Share this Job

Analyst, IT Security and Risk (Ottawa, Toronto or Montreal)

Job Requisition ID: 8935  

Language Designation: English Essential 

Language Skill Levels (Read/Write/Speak): ZZZ 

Position Status: Permanent Full Time 

Travel Requirement: Occasional 

Office Location: Ottawa (ON); Montreal (QC); Toronto (ON)

Salary: Our salaries generally range from $ 56529.25 to $ 70661.56 and are based on qualifications and experience. 


At CMHC, we trust you to get the job done. We empower our employees to be fully autonomous and accountable in achieving their results. Employees focus on how they achieve results rather than when and where they choose to work.


Here are some of the reasons why we were chosen as one of Canada's top employers:


  • Enjoy 5 weeks of vacation;
  • An annual individual performance bonus;
  • Defined benefit pension plan;
  • Comprehensive group insurance to support your well-being from day one;
  • Access to a catalogue of courses for individual learning;
  • An inclusive workplace culture and environment with multiple Employee Resource Groups and much more!



Help make a difference for Canadians. CMHC’s aspiration is that by 2030, everyone in Canada has a home that they can afford and that meets their needs. All of our programs and activities support this singular goal.
Be part of an inclusive workplace. Diversity and Inclusion guides everything we do at CMHC. We’re taking concrete actions to eradicate racism and advance equity within CMHC and the housing system.

Join the Security Team where you will assist with developing and delivering a risk-managed, cybersecurity program. The candidate will be involved in defining and managing cyber risks, resolving current and emerging threats, and using your passion to protect CMHC’s internal and external IT environments. You will be part of a team that manages complex issues in a timely manner to identify risks, events and incidents, including security-related events, assess risks and vulnerabilities, as well as applying the appropriate escalation and reporting requirements. 

  • Assist with the assessment of security risk events by gathering evidence to analyze and investigate the potential impacts to the entire corporation from these events. 
  • Conduct research to stay abreast of security technologies and the impact of new technologies on security. 
  • Develop and maintain a Cybersecurity risk monitoring and incident management protocol to quickly identify and flag current and evolving threats. 
  • Assist in the implementation of security improvements by assessing current situations, evaluating trends and anticipating requirements. 
  • Maintain and test security processes, procedures and practices to protect and safeguard against security breaches. 
  • Identifies security issues and assist in designing solutions for any existing gaps to ensure security principles, policies, practices and customer’s expectations are met. 
  • Performing research on emerging security threats, vulnerabilities, trends and industry standards and provision of actionable strategies to address any CMHC-specific risks 
  • Respond to client requests and research solution options. 
  • Assist with security threat and vulnerability analysis, security testing, security audits and incident response. 

Minimum Qualifications: 

  • Undergraduate degree or College Diploma in a related field such as risk management, business, finance, and information management preferred. A combination of security related experience and education would also be accepted. 
  • Minimum of 1 year of experience in information/cyber security. 
  • Knowledge of Risk Assessment and Risk Management 
  • Knowledge of standards such as NIST CSF, SP 800-53, ITSG-33, ISO 27001, OSFI B13. 
  • Knowledge of security technologies such as identity management, computer forensics, application security and network security technologies. 
  • Knowledge of IT or network operations. 
  • Good communication, facilitation and presentation skills. 
  • Good influencing, negotiating, critical thinking skills. 
  • Ability to establish and maintain effective working relationships. 

Preferred Qualifications:

  • Successful completion of an IT security certification would be considered an asset. 
  • Bilingualism (French and English).
  • Financial services background.


Posting closing date: Note, the competition may remain active until filled.



On June 14, 2022, the Government of Canada announced that as of June 20, 2022, it will suspend vaccination requirements for federal government employees.  This decision followed a review of the current public health situation, including the evolution of the virus and vaccination rates in Canada. As a result, and consistent with the Government of Canada decision, CMHC has suspended its Vaccination Policy, effective June 20, 2022.  


As a result, at this time, CMHC does not require employees to be fully vaccinated as a condition of employment.  CMHC will continue to monitor the public health situation and may at any time make adjustments and adopt or reintroduce measures, including mandatory vaccination, attestation and verification requirements. Any such vaccination measures, as updated from time to time, shall form a term and condition of your employment at CMHC.


CMHC is an inclusive workplace where diversity of thought – and of people – are recognized, valued, and considered essential to achieving our aspiration.
We are committed to employment equity and actively encourage applications from women, Indigenous Peoples, persons with disabilities, veterans and persons of all races, ethnicities, religions, abilities, sexual orientations, and gender identities and expressions. We also welcome applications from non-Canadians who are eligible to work in Canada.
We sincerely thank all candidates for their interest, however, please note that only applicants selected for further consideration will be contacted. If selected for an interview or testing, please advise us if you require an accommodation.