Analyst, IT Security and Risk

**Job Requisition ID**: 11432

**Position Status**: Permanent Full Time

**Position Type**:Hybrid

**Office Location**:Ottawa (ON); Montreal (QC); Toronto (ON)

**Travel Requirement**: Limited

**Language Designation**: English Essential

**Language Skill Levels (Read/Write/Speak)**: ZZZ

**Security Requirement**: Secret

**Salary**: Our salaries generally range from $ $60,871.49 to $ $76,089.36 and are based on qualifications and experience.

About CMHC

The work you do and the work we do together matters. We come to work every day with a common purpose: to contribute to a well-functioning housing system.

At CMHC, we hold ourselves accountable for our **results** and support our colleagues in their achievements. We thrive on collaboration, connecting across CMHC and involving the right people to get our work done. Our leadership style is guided by **trust**, where our leaders favour an adaptive approach based on the needs of their teams.

Join us and be part of a team that's committed to making a real difference and be part of something meaningful.

What’s in it for you

We’ve got the purpose, the people and the perks you need for a fulfilling career. Here’s the comprehensive and generous benefits you get when you’re a permanent employee:

- Annual paid vacation.
- Annual individual performance incentive.
- Defined benefit pension plan.
- Comprehensive group insurance plan to support your well-being from day one.
- Support towards your personal and professional growth with training, mentorship and more.
- An inclusive workplace culture and environment.

About the role

We are seeking a detail-oriented and proactive IT Analyst - IT Security & Risk to support the organization’s cybersecurity posture and risk management initiatives. This role is responsible for identifying, assessing, and mitigating IT security risks, ensuring compliance with internal policies and external regulations, and supporting the implementation of security technologies and controls.

**What you’ll do**:

- Support the implementation, maintenance, and monitoring of security controls, risk assessments, and compliance activities.
- Collaborate with business and IT teams to identify, analyze, and report on risks to organizational information assets.
- Assist in incident response, vulnerability management, and security awareness programs.
- Contribute to the development of policies, procedures, and best practices in cybersecurity and IT risk management.
- Help ensure compliance with regulatory requirements (e.g., OSFI B-13, NIST, ITSG-33) and CMHC’s internal frameworks.

**DevSecOps & Security Operations**:

- Be part of our Security Operations and DevSecOps teams to deliver secure, robust, and automated solutions across our platforms and cloud environments.
- Participate in the deployment, integration, and daily monitoring of modern security tools, including:

- **Microsoft Defender** (Endpoint, Identity, Cloud, etc.)
- **SIEM solutions** (e.g., Azure Sentinel)
- **Copilot**:

- **Data Loss Prevention (DLP)**:

- **Azure DevOps** (CI/CD security integration)
- **AquaSec** (container and cloud-native security)
- And other cutting-edge security and automation technologies
- Actively contribute to the automation and continuous improvement of our security processes, supporting both IT and business delivery.

**What you should have**:

- Knowledge of cybersecurity, DevSecOps and IT security best practices.
- Strong analytical, communication, and teamwork skills.
- Proactive attitude, willingness to learn, and ability to work in a fast-paced environment.

**It would be great if you also had**:

- Hands-on experience or strong interest in security operations and automation tools (Defender, SIEM, DLP, Azure DevOps, AquaSec, etc.) is an asset.

**Posting closing date**:Note, the competition will remain active until filled.

Our commitment to diversity, equity, and inclusion

CMHC is an inclusive workplace where diversity of thought - and of people - are recognized, valued, and considered essential to achieving our mission.

**Learn more about our commitment to diversity and inclusion**

What happens after you apply

If you applied before and you were not successful don’t worry - we're always posting new positions, so don’t hesitate to give it another shot. We’re excited to see what you bring to the table this time around