Manager, Cybersecurity Risk Assessment
Job Requisition ID: 10748
Position Status: Permanent Full Time
Position Type: Hybrid
Office Location: Ottawa (ON) preferred, Montreal (QC) and Toronto will be considered
Travel Requirement: Occasional
Language Designation: Bilingual
Language Skill Levels (Read/Write/Speak): CBC
Security Requirement: Secret
Salary: Our salaries generally range from $99646.37 to $124557.97 and are based on qualifications and experience.
About CMHC
The work you do and the work we do together matters. We come to work every day with a common purpose: to contribute to a well-functioning housing system.
At CMHC, we hold ourselves accountable for our results and support our colleagues in their achievements. We thrive on collaboration, connecting across CMHC and involving the right people to get our work done. We have flexibility in how, when, and where we work, within the boundaries of the business needs and the nature of your role. Our leadership style is guided by trust, where our leaders favour an adaptive approach based on the needs of their teams.
Join us and be part of a team that's committed to making a real difference and be part of something meaningful.
What’s in it for you
We’ve got the purpose, the people and the perks you need for a fulfilling career. Here’s the comprehensive and generous benefits you get when you’re a permanent employee:
- Annual paid vacation.
- Annual individual performance incentive.
- Defined benefit pension plan.
- Comprehensive group insurance plan to support your well-being from day one.
- Support towards your personal and professional growth with training, mentorship and more.
- An inclusive workplace culture and environment.
About the role
The Manager, Cybersecurity Risk Assessment, is responsible for supporting the development and implementation of cybersecurity risk mitigation strategies and monitoring cybersecurity risk levels within the organization. This role assists in identifying and assessing potential threats, ensures alignment with organizational objectives, and collaborates with other departments to integrate risk management practices into business operations.
What you’ll do:
- Support the identification of potential risks and vulnerabilities to develop targeted risk mitigation strategies to reduce the impact of identified risks (technological, operational, financial, and compliance-related threats). Oversee the implementation of risk mitigation plans in collaboration with 1-B. Monitor and support the execution of these strategies and support the continuous monitoring of risks, the effectiveness of mitigation strategies and ensure they comply with relevant industry standards, regulations, and best practices.
- Contribute to ongoing monitoring of IT and cybersecurity risk levels across the organization. Assist in evaluating and enhancing the risk assessment methodologies to identify vulnerabilities, threats, and potential impacts on organizational assets, including systems, data, and infrastructure so they remain effective and aligned with industry best practices and regulatory requirements. Recommend improvements to strengthen the organization's ability to identify, assess, mitigate and respond to these risks.
- Provide regular reports to leadership and senior management on risk status, emerging threats, and mitigation progress, highlighting emerging risks, trends, and the effectiveness of existing mitigation efforts.
- Support security incidents if required, providing guidance on response strategies to minimize damage and ensure a swift resolution. Coordinate with relevant teams to ensure proper documentation and post-incident analysis for continuous improvement.
- Collaborate with leadership, IT, compliance, audit, and first and second lines of defense to integrate cybersecurity risk and risk mitigation strategies into business processes, ensuring effective and proactive risk management.
- Assist leadership in prioritizing IT risk-related programs and initiatives based on their potential impact, urgency, and alignment with organizational goals.
- Continuously assess and refine the organization’s risk management framework to ensure it addresses emerging threats, regulatory requirements, and industry best practices. Recommend enhancements to risk assessment methodologies and reporting processes to keep pace with evolving risks.
- Lead post-incident risk assessments following security breaches or cyber incidents to assess the impact and recommend corrective actions.
What you should have:
- Undergraduate degree in Cyber Security, Computer Security, Information Systems Security, Computer Science or in a related field. An equivalent combination of education and/or experience can be considered.
- 7 years experience in IT Security and/or IT information working with risk management methods including risk assessment and mitigation.
- 3 years experience in providing leadership and direction to cybersecurity staff.
- Ability to independently apply risk frameworks (e.g., NIST, ISO) and advise on the application of these methods in a cybersecurity context.
- Knowledge of impacts of cybersecurity lapses, including specific business functions and IT systems.
- Experience in managing risk in cybersecurity, including risk identification, mitigation, and communication to stakeholders.
- Strong communication skills (oral and written) both in English and French.
It would be great if you also had:
- A Certified Information Security Manager (CISM) will be preferred.
- A Certified Information Systems Security Professional (CISSP), GIAC Security Leadership (GSLC), GIAC Critical Controls Certification (GCCC) or other relevant IT Security licence, designation, or certificate.
- Experience and knowledge of security technologies.
Posting closing date: Note, the competition will remain active until filled.
Our commitment to diversity, equity, and inclusion
We’re committed to employment equity and encourage women, Indigenous Peoples, persons with disabilities, veterans and persons of all races, ethnicities, religions, abilities, sexual orientations, and gender identities and expressions to apply.
CMHC is an inclusive workplace where diversity of thought – and of people – are recognized, valued, and considered essential to achieving our mission.
Learn more about our commitment to diversity and inclusion
What happens after you apply
We know that applying for a new job can be both exciting and daunting, and we appreciate your effort. Learn more about our hiring process. If you are selected for an interview or testing, please advise us if you require an accommodation.
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
job faster
