Cybersecurity Product Owner, Vulnerability Management

Application deadline: July 18th, 2025

Join the EDC Team!

At EDC, we support Canadian businesses to succeed globally. We provide the financial tools and expertise they need to explore new markets, reduce risks, all towards the goal of making Canada and the world better through trade. #LI-Hybrid

Position: Cybersecurity Product Owner, Vulnerability Management

Employment Type:Permanent

Compensation Details :

• Product Owner 18: Salaries typically range from $94,664 to $126,219 annually, based on qualifications and experiences, plus a performance-based incentive.

Location:

• Export Development Canada operates in a hybrid work environment, currently requiring employees to work in the office 2 days per week. (subject to change)
• This role can be performed from EDC’s headquarters in Ottawa or from one of our Community Hubs located in Toronto, Mississauga, Montreal, Brossard, or Laval.
• Relocation assistance is available for candidates who meet the eligibility criteria.

About EDC:

At Export Development Canada (EDC), we empower Canadian businesses to succeed globally. As a financial Crown corporation, we offer innovative financial solutions and expert insights to help businesses explore new markets, mitigate risks, and achieve growth.

Why Join EDC?

• Collaborate with a diverse, experienced team – Work alongside talented professionals who bring a wealth of knowledge and expertise to drive success.
• Thrive in a supportive, teamwork-driven environment – Flourish in a workplace where collaboration and mutual support are paramount.
• Impact global communities through sustainable growth in emerging markets – Make a meaningful difference by fostering sustainable development in key regions around the world.
• Recognized as one of Canada’s Top 100 Employers, Best Diversity Employers, and a Top 100 Family-Friendly Employers – Join a company that is celebrated for its commitment to excellence, diversity, and work-life balance.
• Enjoy a comprehensive Total Rewards package:
  • Flexible benefits – Our program lets you choose coverage that suits your unique needs, including Medical, Dental, Life, and more. Plus, we offer additional Flex credits to tailor your plan even further.
  • Defined Contribution Pension Plan – Secure your future with our generous matching program that helps you save for retirement.
  • Competitive vacation program – Enjoy a work-life balance with our competitive vacation program, starting with 4 weeks of vacation and 2 floater days each year for permanent employees.
  • Comprehensive wellness programs – Stay healthy and happy with access to wellness initiatives, mental health support, and fitness programs.
  • Professional Development – Advance your career with our support for growth and development through conferences, language training, and educational opportunities.

Team Overview:

• The Digital & Technology Solutions (DTS) group under the leadership of the Chief Information Officer was established in 2023 with the mission of empowering our customers and colleagues to take on the world, by seamlessly delivering secure and reliable digital experiences. Digital & Technology Solutions has set out to achieve the following objectives for EDC:
  • Define, execute, and sustain the integrated technology target state, target data model and technology operations required to enable EDC’s 2030 business transformation.
  • Establish and manage the rolling 3 Year Digital Roadmap that sequences the technology outcomes required to achieve the technology target state and facilitate its execution across all domains in the organization.
  • Keep pace with industry trends and emerging technologies, ensuring EDC has access to the digital technology tools it needs to stay relevant in the market and grow Canadian global trade.
  • Lead and ensure integrated digital, data, infrastructure, and cybersecurity implementations to create excellent customer, user, and employee experiences.
• This is your opportunity to join a cybersecurity team with a business-first mindset. You will be part of a growing team of cybersecurity professionals that value transparent communication, collaboration with various internal and external stakeholders, and support innovation while being equally committed to achieving information security risk targets and delivering on the planned security program obligations.
• We are looking for a dynamic and seasoned professional to grow our Vulnerability Management capabilities. This role will work with cybersecurity leadership, cybersecurity team and key stakeholders to define outcomes, develop tactical plans and security requirements, and lead security projects that address information security risks with a focus on protecting EDC’s digital assets.
• This role will require significant cross-functional collaboration and is critical in supporting the fundamental elements of the Enterprise Information Security strategy and team operations.
• The successful candidate is an expert in techniques used to protect sensitive data in multiple environments. This role has a high level of integrity, trustworthiness and confidence, and can represent the company and security leadership with the highest level of professionalism and leads by example . The position reports to the Director, Cybersecurity Operations & Engineering.

What you will be doing:

• Lead EDC’s Vulnerability Management practice by developing strategy, roadmap, and service offerings tailored to business risks and technology environments.
• Oversee vulnerability detection and contextualization across on-premises, cloud, and application layers using automated scans, DevSecOps pipelines, and threat simulation tools.
• Prioritize and track remediation based on severity, exploitability, and business impact, while maintaining accurate documentation and reporting.
• Collaborate with stakeholders, vendors, and security engineering teams to remediate vulnerabilities and enhance detection and response workflows.
• Serve as the primary contact for vulnerability-related issues, ensuring alignment with policies, procedures, and compliance frameworks.
• Operate and manage security tools, lead scan reviews with stakeholders, and document remediation decisions and timelines.
• Promote secure coding practices and support security testing methods such as SAST, DAST, and penetration testing, while staying current with emerging and legacy technologies.

What we are looking for:

• Undergraduate Degree in Computer Science, Information Security, Management Information Systems or related discipline, or equivalent experience in lieu of education.
• Minimum of 7 years’ hands-on experience in information security administration, vulnerability management or security/infrastructure operations.
• Minimum 3 years’ experience working in an outsourced IT or cybersecurity environment, either on the client or vendor side.
• Hands-on experience with vulnerability management solutions such as Qualys, Tenable, and/or ServiceNow.
• Experience conducting organization-wide vulnerability scanning and remediation processes.
• Exceptional skills in influencing and driving cross-functional teams and delivering solutions in a highly complex, dynamic and nebulous environment.
• Excellent verbal and written communication, critical and strategic thinking, time management, priority planning and interpersonal skills.
• Proven experience in tech fluency and business fluency, and a demonstrated ability to “translate” between the two.
• Working knowledge of both ITIL and Agile principles with an understanding of how backlogs are formed and how to influence them.

What will make you stand out:

• Certifications: Certified Information Systems Security Professional (CISSP),CGCED (GIAC Certified Enterprise Defender), GCCC (GIAC Critical Controls Certification), GPEN (GIAC Penetration Tester Certification), GCIH (GIAC Certified Incident Handler Certification), or CRISC.
• 3-5 years’ experience with a combination of one of more hands-on roles in cybersecurity or IT operations.
• Experience working with senior leaders and executives in a service delivery or risk management setting.
• Experience governing IT vendor relationships.
• Strong understanding of applications, operating systems, networking, cloud infrastructure and basic attacker tactics, techniques and procedures (TTPs), OWASP, CVSS and MITRE ATT&CK framework and the software development lifecycle.
• Strong knowledge of industry compliance framework/scans (e.g. CIS).
• Capacity to comprehend complex technical infrastructure, managed services and third-party dependencies.
• Bilingual in both official languages of Canada (English and French).

Eligibility:

• Eligibility: EDC is committed to Fair Employment Practices and preference will be given to a candidate who is able to work legally in Canada at the time of application (Canadian Citizens or Permanent Residents). Candidates must meet the requisite government security screening requirements.The position is open to those who meet all of the essential requirements stated above and whose applications are received by the closing date.

This position is open to individuals who meet all the essential criteria outlined above and submit their applications by the closing date. Ready to make a difference? This is your chance to join a dynamic, growing team and leave your mark on our organization, development finance, and the world.

Apply today!

Want to learn more about EDC? Check our website here https://www.edc.ca

EDC's Commitment to Employment Equity

Export Development Canada (EDC) is dedicated to fostering employment equity and building a diverse workforce. We are committed to creating a safe and inclusive environment that respects people from all cultures, backgrounds, and abilities. At EDC, we nurture a culture of inclusion and belonging where everyone has equal opportunity to grow, develop, succeed, and be their truest selves.

We actively encourage applications from women, Indigenous peoples, visible minorities, persons with disabilities, and members of the 2SLGBTQI+ community.

Should you require any accommodation during the recruitment and selection process, please let our Recruitment team know

Your application must clearly demonstrate how you meet all the requirements. We thank all applicants' interest in a career at EDC; however, only those selected for an interview will be contacted. Please note that qualified candidates may be considered for similar roles at this level within EDC.