Job Requisition ID: 12063

Position Status: Permanent Full Time

Position Type: Hybrid

Office Location: Montreal (QC); Ottawa (ON)

Travel Requirement: Limited

Language Designation: English Essential

Language Skill Levels (Read/Write/Speak): ZZZ

Security Requirement: Secret

Salary: Our salaries generally range from $ 86,816.59 to $ 108,520.74 and are based on qualifications and experience.

About CMHC

The work you do and the work we do together matters. We come to work every day with a common purpose: to contribute to a well-functioning housing system.

At CMHC, we hold ourselves accountable for our results and support our colleagues in their achievements. We thrive on collaboration, connecting across CMHC and involving the right people to get our work done. Our leadership style is guided by trust, where our leaders favour an adaptive approach based on the needs of their teams.

Join us and be part of a team that's committed to making a real difference and be part of something meaningful.

What’s in it for you

We’ve got the purpose, the people and the perks you need for a fulfilling career. Here’s the comprehensive and generous benefits you get when you’re a permanent employee:

• Annual Paid vacation.
• Annual individual performance incentive.
• Defined benefit pension plan.
• Comprehensive group insurance plan to support your well-being from day one.
• Support towards your personal and professional growth with training, mentorship and more.
• An inclusive workplace culture and environment.
• While positions at CMHC require some in-office presence, alternative work arrangements may be considered for Indigenous candidates.

About the role

Join the IT Security Team, in the Specialist, IT Vulnerability Management position. The successful candidate will apply specialized expertise to operationalize vulnerability management standards, risk methodologies, and threat intelligence to ensure vulnerabilities across infrastructure, applications, and cloud environments are consistently identified, assessed, prioritized, tracked, and escalated within established frameworks. It is accountable for maintaining process integrity and high‑quality vulnerability data, exercising guided judgment in non‑standard scenarios, and enabling timely remediation, directly contributing to reduced technology risk and effective risk oversight.

What you’ll do:

• Interpret vulnerability scan results across infrastructure, applications, and cloud environments to identify, validate, and assess security risks.
• Perform risk analysis to eliminate false positives, determine exploitability, and prioritize vulnerabilities using approved risk rating methodologies and threat intelligence.
• Maintain authoritative vulnerability records, including risk ratings, evidence, remediation requirements, and audit traceability.
• Coordinate with IT and application teams to drive timely remediation in line with defined service level targets.
• Track remediation progress, validate closure or risk acceptance, and escalate overdue or high‑risk vulnerabilities as required.
• Produce accurate operational reports and dashboards to support management visibility, compliance, and assurance activities.
• Identify recurring vulnerability trends and recommend processes, tooling, and workflow improvements to enhance control maturity.
• Exercise sound operational judgment, effective escalation, and strong interpersonal skills to influence stakeholders and ensure consistent vulnerability management outcomes.

What you should have:

A bachelor’s degree in Information Technology, Cybersecurity, or a related field, or equi