Specialist, Data Protection & Access

About CMHC

The work you do and the work we do together matters. We come to work every day with a common purpose: to contribute to a well-functioning housing system.

At CMHC, we hold ourselves accountable for our results and support our colleagues in their achievements. We thrive on collaboration, connecting across CMHC and involving the right people to get our work done. Our leadership style is guided by trust, where our leaders favour an adaptive approach based on the needs of their teams.

Join us and be part of a team that's committed to making a real difference and be part of something meaningful.

What’s in it for you

We’ve got the purpose, the people and the perks you need for a fulfilling career. Here’s the comprehensive and generous benefits you get when you’re a permanent employee:

• Annual Paid vacation.
• Annual individual performance incentive.
• Defined benefit pension plan.
• Comprehensive group insurance plan to support your well-being from day one.
• Support towards your personal and professional growth with training, mentorship and more. 
• An inclusive workplace culture and environment.
• While positions at CMHC require some in-office presence, alternative work arrangements may be considered for Indigenous candidates. 

About the role

Join the IT Security Team, in the Specialist, Data Protection & Access position. The successful candidate will provide expert guidance to interpret and operationalize security and data protection standards.  This role is accountable for ensuring the consistent and effective application of data protection and access controls across assigned systems, platforms, and datasets, identifying data access scenarios, applying established requirements, and escalating where clarification is needed. This position helps safeguard sensitive and regulated data while reducing the risk of unauthorized access, misuse, and non-compliance.

What you’ll do:

• Interpret and apply data access policies, classification requirements, and governance standards to configure appropriate access controls for assigned systems and datasets.
• Assess access requests, models, and authorization structures to ensure least-privilege alignment, business justification, and regulatory requirements are met.
• Execute and oversee periodic data access reviews, investigate inappropriate or excessive access, and drive remediation within defined authority.
• Resolve complex or non-standard data access scenarios through policy interpretation, escalating issues that require risk-based decisions.
• Apply and maintain data protection controls based on classification, regulatory obligations, and organizational standards, including secure handling, storage, retention, and data sharing.
• Provide implementation-level guidance to system owners and data users to ensure consistent operational adherence to data protection and governance requirements.
• Produce and maintain reporting, documentation, and audit-ready evidence, and support investigations, privacy assessments, and compliance reviews.
• Contribute to continuous improvement by identifying control gaps and recurring issues, recommending enhancements, and maintaining current knowledge of evolving data protection and privacy requirements.

What you should have:

• A bachelor’s degree in Information Technology, Information Management, Information Security, or a related field, or equivalent experience.
• Relevant certification required or in progress (e.g., Security+, data governance, privacy, or information security certification).
• A minimum of 5 years of experience in data protection, information management, privacy, or information security roles.
• Demonstrated experience administering and enforcing data access and data protection controls in an operational environment.
• Strong analytical, documentation, and issue resolution skills.
• The ability to apply policies and standards consistently and exercise judgment within defined frameworks.

Posting closing date: Note, the competition will remain active until filled. 

Standby and Call Back duties are a requirement of this position and will be subject to CMHC policies, including the Standby and Call Back Pay Procedure.

Our commitment to diversity, equity, and inclusion 

We’re committed to employment equity and encourage women, Indigenous Peoples, persons with disabilities, veterans and persons of all races, ethnicities, religions, abilities, sexual orientations, and gender identities and expressions to apply. We also welcome applications from non-Canadians who are eligible to work in Canada.

CMHC is an inclusive workplace where diversity of thought – and of people – are recognized, valued, and considered essential to achieving our mission.

Learn more about our commitment to diversity and inclusion 

What happens after you apply 

We know that applying for a new job can be both exciting and daunting, and we appreciate your effort. Learn more about our hiring process.  If you are selected for an interview or testing, please advise us if you require an accommodation.

If you applied before and you were not successful don’t worry – we're always posting new positions, so don’t hesitate to give it another shot. We’re excited to see what you bring to the table this time around!