Specialist, IT Vulnerability & Management

Job Requisition ID: 12063

Position Status: Permanent Full Time

Position Type: Hybrid

Office Location: Montreal (QC); Ottawa (ON)

Travel Requirement: Limited

Language Designation: English Essential

Language Skill Levels (Read/Write/Speak): ZZZ

Security Requirement: Secret

Salary: Our salaries generally range from $ 86,816.59 to $ 108,520.74 and are based on qualifications and experience.

About CMHC

The work you do and the work we do together matters. We come to work every day with a common purpose: to contribute to a well-functioning housing system.

At CMHC, we hold ourselves accountable for our results and support our colleagues in their achievements. We thrive on collaboration, connecting across CMHC and involving the right people to get our work done. Our leadership style is guided by trust, where our leaders favour an adaptive approach based on the needs of their teams.

Join us and be part of a team that's committed to making a real difference and be part of something meaningful.

What’s in it for you

We’ve got the purpose, the people and the perks you need for a fulfilling career. Here’s the comprehensive and generous benefits you get when you’re a permanent employee:

• Annual Paid vacation.
• Annual individual performance incentive.
• Defined benefit pension plan.
• Comprehensive group insurance plan to support your well-being from day one.
• Support towards your personal and professional growth with training, mentorship and more.
• An inclusive workplace culture and environment.
• While positions at CMHC require some in-office presence, alternative work arrangements may be considered for Indigenous candidates.

About the role

Join the IT Security Team, in the Specialist, IT Vulnerability Management position. The successful candidate will apply specialized expertise to operationalize vulnerability management standards, risk methodologies, and threat intelligence to ensure vulnerabilities across infrastructure, applications, and cloud environments are consistently identified, assessed, prioritized, tracked, and escalated within established frameworks. It is accountable for maintaining process integrity and high‑quality vulnerability data, exercising guided judgment in non‑standard scenarios, and enabling timely remediation, directly contributing to reduced technology risk and effective risk oversight.

What you’ll do:

• Interpret vulnerability scan results across infrastructure, applications, and cloud environments to identify, validate, and assess security risks.
• Perform risk analysis to eliminate false positives, determine exploitability, and prioritize vulnerabilities using approved risk rating methodologies and threat intelligence.
• Maintain authoritative vulnerability records, including risk ratings, evidence, remediation requirements, and audit traceability.
• Coordinate with IT and application teams to drive timely remediation in line with defined service level targets.
• Track remediation progress, validate closure or risk acceptance, and escalate overdue or high‑risk vulnerabilities as required.
• Produce accurate operational reports and dashboards to support management visibility, compliance, and assurance activities.
• Identify recurring vulnerability trends and recommend processes, tooling, and workflow improvements to enhance control maturity.
• Exercise sound operational judgment, effective escalation, and strong interpersonal skills to influence stakeholders and ensure consistent vulnerability management outcomes.

What you should have:

• A bachelor’s degree in Information Technology, Cybersecurity, or a related field, or equivalent experience.
• A security certification is required or in progress (e.g., Security+, CEH, or equivalent).
• A minimum of 5 years of experience in information security, vulnerability management, or IT operations.
• Demonstrated experience operating vulnerability scanning tools and managing remediation workflows.
• A strong understanding of vulnerability management lifecycle (scan → assess → prioritize → remediate → validate).
• The ability to apply risk methodologies and exercise judgment within defined frameworks.
• An understanding of security control concepts (patching, configuration hardening, compensating controls).
• The ability to identify patterns and escalate systemic issues appropriately.

Posting closing date: Note, the competition will remain active until filled.

Standby and Call Back duties are a requirement of this position and will be subject to CMHC policies, including the Standby and Call Back Pay Procedure.

Our commitment to diversity, equity, and inclusion

We’re committed to employment equity and encourage women, Indigenous Peoples, persons with disabilities, veterans and persons of all races, ethnicities, religions, abilities, sexual orientations, and gender identities and expressions to apply. We also welcome applications from non-Canadians who are eligible to work in Canada.

CMHC is an inclusive workplace where diversity of thought – and of people – are recognized, valued, and considered essential to achieving our mission.

Learn more about our commitment to diversity and inclusion

What happens after you apply

We know that applying for a new job can be both exciting and daunting, and we appreciate your effort. Learn more about our hiring process. If you are selected for an interview or testing, please advise us if you require an accommodation.

If you applied before and you were not successful don’t worry – we're always posting new positions, so don’t hesitate to give it another shot. We’re excited to see what you bring to the table this time around!