Senior Manager, Cybersecurity Operations

Job Requisition ID : 10747

Position Status : Permanent Full Time

Position Type : Hybrid

Office Location : Ottawa (preferred), Montreal (QC) and Toronto (ON) will be considered

Travel Requirement : Occasional

Language Designation : Bilingual

Language Skill Levels (Read / Write / Speak) : CBC

Security Requirement : Secret

Salary : Our salaries generally range from $126,024.66 to $157,530.82 and are based on qualifications and experience.

The work you do and the work we do together matters. We come to work every day with a common purpose: to contribute to a well-functioning housing system.

At CMHC, we hold ourselves accountable for our results and support our colleagues in their achievements. We thrive on collaboration, connecting across CMHC and involving the right people to get our work done. We have flexibility, in how, when, and where we work, within the boundaries of the business needs and the nature of your role. Our leadership style is guided by trust, where our leaders favour an adaptive approach based on the needs of their teams.

Join us and be part of a team that’s committed to making a real difference and be part of something meaningful.

We’ve got the purpose, the people and the perks you need for a fulfilling career. Here’s the comprehensive and generous benefits you get when you’re a permanent employee:

• Annual paid vacation.
• Annual individual performance incentive.
• Defined benefit pension plan.
• Comprehensive group insurance plan to support your well-being from day one.
• Support towards your personal and professional growth with training, mentorship and more.
• An inclusive workplace culture and environment.

The Senior Manager, Cybersecurity Operations is responsible for ensuring the continuous security of IT operations by managing security tools, conducting vulnerability identification, and providing threat intelligence. This role leads a team of cybersecurity professionals to deliver high-quality operations to protect the organization’s assets and data and collaborates with other departments to integrate risk management practices and ensure a coordinated response to security incidents.

• Manage and supervise day-to-day security operations to safeguard the organization’s data and assets and ensure the effective functioning of security tools and platforms to maintain optimal service delivery including threat detection, incident response, vulnerability management, and continuous monitoring of IT infrastructure.
• Collaborate with key departments (e.g., IT, legal, compliance, and HR) to ensure risk management practices are integrated into all aspects of the business and lead the development of effective cybersecurity protocols to guide operations and ensure consistency across security activities.
• Provide regular reporting to senior leadership highlighting trends, areas of concern, recommendations for continuous improvement, status of cybersecurity compliance efforts, risk management initiatives, and the effectiveness of cross-department collaboration.
• Ensure the proper configuration of security and cybersecurity tools (e.g., SIEM, firewalls, intrusion detection/prevention systems) to align with organizational security policies and best practices, and continuously optimize their performance to defend against threats, vulnerabilities, and regulatory requirements.
• Oversee relationships with third-party security tool vendors, ensuring contractual obligations are met, and managing product evaluations, renewals, and escalations related to performance issues or tool enhancements.
• Direct and oversee regular vulnerability assessments across the organization’s IT infrastructure, applications, and cloud environments, identifying potential risks and areas of weakness and collaborating with relevant teams to implement corrective actions.
• Establish a risk-based prioritization framework for discovered vulnerabilities, ensure continuous monitoring and automated scanning of systems for vulnerabilities, and collaborate with IT infrastructure, application development, and network teams for remediation with verification post-remediation.
• Lead incident response efforts, ensuring a swift, coordinated, and effective response to security breaches and incidents, while minimizing business impact and aligning with operational and compliance requirements. Ensure all departments understand their roles in incident response.

• Undergraduate degree in Cyber Security, Computer Security, Information Systems Security, Computer Science or related field. An equivalent combination of education and/or experience can be considered.
• A Professional designation, such as Certified Information Security Manager (CISM).
• 10 years experience in IT Security and/or information security with cybersecurity frameworks, privacy regulations, and industry standards, including data protection laws and principles of confidentiality, integrity, availability, authentication, and non-repudiation; expertise in incident frameworks and methodologies.
• 5 years of management experience providing leadership to cybersecurity staff.
• Advanced proficiency in identifying and assessing cyber threats and vulnerabilities, including secure software development practices and tools for vulnerability scanning and penetration testing.
• Knowledge of PII data security standards and regulations (e.g., GDPR, CCPA, HIPAA) and best practices for securing sensitive data, ensuring compliance, and privacy protections; understanding of network protocols and ITIL frameworks for service management.
• Strong ability to identify emerging trends in security operations, conduct vulnerability assessments, and communicate effectively in English and French.

• Certified Information Systems Security Professional (CISSP), GIAC certifications (GSLC, GCCC) or other relevant IT security credentials.
• Experience with identity management, forensics, application security and network security technologies.
• Knowledge of standards such as NIST CSF, ISO 27001/27002, ITSG-33, OSFI B13, CIS, etc.
• Knowledge of Canadian laws and Government of Canada regulatory requirements and standards (e.g., Treasury Board, OSFI).

Posting closing date: Note, the competition will remain active until filled.

We’re committed to employment equity and encourage women, Indigenous Peoples, persons with disabilities, veterans and persons of all races, ethnicities, religions, abilities, sexual orientations, and gender identities and expressions to apply. We also welcome applications from non-Canadians who are eligible to work in Canada.

CMHC is an inclusive workplace where diversity of thought – and of people – are recognized, valued, and considered essential to achieving our mission.

We know that applying for a new job can be both exciting and daunting, and we appreciate your effort. If you are selected for an interview or testing, please advise us if you require an accommodation.

If you applied before and you were not successful, don’t worry – we’re always posting new positions, so don’t hesitate to give it another shot. We’re excited to see what you bring to the table this time around!