Senior Specialist, IT Security Operations | Spécialiste principal, Opérations de Sécurité des TI

Job Requisition ID: 11015

Position Status: Permanent Full Time

Position Type: Hybrid

Office Location: Montreal (QC); Ottawa (ON); Toronto (ON)

Travel Requirement: Limited

Language Designation: English Essential

Language Skill Levels (Read/Write/Speak): ZZZ

Security Requirement: Secret

Salary: Our salaries generally range from $101639.3 to $127049.13 and are based on qualifications and experience.

About CMHC

The work you do and the work we do together matters. We come to work every day with a common purpose: to contribute to a well-functioning housing system.

At CMHC, we hold ourselves accountable for our results and support our colleagues in their achievements. We thrive on collaboration, connecting across CMHC and involving the right people to get our work done. We have flexibility, in how, when, and where we work, within the boundaries of the business needs and the nature of your role. Our leadership style is guided by trust, where our leaders favour an adaptive approach based on the needs of their teams.

Join us and be part of a team that's committed to making a real difference and be part of something meaningful.

What’s in it for you

We’ve got the purpose, the people and the perks you need for a fulfilling career. Here’s the comprehensive and generous benefits you get when you’re a permanent employee:

• Annual paid vacation.
• Annual individual performance incentive.
• Defined benefit pension plan.
• Comprehensive group insurance plan to support your well-being from day one.
• Support towards your personal and professional growth with training, mentorship and more.
• An inclusive workplace culture and environment.

About the role

Join the Technology and Business Transformation sector as a Senior Specialist in IT Security Risk Management. You'll be responsible for ensuring the security and integrity of CMHC’s information systems. This role involves identifying, assessing, and mitigating security risks, developing policies, and leading incident response efforts.

What you’ll do:

• Lead and manage IT security operations, ensuring the protection of company data and systems.
• Develop, implement, and maintain security policies, procedures, and standards.
• Monitor and respond to security incidents, conducting thorough investigations and implementing corrective actions.
• Collaborate with IT and business teams to ensure security measures are integrated into all aspects of the organization.
• Conduct regular security assessments and audits to identify vulnerabilities and recommend improvements.
• Stay up-to-date with the latest security trends, technologies, and threats, and proactively implement measures to mitigate risks.
• Provide expert guidance and support for Microsoft/O365 security configurations and best practices.
• Manage and secure Azure cloud environments, ensuring compliance with security standards.
• Implement and oversee incident response protocols, including detection, analysis, containment, eradication, and recovery.
• Utilize the MITRE ATT&CK framework to enhance threat detection and response capabilities.

What you should have:

• A Bachelor's degree in: Computer Science, Information Technology, or a related field.
• A minimum of 5 years of experience in IT security operations, with a focus on Microsoft/O365 solutions.
• Strong knowledge of security frameworks, standards, and best practices (e.g., ISO 27001, NIST).
• Proficiency in security tools and technologies, including firewalls, intrusion detection/prevention systems, and vulnerability management.
• Extensive experience with Azure cloud security and management.
• Expertise in incident response and familiarity with the MITRE ATT&CK framework.
• Excellent analytical, problem-solving, and decision-making skills.
• Strong communication and interpersonal skills, with the ability to work effectively in a team environment.

It would be great if you also had:

• Bilingualism (English and French).
• A relevant certification such as CISSP, CISM, Microsoft Certified: Security, Compliance, and Identity Fundamentals, and Azure Security Engineer Associate.

Posting closing date: Note, the competition will remain active until filled.

Our commitment to diversity, equity, and inclusion

We’re committed to employment equity and encourage women, Indigenous Peoples, persons with disabilities, veterans and persons of all races, ethnicities, religions, abilities, sexual orientations, and gender identities and expressions to apply. We also welcome applications from non-Canadians who are eligible to work in Canada.

CMHC is an inclusive workplace where diversity of thought – and of people – are recognized, valued, and considered essential to achieving our mission.

Learn more about our commitment to diversity and inclusion

What happens after you apply

We know that applying for a new job can be both exciting and daunting, and we appreciate your effort. Learn more about our hiring process. If you are selected for an interview or testing, please advise us if you require an accommodation.

If you applied before and you were not successful, don’t worry – we're always posting new positions, so don’t hesitate to give it another shot. We’re excited to see what you bring to the table this time around!