Senior Specialist, IT Security Risk Management

Job Requisition ID: 11493

Sector: Technology and Business Transformation

Position Status: Permanent Full Time

Position Type: Hybrid

Office Location: Montreal (QC); Ottawa (ON)

Language Designation: English Essential

Language Skill Levels (Read/Write/Speak): ZZZ

Travel Requirement: Limited

Security Requirement: Secret

Salary Range: $101,639.30 to $127,049.13

About CMHC

The work you do and the work we do together matters. We come to work every day with a common purpose: to contribute to a well-functioning housing system.

At CMHC, we hold ourselves accountable for our results and support our colleagues in their achievements. We thrive on collaboration, connecting across CMHC and involving the right people to get our work done. Our leadership style is guided by trust, where our leaders favour an adaptive approach based on the needs of their teams.

Join us and be part of a team that’s committed to making a real difference and be part of something meaningful.

We’ve got the purpose, the people and the perks you need for a fulfilling career. Here’s the comprehensive and generous benefits you get when you’re a permanent employee:

• Annual Paid vacation.
• Annual individual performance incentive.
• Defined benefit pension plan.
• Comprehensive group insurance plan to support your well-being from day one.
• Support towards your personal and professional growth with training, mentorship and more.
• An inclusive workplace culture and environment.

The Senior Specialist, IT Security & Risk Management is responsible for developing, implementing, and maintaining security policies, controls, and risk management practices that safeguard the organization’s information systems. This role works closely with cross-functional teams to assess threats, respond to incidents, ensure regulatory compliance, and enhance the overall cybersecurity maturity of the organization.

Security Governance & Compliance

• Develop and maintain IT security policies, standards, and procedures.
• Support compliance initiatives (e.g., ISO 27001, NIST, PCI-DSS, SOC 2, privacy regulations).
• Conduct regular security audits and risk assessments.
• Prepare documentation for internal and external audits.

Risk Management

• Lead risk assessments to identify gaps in systems, processes, and technologies.
• Maintain the enterprise IT risk register and track remediation activities.
• Provide recommendations to reduce risks and strengthen controls.

Security Operations & Incident Response

• Monitor security alerts, investigate incidents, and coordinate response activities.
• Work with IT teams to ensure timely patching, vulnerability remediation, and system hardening.
• Support endpoint, network, cloud, and identity security initiatives.

Technology & Project Support

• Participate in the security review of new systems, applications, and vendor solutions.
• Assess third-party security risks and support procurement due diligence.
• Provide expert guidance on secure architecture and security-by-design practices.

Awareness & Training

• Contribute to cybersecurity awareness programs and training activities.
• Provide guidance to employees on best practices for protecting information assets.

What you should have

• Bachelor’s degree in Information Security, Computer Science, or related field.
• 5–8 years of experience in IT security, risk management, or related roles.
• Certifications such as CISSP, CISM, CRISC, or ISO 27001 Lead Implementer (an asset).
• Strong understanding of security frameworks (NIST CSF, ISO 27001), cloud security, and risk methodologies.
• Experience with SIEM, vulnerability management tools, EDR, IAM, and cloud environments (Azure).
• Excellent analytical, communication, and problem-solving skills.

Posting closing date: Note, the competition will remain active until filled.

Our commitment to diversity, equity, and inclusion

We’re committed to employment equity and encourage women, Indigenous Peoples, persons with disabilities, veterans and persons of all races, ethnicities, religions, abilities, sexual orientations, and gender identities and expressions to apply. We also welcome applications from non-Canadians who are eligible to work in Canada.

CMHC is an inclusive workplace where diversity of thought – and of people – are recognized, valued, and considered essential to achieving our mission.

What happens after you apply

We know that applying for a new job can be both exciting and daunting, and we appreciate your effort. Note, the hiring process details will be provided after application. If you are selected for an interview or testing, please advise us if you require an accommodation.

If you applied before and you were not successful don’t worry – we’re always posting new positions, so don’t hesitate to give it another shot. We’re excited to see what you bring to the table this time around!