Senior Cybersecurity Operations Analyst (Level 18) / Principal Cybersecurity Operations Analyst[...]

At EDC, we support Canadian businesses to succeed globally. We provide the financial tools and expertise they need to explore new markets, reduce risks, all towards the goal of making Canada and the world better through trade. #LI-Hybrid

• Security Operations 18: Salaries typically range from $94,664 to $126,219 annually, based on qualifications and experiences, plus a performance-based incentive.
• Security Operations 19: Salaries typically range from $109,810 to $146,413 annually, based on qualifications and experiences, plus a performance-based incentive.

• Export Development Canada operates in a hybrid work environment, currently requiring employees to work in the office 2 days per week. (subject to change)
• This role can be performed from EDC’s headquarters in Ottawa or from one of our Community Hubs located in Toronto, Mississauga, Montreal, Laval, or Brossard.
• Relocation assistance is available for eligible candidates.

At Export Development Canada (EDC), we empower Canadian businesses to succeed globally. As a financial Crown corporation, we offer innovative financial solutions and expert insights to help businesses explore new markets, mitigate risks, and achieve growth.

• Comprehensive Benefits: EDC offers a competitive compensation & benefits package, work-life balance, & the opportunity to help make Canada and the world better through trade.
• Work-Life Balance: EDC offers a competitive compensation package & work-life balance. We have hybrid work options, 3 to 4 weeks paid vacation, a corporate closure period, summer early Friday’s & no meeting Fridays.
• Professional Development: Take advantage of our continuous learning opportunities, including training programs, workshops and language training.
• Inclusive Culture: Be part of a diverse and inclusive workplace that champions employment equity & values diversity of ideas, strengths, & backgrounds to succeed.
• Wellness Programs: Access to wellness initiatives, mental health support, and fitness programs to keep you healthy and happy.
• Community Engagement: Participate in volunteer opportunities and give back to the community through our various social responsibility programs.

The Digital & Technology Solutions (DTS) group under the leadership of the Chief Information Officer was established in 2023 with the mission of empowering our customers and colleagues to take on the world, by seamlessly delivering secure and reliable digital experiences. Digital & Technology Solutions has set out to achieve the following objectives for EDC:

• Define, execute, and sustain the integrated technology target state, target data model and technology operations required to enable EDC’s 2030 business transformation.
• Establish and manage the rolling 3 Year Digital Roadmap that sequences the technology outcomes required to achieve the technology target state and facilitate its execution across all domains in the organization.
• Keep pace with industry trends and emerging technologies, ensuring EDC has access to the digital technology tools it needs to stay relevant in the market and grow Canadian global trade.
• Lead and ensure integrated digital, data, infrastructure, and cybersecurity implementations to create excellent customer, user, and employee experiences.

This is your opportunity to join a cybersecurity team with a business-first mindset. You will be part of a growing team of cybersecurity professionals that value transparent communication, collaboration with various internal and external stakeholders, and support innovation while being equally committed to achieving information security risk targets and delivering on the planned security program obligations.

The Senior Cybersecurity Operations Analyst / Principal Cybersecurity Operations Analyst is responsible for leading and supporting the development, implementation, and maintenance of cybersecurity governance, risk management practices, and compliance initiatives applying industry recognized frameworks. This role ensures that EDC’s cybersecurity posture aligns with customer and regulatory requirements, industry standards, technology advancements and internal policies. The specialist collaborates with cross-functional teams to establish cybersecurity governance, identify, assess and manage risks, develop controls, and monitor compliance across the organization.

Reporting into the Director, Cyber GRC & Program/Portfolio is responsible for overseeing the operational and tactical direction, development, and management of the organization's Cyber risk management operating model aligned with the overall cybersecurity strategic direction, contributes to strategy and delivers the required cyber risk management governance, risk and compliance services.

• Governance Development: Develop and maintain cybersecurity governance, frameworks, policies, standards and guidelines.
• Risk Management: Lead risk assessment services, ensure appropriate mitigation strategies are in place and provide support to risk oversight.
• Compliance Monitoring: Manage exemptions and monitor compliance with internal policies, risk assessments and external requirements.
• Audit Support: Support audits and assessments by preparing documentation and coordinating responses.
• Cross- Functional Collaboration: Collaborate with IT, Legal, and business units to ensure alignment of cybersecurity practices.
• Threat Awareness: Maintain awareness of emerging threats, vulnerabilities, and regulatory changes.
• Stakeholder Training: Provide guidance and training on GRC-related topics to internal stakeholders.
• Risk‑Informed Strategy: Utilize insights from security operations and incident response to inform risk management strategies.
• Metrics & Reporting: Contribute to the development of metrics and reporting mechanisms for cybersecurity governance.
• Teamwork: Provide recommendations on prioritization and guidance on work execution to the team members.
• Policy Development: Establish policies, standards, and procedures to ensure compliance with regulatory requirements and industry best practices.
• Technology Management: Evaluate, select, and coordinate the implementation of GRC technologies and tools to enhance the organization's security posture.
• Partnerships: Establish strong partnerships with channels, service communities and external parties (managed services and other partners) accountable for building and integrating into enterprise risk.
• Stakeholder Collaboration and Communication: Partner with technology and business channels to develop a control program and promote control adoption, foster a customer‑focused culture to strengthen client relationships.
• Governance and Process Improvement: Develop and enforce Cyber policies and standards, promote best practices through governance and design frameworks, and drive continuous process improvements to ensure compliance and effective service delivery aided by capability maturity models.
• Vendor Management: Coordinate third‑party risk management activities, including review of risk assessments and monitoring of third parties’ security posture.

• Bachelor’s degree in Computer Science, Information Security, or a related field.
• Minimum of 7 years (Level 18) or 10 years (Level 19) of experience in Cybersecurity with a focus on Governance, Risk, and Compliance (GRC).
• Strong understanding of cybersecurity frameworks (e.g., NIST CSF, NIST 800‑53, ISO 27001, ISO 27002, ISO 27005, CMMI).
• Hands‑on experience with cybersecurity governance, risk assessment methodologies and compliance audits.
• Strong communication skills with stakeholder management.
• High level of initiative and ownership.
• Ability to adapt in a fast‑paced, evolving environment.
• Collaborative mindset with a problem‑solving attitude.

• Master’s degree in Information Security, cybersecurity, computer science, or related field.
• Familiarity with CMMI frameworks and process maturity models, particularly in the context of service delivery.
• Experience preparing and supporting presentations to executive‑level reports, including dashboards, KPIs, and strategic insights tailored for senior leadership.
• Hands‑on experience with GRC applications.
• Professional certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CRISC (Certified in Risk and Information Systems Control), CISA (Certified Information Systems Auditor) or equivalent.
• Bilingual in both official languages (English and French).

• EDC is dedicated to Fair Employment Practices. Applicants must be Canadian citizens or hold valid permanent residency cards at the time of application. Preference will be given to candidates who are legally able to work in Canada (Canadian Citizens or Permanent Residents). Candidates must also meet the government security screening requirements.

This position is open to individuals who meet all the essential criteria outlined above and submit their applications by the closing date. Ready to make a difference? This is your chance to join a dynamic, growing team and leave your mark on our organization, development finance, and the world.

Apply today!

Want to learn more about EDC? Check our website here https://www.edc.ca

Export Development Canada (EDC) is dedicated to fostering employment equity and building a diverse workforce. We are committed to creating a safe and inclusive environment that respects people from all cultures, backgrounds, and abilities. At EDC, we nurture a culture of inclusion and belonging where everyone has equal opportunity to grow, develop, succeed, and be their truest selves.

We actively encourage applications from women, Indigenous peoples, visible minorities, persons with disabilities, and members of the 2SLGBTQI+ community.

Your application must clearly demonstrate how you meet all the requirements. We thank all applicants' interest in a career at EDC; however, only those selected for an interview will be contacted. Please note that qualified candidates may be considered for similar roles at this level within EDC.

EDC recognizes that disclosing the need for accommodations can be a personal matter. Please know that as an organization, we are committed to maintaining confidentiality and ensuring that any accommodations provided are tailored to support your needs. Our aim is to ensure you have a comfortable and positive experience throughout the recruitment process, so please do not hesitate to contact us directly for any accommodation requests at accessibility@edc.ca. We are here to support you every step of the way.