Job Requisition ID: 11634

Position Status: Permanent Full Time

Position Type: Hybrid

Office Location: Montreal (QC); Ottawa (ON)

Travel Requirement: Occasional

Language Designation: Bilingual

Language Skill Levels (Read/Write/Speak): CBC

Security Requirement: Secret

Salary: Our salaries generally range from $ 101639.30 to $ 127049.13 and are based on qualifications and experience.

About CMHC

The work you do and the work we do together matters. We come to work every day with a common purpose: to contribute to a well-functioning housing system.

At CMHC, we hold ourselves accountable for our results and support our colleagues in their achievements. We thrive on collaboration, connecting across CMHC and involving the right people to get our work done. Our leadership style is guided by trust, where our leaders favour an adaptive approach based on the needs of their teams.

Join us and be part of a team that's committed to making a real difference and be part of something meaningful.

What’s in it for you

We’ve got the purpose, the people and the perks you need for a fulfilling career. Here’s the comprehensive and generous benefits you get when you’re a permanent employee:

• Annual Paid vacation.
• Annual individual performance incentive.
• Defined benefit pension plan.
• Comprehensive group insurance plan to support your well-being from day one.
• Support towards your personal and professional growth with training, mentorship and more.
• An inclusive workplace culture and environment.

About the role
Join the Technology and Business Transformation Team, in the Manager, Security Architecture Advisory position. The Manager leads a team of security architecture consultants whose mission is to support the Vice-President of IT's team in integrating security requirements and controls into projects and technology solutions. The incumbent ensures that security is built into every stage of design (“secure by design”) by guiding project teams, enterprise architects and application owners in identifying risks, defining security criteria and formalizing appropriate mitigation measures.

By focusing on cybersecurity risks, regulatory compliance and emerging threats, the incumbent helps the organization achieve its security objectives. The incumbent plays an influential role with the enterprise architecture, application development and risk governance teams to ensure the consistency, integration and alignment of security requirements across all major initiatives. They oversee specialized experts (in cryptography, development, networking, etc.) and manage critical or mission-driven project portfolios, directly contributing to the organization’s overall security posture (B-13/OSFI).

What you’ll do:

IT Project Support

• Provide early-stage support for IT projects to identify security requirements and define appropriate controls, acting as an organizational influencer and advisor to the enterprise architecture, development and risk governance teams.

• Lead a portfolio of high-value or high-risk projects, ensuring consistent and compliant security practices across all major Vice-President of IT team initiatives.

• Advise on all IT-related projects to ensure they do not introduce additional risk and comply with security requirements.

• Oversee and validate the analysis, technical design and documentation of security architecture deliverables, including recommendations, requirement matrices, risk assessments, architecture models and mitigation measures.

• Participate in steering or executive committees, offering strategic support during key decisions or major IT security incidents.

• Collaborate with multidisciplinary teams to integrate security measures and promote compliance with cybersecurity best practices.

• Represent the Security team in meetings, reviews and discussions to provide specialized cybersecurity oversight and guidance.

• Ensure all projects and initiatives comply with internal security standards, regulatory requirements and the organization’s risk appetite prior to production deployment.

Internal Policies and Recognized Frameworks

• Ensure alignment with internal policies and recognized frameworks (based on NIST and compliant with B-13, ITSG-33/38).

• Draft position papers, advisories, standards and secure architecture templates for project teams.

• Provide strategic recommendations to strengthen the organization’s cybersecurity posture.

• Promote collaboration and communication across teams and projects to adopt a unified cybersecurity approach.

• Communicate cybersecurity strategies and initiatives to organizational stakeholders.

• Collaborate with other divisions in an advisory capacity to ensure a consistent approach to cybersecurity.

Expertise and Advisory Support

• Provide expertise and advisory support in the development of IT solutions and projects.

• Work closely with enterprise architecture, IT teams, application owners and governance functions to ensure consistent security across projects.

• Support continuous improvement of security practices through consulting, feedback and regulatory or technology watch.

• Work closely with the Head, Information Security, to harmonize security practices across projects.

• Serve as a trusted advisor to the Head, Information Security, providing leadership on industry trends, regulatory developments and strategic opportunities to enhance cybersecurity risk mitigation and posture.

• Work with the Manager, Cybersecurity Risk Assessment, and other operational teams to ensure tactical efforts align with the overall security vision and priorities.

• Oversee progress on key initiatives, ensuring milestones are achieved and adjustments align with organizational objectives. Provide regular updates to the Head, Information Security.

People Leadership (Human Relations Skills)

• Set goals and manage performance for a team of cybersecurity specialists and consultants with diverse expertise (cryptography, development, networking, identity management and so on).

• Support team members in selecting appropriate training programs to develop their skills.

• Evaluate team members against annual objectives, promoting autonomy, accountability and a culture of learning and performance management.

• Support the Chief Information Security Officer in administrative and managerial functions.

• Coach team members on managing innovation and change within projects.

• Handle escalations and requests for advanced expertise on complex project issues.

• Support Agile practices within the information security office.

• Foster the use of both official languages in the workplace and implement practices that promote an inclusive, healthy and harassment-free environment.

Expected Outcomes

• Embed the “secure by design” mindset across projects through proactive advisory activities.

• Ensure cybersecurity principles and best practices are seamlessly integrated into IT projects, operational initiatives and system design.

• Maintain alignment with regulatory compliance, organizational risk appetite and internal security standards.

• Facilitate cross-functional collaboration between IT, business stakeholders and cybersecurity teams to build a unified security strategy.

• Provide expert advice on project-related security risks, ensuring compliance and secure deployments into production environments.

• Lead and oversee key cybersecurity initiatives, ensuring timely execution and alignment with the organization’s long-term security goals.

What you should have:

• Bachelor’s degree in cybersecurity, computer security, information systems security, computer science, risk management or a related field.

• Minimum of seven years of experience overseeing and leading cybersecurity teams.

• Significant experience in team management, consulting and the delivery or oversight of IT or cybersecurity projects.

• Ability to advise executives, manage performance and oversee budgets.

• Proven skills in communication, change management and cross-functional governance.

• Familiarity with information classification programs and organizational procedures in case of data compromise.

• Understanding of risk management methodologies, including risk assessment and mitigation.

• Strong understanding of the operational impact of cybersecurity breaches.

• Excellent communication skills with the ability to present technical risk assessments and mitigation strategies effectively.

It would be great if you also had:

• Knowledge of security frameworks (NIST, B-13, ITSG-33/38 and so on).

• Experience or knowledge of recognized standards such as NIST CFC, ISO 27001/27002, ITSG-33, OSFI Guideline B-13 and CIS controls.

• GIAC Security Leadership Certification (GSLC), GIAC Critical Controls Certification (GCCC) or other relevant IT security credentials.

• Knowledge of Canadian laws, regulations and government cybersecurity standards.

• Training or private or academic certification in Agile methodologies.

Posting closing date: Note, the competition will remain active until filled.

Our commitment to diversity, equity, and inclusion

We’re committed to employment equity and encourage women, Indigenous Peoples, persons with disabilities, veterans and persons of all races, ethnicities, religions, abilities, sexual orientations, and gender identities and expressions to apply. We also welcome applications from non-Canadians who are eligible to work in Canada.

CMHC is an inclusive workplace where diversity of thought – and of people – are recognized, valued, and considered essential to achieving our mission.

Learn more about our commitment to diversity and inclusion

What happens after you apply

We know that applying for a new job can be both exciting and daunting, and we appreciate your effort. Learn more about our hiring process. If you are selected for an interview or testing, please advise us if you require an accommodation.

If you applied before and you were not successful don’t worry – we're always posting new positions, so don’t hesitate to give it another shot. We’re excited to see what you bring to the table this time around!