a thorough analysis of risks and their potential consequences. Contribute to the development and enhancement of IT and cybersecurity risk management processes, procedures, and standards to ensure effective risk identification, evaluation, and mitigation. Collaborate with relevant stakeholders to integrate these processes into business operations, ensuring consistency and compliance across the organization.
- Provide regular reports to leadership and senior management on risk status, emerging threats, and mitigation progress. highlighting emerging risks, trends, and the effectiveness of existing mitigation efforts.
- Support security incidents if required, providing guidance on response strategies to minimize damage and ensure a swift resolution. Coordinate with relevant teams to ensure proper documentation and post-incident analysis for continuous improvement.
- Collaborate with leadership, IT, compliance, audit, first and second line of defense to integrate cybersecurity risk and risk mitigation strategies into business processes, ensuring effective and proactive risk management and alignment of risk assessment efforts with broader organizational objectives and risk management frameworks and ensure risk management practices meet regulatory standards and internal audit requirements. Support the preparation and response to audits, ensuring that risk controls are documented and effectively implemented.
- Assist leadership in prioritizing IT risk-related programs and initiatives based on their potential impact, urgency, and alignment with organizational goals