Sector : Information Technology
Language Designation : Bilingual
Language Skill Levels (Read / Write / Speak) : CBC
Position Status : Permanent Full Time
We’re not your typical government agency
Canada Mortgage and Housing Corporation (CMHC) exists for a single reason : to make housing affordable for everyone in Canada.
We’re mobilizing the expertise and energy of governments, non-profits, lenders, developers, social entrepreneurs and co-ops to create the future of housing.
At CMHC, we believe that everyone in Canada should have a place to call home.
Experience a Results-Only Work Environment™ (ROWE™)
At CMHC, we trust you to get the job done. We’ve shifted from managing people to managing work. Each employee is 100% autonomous and 100% accountable.
You can choose where you need to be and when you need to be there to meet your objectives. You’re in control of your time and are trusted to make the right decisions.
This position reports to the Chief Information Officer This team leads our digital transformation to accelerate housing affordability.
About the role
We’re constantly evolving to build an inclusive housing system through research, design, innovation and partnerships. This position requires a visionary leader with sound knowledge of business management and security techniques and technologies covering the corporate infrastructure as well as the broader digital ecosystem.
You will build and promote a strong culture of IT risk and security management, monitor and control deficiencies and compliance, and develop IT operating procedures and internal controls.
You will have a strong enterprise-wide mindset that places IT security at the forefront of its strategy and operations and provide direction and oversight to service partners regarding IT security.
You will take a strategic approach and consider industry best practice, the CMHC specific context as well as the external threat environment in order to make decisions and develop the appropriate investment and position in security.
You will also make broad decisions in a context in which the negative impact of poor decisions could be significant for CMHC, leading to severe operational, financial and reputational impact.
This will help us make housing affordable for everyone in Canada.
What you will need
Undergraduate degree in management information systems, information security, information technology, information systems management or related field or discipline.
Minimum of thirteen years of relevant experience in security management positions with increasing responsibilities.
Minimum of five years of demonstrated experience managing staff.
Demonstrated experience leading and communicating security management strategies for a large organization.
Demonstrated experience identifying IT vulnerabilities and devising solutions for risk improvement.
Demonstrated experience developing, implementing and evaluating security management standards and procedures in multiple platforms.
Knowledge of current trends and best practices in threat and risk assessment and vulnerability assessment.
Knowledge of redundancy and disaster recovery practices.
Superior written and oral communication skills. Ability to deliver a persuasive, clear presentation of ideas that will convince others and gain acceptance of proposals in a variety of settings and styles to a variety of stakeholders (senior management in particular)
Related certifications, such as Global Information Assurance Certification (GIAC), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Privacy Professional (CIPP), Certified Information Systems Auditor (CISA) or System Administration, Networking and Security (SANS) would be considered an asset.
What you will be doing
Supports CMHC’s three lines of defense, and is accountable for the model’s 1b responsibilities. Oversees IT security, including ongoing monitoring and intelligence gathering, identification and management of security events / incidents, leading security projects and planning, setting cyber security objectives, and ensuring that security training and communications are provided to CHMC staff and partners.
Ensures that the IT organization and its services are compliant with relevant regulatory, legal and policy requirements (including but not limited to OSFI requirements, ISO 27001 security framework and Government of Canada policies and internal controls).
Ensures that IT operates to consistent quality standards with minimal risk to the business and that opportunities to enhance security in services and processes are identified and actioned across all elements of the IT delivery life cycle, including projects.
Oversees the implementation of technical standards and manages IT controls fundamental to the security (including cyber security) and monitoring of the enterprise.
Leads strategic security planning, including prioritizing defense initiatives and providing oversight to the security management functions.
Establishes security management objectives and plans, including cyber security objectives.
Monitors security management trends and issues, including current and emerging technologies and threats.
Leads the response to identified security management events and incidents.
Interacts and engages with the Management Committee level of the organization in order to understand the environment and make the appropriate recommendations and decisions to protect the Corporation’s interests while ensuring that the business continues to operate effectively.
Develops and communicates security management strategies and plans to executive team, staff, partners, customers and stakeholders.
Oversees the analysis, design and deployment of infrastructure security procedures and practices that enhance the integrity and privacy of the organization’s IT.
Ensures that security management training and communications are provided to increase security awareness within CMHC and with partners.
Implements policies and standards consistent with the security management goals of CMHC.
Recommends and implements changes in security management policies and practices in accordance with changes in law, through business relationship managers, the Partner Relationship Management Lead and leadership functions.
Oversees the escalation of IT security weaknesses / threats to senior management and their mitigation in partnership with the associated division or partners.
Works with and provides direction and oversight to service providers / partners regarding security management.
Leads the Security division by determining the division's goals, objectives and priorities, preparing operational and business plans, and developing related policies and standards.
Develops, maintains and enhances processes in their domains, and stays informed of industry leading practices and innovations and foresees their potential applications and implications for CMHC and its external clients.
Manages the division’s financial and human resources.
Directs, in collaboration with their teams, the operations of the division.
Establishes objectives, priorities and plans; identifies human resource requirements; approves the operational allocation of staff;
and ensures adherence to corporate human resources, financial and IT policies and standards.
Provides direction and mentorship to assigned managers and team members, as appropriate, towards the effective resolution of various issues.
Oversees the development of a divisional IT Human Resources Plan to meet current and future business needs, including training and development initiatives.
Plans, controls and manages the financial resources for the division, which includes developing budget submissions, preparing cost-benefit analysis reports, administering salary and operating budgets, allocating and reallocating funds between budgets, conducting financial planning / forecasting for short and long-term planning purposes, and authorizing all division expenditures.
Job Requisition ID : 4502
Primary Location : Ottawa , Ontario
Other Location(s) :
Security Requirement : Secret
Travel Requirement : Occasional
We sincerely thank all candidates for their interest, however, please note that only those applicants selected for further consideration will be contacted.
CMHC is an employer that values diversity and encourages the learning and use of both Canada's official languages. CMHC is committed to employment equity and actively encourages application from women, Indigenous people, persons with disabilities and visible minorities
If selected for an interview or testing, please advise us if you require an accommodation.