Head Information Security (CISO) / Chef, Sécurité de l'information (RSSI)

Description de poste

Job Requisition ID : 10721

Position Status : Permanent Full Time

Position Type : Hybrid

Office Location : Ottawa (ON) preferred, Montreal (QC) and Toronto (ON) will be considered

Travel Requirement : Travel not required

Language Skill Levels (Read / Write / Speak) : CBC

Security Requirement : Secret

Salary : Our salaries generally range from $196,189.50 to $235,427.40 and are based on qualifications and experience.

À propos de CMHC

The work you do and the work we do together matters. We come to work every day with a common purpose: to contribute to a well-functioning housing system.

At CMHC, we hold ourselves accountable for our results and support our colleagues in their achievements. We thrive on collaboration, connecting across CMHC and involving the right people to get our work done. We have flexibility in how, when, and where we work, within the boundaries of the business needs and the nature of your role. Our leadership style is guided by trust, where our leaders favour an adaptive approach based on the needs of their teams.

Join us and be part of a team that's committed to making a real difference and be part of something meaningful.

Ce que nous offrons

We’ve got the purpose, the people and the perks you need for a fulfilling career. Here’s the comprehensive and generous benefits you get when you’re a permanent employee:

• Annual paid vacation.
• Annual individual performance incentive.
• Comprehensive group insurance plan to support your well-being from day one.
• Support towards your personal and professional growth with training, mentorship, and more.
• An inclusive workplace culture and environment.
• While positions at CMHC require some in-office presence, alternative work arrangements may be considered for Indigenous candidates.

À propos du rôle

Reporting to the SVP Technology and Business Transformation, the Head Information Security (CISO) is a critical role in providing strategic leadership and oversight for CMHC's global security posture. This position oversees the protection of the organization’s information assets, physical and virtual infrastructure, and operations against an evolving threat landscape. The incumbent is responsible to develop and implement a security strategy, governance framework, and operational plan that align with CMHC's vision, mission, and values and risk appetite. The Head, Information Security (CISO) also manages security risks, ensures compliance with security standards and regulations, communicates, and promotes a security culture, and fosters strategic partnerships with internal and external stakeholders.

Ce que vous ferez :

Stratégie et gouvernance :

• Create, manage and maintain CMHC’s information security strategy and governance framework (including cybersecurity) to be a unified, flexible and risk-based approach aligned with CMHC’s overall business objectives, ensure it continues to evolve and remain compliant with global laws, standards and regulations compliance requirements and in adoption of the cybersecurity framework (ISO) 2700X, ITIL, National Institute of Standards and Technology (NIST) Cybersecurity Framework.
• Lead and develop objectives, priorities, operational business plans, policies and standards to reflect industry security leading best practices and oversee the audits and assessments to maintain the standards of CMHC’s security governance.
• Facilitate a cybersecurity governance structure governed by a cybersecurity steering committee/advisory board to manage and contain cybersecurity incidents/events to protect corporate IT assets, intellectual property, regulated data, and the company's reputation.
• Develop and provide regular reporting on the current status of the cybersecurity program to enterprise risk teams, senior business leaders and the board of directors as part of a strategic enterprise risk management program, thus supporting business outcomes.

Sécurité, gestion des urgences, gestion des risques et réponse aux incidents :

• Lead the strategic security and emergency planning prioritizing defence initiatives and providing oversight to the security and emergency management functions while monitoring the external threat environment for emerging threats.
• Identify, assess and mitigate information security risks across the organization and lead the response to security incidents by ensuring minimal business impact and that lessons learned are shared and implemented across teams.
• Oversee the analysis, design and deployment of the infrastructure security procedures and practices that enhance the integrity and privacy of the organization’s IT.

Partenariats et visibilité en matière de sécurité :

• Build and maintain strategic relationships with external partners, industry groups, and regulatory bodies, law enforcement and other advisory bodies to enhance CMHC’s visibility, security posture and keep abreast of the relevant threats.

Culture de la sécurité d'abord :

• Champion a security-first culture across the organization. Promote comprehensive security training programs for employees, partners, and stakeholders. Ensure comprehensive security management trainings and communications to elevate security awareness.

Ce que vous devriez avoir :

• An undergraduate degree in management information systems, information security, information technology, information systems management. An equivalent combination of education and/or experience can be considered.
• Thirteen (13) years of a combination of experience in information technology or information security roles, with at least 5 years in a senior leadership role.
• Experience with the framework of the financial regulations and guidelines of the Office of the Superintendent of Financial Institutions (OSFI), the compliance and integration of these standards into the organization’s security and risk management frameworks.
• Demonstrated experience identifying cyber vulnerabilities and devising solutions for risk improvement.
• The knowledge of current trends and best practices in threat risk assessment, vulnerability assessment, redundancy and disaster recovery practices.
• The knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework.
• Sound knowledge of business management and a working knowledge of cybersecurity risk management and cybersecurity technologies.
• Superior written and oral communication skills (French and English). Ability to deliver a persuasive, clear presentation of ideas that will convince others and gain acceptance of proposals in a variety of settings and styles to a variety of stakeholders (senior management in particular).

Ce serait bien si vous aviez également :

• One of the following certifications: Global Information Assurance Certification (GIAC), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Privacy Professional (CIPP), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA) or System Administration, Networking and Security (SANS).
• Experience with contract and vendor negotiations and working with outsourcing partners.

Posting closing date: Note, the competition will remain active until filled.

Notre engagement envers la diversité, l'équité et l'inclusion

We’re committed to employment equity and encourage women, Indigenous Peoples, persons with disabilities, veterans and persons of all races, ethnicities, religions, abilities, sexual orientations, and gender identities and expressions to apply. We also welcome applications from non-Canadians who are eligible to work in Canada.

CMHC is an inclusive workplace where diversity of thought – and of people – are recognized, valued, and considered essential to achieving our mission.

We know that applying for a new job can be both exciting and daunting, and we appreciate your effort. If you are selected for an interview or testing, please advise us if you require an accommodation.

If you applied before and you were not successful don’t worry – we're always posting new positions, so don’t hesitate to give it another shot. We’re excited to see what you bring to the table this time around!

J-18808-Ljbffr