Share this Job

Specialist, Technology Risk and Assurance (Anywhere in Canada)

Job Requisition ID: 8446  

Language Designation: English Essential 

Language Skill Levels (Read/Write/Speak): ZZZ 

Starting Base Salary: 78657.14 

Position Status: Permanent Full Time 

Travel Requirement: Travel not required 

Office Location: Ottawa (ON); Calgary (AB); Halifax (NS); Montreal (QC); Toronto (ON); Vancouver (BC)


At CMHC, we trust you to get the job done. We empower our employees to be fully autonomous and accountable in achieving their results. Employees focus on how they achieve results rather than when and where they choose to work.


Here are some of the reasons why we were chosen as one of Canada's top employers:

  • Enjoy 5 weeks of vacation;
  • An annual individual performance bonus;
  • Defined benefit pension plan;
  • Comprehensive group insurance to support your well-being from day one;
  • Access to a catalogue of courses for individual learning;
  • An inclusive workplace culture and environment with multiple Employee Resource Groups and much more!


Help make a difference for Canadians. CMHC’s aspiration is that by 2030, everyone in Canada has a home that they can afford and that meets their needs. All of our programs and activities support this singular goal.
Be part of an inclusive workplace. Diversity and Inclusion guides everything we do at CMHC. We’re taking concrete actions to eradicate racism and advance equity within CMHC and the housing system.

Bring your analytical skills and your risk management/audit expertise to this Risk Specialist position.


Internal movement has created (1) permanent opening within the Information & Technology (IT) Risk and Compliance team. As the Risk Specialist you will be responsible for assessing and interpreting data to determine the level of risk and other indicators of risk, ensuring the Risk Management Framework is aligned with CMHC’s operations and technology, reviewing Audit's schedule and their findings, and recommending actions to fill any observed gaps. You will also be promoting a culture of risk awareness and providing training in risk management (i.e. internal and external control procedures and risk mitigation practices).




•  Developing action plans that addresses all upcoming activities, oversight and/or audit findings and gaps and monitors progress against action plans (including purpose, scope, timelines, etc.). 
•  Planning and executing various tasks such as: risk assessments, risk event reporting, control testing, security standard maturity assessments, deficiency identification and remediation, risk training, corporate and sector specific business continuity planning, lender attestations, compliance attestations and risk scenario analysis.
•  Assessing preparedness and ensuring cross-section coordination of business continuity plans for the sector.
•  Creating and implementing analytical models for risk assessment, including the assessment and interpretation of data to determine risk concentration. 
•  Reviewing draft oversight and/or audit reports/recommendations, obtaining feedback and completing a reconciliation report of recommendations. 
•  Providing risk management expertise for the ongoing maintenance and enhancement of business systems, technologies and processes.
•  Assisting in the development and implementation of risk-based process within CMHC's Risk Management Framework.
•  Conducting research on best practices and recommend changes to current risk policies, procedures, standards and guidelines.  
•  Communicating and collaborating with other oversight functions on results of risk management activities within the sector.


Minimum Qualifiactions: 


•  A commitment to demonstrating CMHC’s values.
•  Bachelor’s degree preferably in Computer Science, Management Information Systems, Finance, Business Administration, Commerce, or in a related field.
•  Minimum five (5) years of increasing responsibilities and relevant work experience in Risk and/or Audit. An equivalent combination of related education and work experience may be considered.
•  Demonstrated experience in assessing and reviewing governance, work processes, controls and/or risk management, including IT General Controls testing.
•  Demonstrated work experience and skills in providing strategic risk advice, recommendations, guidance and services to senior management on highly complex risk through presentations, reports, and briefings.
•  Experience and/or knowledge within one or more of the following risk domains: Audit management, Risk management, Compliance management, Cybersecurity; Cloud technologies; Business continuity management and disaster recovery; Data governance and information management; and Vendor management.
•  Knowledge of operational risk management framework, risk management policy development and knowledge of internal control concepts and frameworks.
•  Familiarity with common security standards and regulations (ISO 27001, ISO 27001 SOX, PIPEDA/GDPR, CCPA, COBIT, NIST 800-53 and SOC2 reporting) is desired but expertise will be preferred.
•  Strong analytical, problem solving, and project management skills with the ability to undertake complete multiple, concurrent tasks.
•  Strong oral and written communication skills, including the ability to deliver professional advice or direction or present opinions and recommendations to a variety of audiences (technical and non-technical).
•  Bilingualism (English and French).


Preferred qualifications: 

•  Professional designation in Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Security Professional (CISSP), Certified in the Governance of Enterprise IT (CGEIT), Professional Accounting (CPA), Certified Internal Auditor (CIA) or other relevant licence, designation, or certificate.
•  Demonstrated experience in working for financial institutions or insurance industries.


Posting closing date: Note, the competition may remain active until filled.



On June 14, 2022, the Government of Canada announced that as of June 20, 2022, it will suspend vaccination requirements for federal government employees.  This decision followed a review of the current public health situation, including the evolution of the virus and vaccination rates in Canada. As a result, and consistent with the Government of Canada decision, CMHC has suspended its Vaccination Policy, effective June 20, 2022.  


As a result, at this time, CMHC does not require employees to be fully vaccinated as a condition of employment.  CMHC will continue to monitor the public health situation and may at any time make adjustments and adopt or reintroduce measures, including mandatory vaccination, attestation and verification requirements. Any such vaccination measures, as updated from time to time, shall form a term and condition of your employment at CMHC.


CMHC is an inclusive workplace where diversity of thought – and of people – are recognized, valued, and considered essential to achieving our aspiration.
We are committed to employment equity and actively encourage applications from women, Indigenous Peoples, persons with disabilities, veterans and persons of all races, ethnicities, religions, abilities, sexual orientations, and gender identities and expressions. We also welcome applications from non-Canadians who are eligible to work in Canada.
We sincerely thank all candidates for their interest, however, please note that only applicants selected for further consideration will be contacted. If selected for an interview or testing, please advise us if you require an accommodation.