Senior Manager, Information Security Governance and Risk Management

About CMHC

The work you do and the work we do together matters. We come to work every day with a common purpose: to contribute to a well-functioning housing system.

At CMHC, we hold ourselves accountable for our results and support our colleagues in their achievements. We thrive on collaboration, connecting across CMHC and involving the right people to get our work done. Our leadership style is guided by trust, where our leaders favour an adaptive approach based on the needs of their teams.

Join us and be part of a team that's committed to making a real difference and be part of something meaningful.

What’s in it for you

We’ve got the purpose, the people and the perks you need for a fulfilling career. Here’s the comprehensive and generous benefits you get when you’re a permanent employee:

• Annual Paid vacation.
• Annual individual performance incentive.
• Defined benefit pension plan.
• Comprehensive group insurance plan to support your well-being from day one.
• Support towards your personal and professional growth with training, mentorship and more. 
• An inclusive workplace culture and environment.

About the role
Join the security team, in the Senior Manager Information Security Governance and Risk Management position, where your expertise in governance and cyber risk management will make a difference. Here, you build, influence, and protect. Your ideas matter: your experience directly contributes to safeguarding the organization’s digital future.

What you’ll do:

• Lead a team of risk specialists, tackle real challenges, and propose solutions aligned with business priorities.
• Inform and advise leadership: risk analyses, recommendations, solution management, and action plans for remediation.
• Alternate between mitigation strategies, regulatory alignment (OSFI B-13, NIST, ITSG-33), and team coaching.
• Participate in audits, drive adoption of best practices, and stay ahead of evolving threats.
• Be the trusted advisor who turns complexity into actionable plans for the CISO.
• Support and assist the CISO in resolving and monitoring compliance issues.
• Be responsible for growing the security team.
• Represent the Information Security Office and influence the entire organization.

What you should have:

• 3+ years of direct experience in cybersecurity management.
• 5 to 10 years working within IT operations, security, or risk teams.
• Experience in a regulated sector (financial, government, etc.): an asset.
• Mastery of security frameworks (NIST, OSFI B-13, CIS, etc.).
• Recognized leadership, clear communication, ability to simplify complex topics.
• Preferred certifications: CISSP, CCSP, GIAC, or equivalent.

Posting closing date: Note, the competition will remain active until filled.  

Our commitment to diversity, equity, and inclusion 

We’re committed to employment equity and encourage women, Indigenous Peoples, persons with disabilities, veterans and persons of all races, ethnicities, religions, abilities, sexual orientations, and gender identities and expressions to apply. We also welcome applications from non-Canadians who are eligible to work in Canada.

CMHC is an inclusive workplace where diversity of thought – and of people – are recognized, valued, and considered essential to achieving our mission.

Learn more about our commitment to diversity and inclusion 

What happens after you apply 

We know that applying for a new job can be both exciting and daunting, and we appreciate your effort. Learn more about our hiring process.  If you are selected for an interview or testing, please advise us if you require an accommodation.

If you applied before and you were not successful don’t worry – we're always posting new positions, so don’t hesitate to give it another shot. We’re excited to see what you bring to the table this time around!