Risk Management Specialist

Apply now »

Date: Sep 14, 2023

Location: Ottawa/GTA, ON, CA, 1A1A1A

Company: Innovapost

Requisition Number: 2939 

Province: Ontario (CA-ON) 

Country: Canada (CA) 

Employment Type: Regular 

Job Level: L4 



Who are we?

We are the technology arm of the Canada Post Group of Companies which includes Canada Post, Purolator, and SCI. Innovapost provides client-specific Information Technology (IT), Information Systems (IS), and business solution services exclusively within the Group and helps them deliver innovative solutions and value to Canadians. Our work transforms operations and modernizes business to meet the demands of the evolving mail, courier, and logistics industries. By joining us you will be able to make a positive impact on how every Canadian sends and receives their packages and mail. Next time you see your neighbour picking up their mail and receiving a package, you will be able to say, “you’re welcome!”


Why join us?

Continuous improvement; a focus on Diversity, Inclusion and Belonging; Environmental and Social Governance; and an investment in a hybrid workplace are just a few of the feathers in our cap. We were also awarded IT World Canada’s 2022 Digital Transformation Award for Large Public Sector organizations. As technology evolves, we believe in providing our high-performing workforce with the skills of tomorrow through continuous learning and career growth. Offering access to learning platforms like Degreed, LinkedIn Learning, Microsoft Enterprise Skills – as well as a Leadership Developmental Program – Innovapost enables you to connect learning with skills and map your skills to open opportunities within the company.


What role will you play?

Reporting to the Risk Management Team Lead, the successful applicant will play both strategic and day-to-day leading roles in the management of enterprise cyber security risks within the Canada Post Group of Companies.  Additionally, the successful applicant will be responsible for the evolution of the risk management program including, but not limited to, the risk management framework, associated policies and standards, and key awareness activities. The successful applicant will also represent cyber security interests as they related to the individual member companies.

What you'll be responsible for:

  • Development of key strategic roadmaps and plans as they related to corporate objectives
  • Providing key cyber security mitigative recommendations for new products and services with a particular emphasis on cloud technologies
  • Oversight of key team deliverables as they related to strategic roadmap development and day-to-day project work
  • Responsible for providing regular updates to key management and executive committees
  • Working with key strategic partners to advance the cyber security maturity model of the risk management processes within Innovapost
  • Partner with other departments to further refine their day-to-day risk management in terms of vulnerability analysis and threat modelling

What does it take for this role to be yours?

  • 10+ years of experience in IT environments
  • 5+ years of experience with cyber security and risk management
  • 3+ years of leadership experience (program or departmental)
  • A keen awareness of how cyber security supports a business in the delivery of its corporate objectives
  • Experience with cyber security risk management across a multitude of cyber security domains
  • Excellent understanding of risk management fundamentals
  • A stellar understanding of the various software development lifecycle frameworks as they relate to cyber security i.e. DevSecOps
  • A wide array of technical skills across a multitude of information technology security domains
  • Extensive experience in the development and maintenance of corporate security policy instruments
  • A keen eye and attention to detail when performing complex risk analysis
  • An excellent understanding of various cloud computing technologies and how they can be leveraged to support business objectives
  • A thorough understanding of the various risk management frameworks and control catalogues which exist in the cyber security domain – ISO 2700x, NIST 800-53, CIS Benchmarks

Additional skills that set you apart:

  • Working knowledge and skills in the area of cyber security and risk management.
  • Team/people management skills
  • Solid working knowledge of Microsoft Office products including PowerPoint, Excel and Word
  • Experience with PowerBI and PowerBI Dashboard development, data modelling and analyticsWorking knowledge with Amazon Web Services (AWS) and the AWS security functionalities, Azure cloud technologies, SecurityCompass SDElements, JIRA, and MetricStream IT Risk toolsets
  • Experience with DevSecOps frameworks, standards, and procedures
  • A member of, and contributor to, various cyber security working groups with interests which intersect with those of the CPGoC
  • A solid understanding of, and experience with, audits and control reviews, both as an organizer and as a client.

Education and certification:

  • Post-secondary education in the areas of cyber security, general information technology, or business.
  • Certification in one of more of:  (ISC)2 CISSP, ISACA CISA, ISACA CISM, AWS Cloud certification family

What do we value?

At Innovapost, we believe in being:

  • Courageous – doing the right thing
  • INNOvative – leading with a visionary mindset
  • Inclusive – listening without judgement and challenging biases
  • Inspirational – having a positive attitude, interest, and accountability
  • Curious – being inquisitive to learn continuously


We also believe in thinking and acting as one team, having mutual respect, having an inherent bias for action, continuously improving and INNOvating, and trusting others to play their roles.


Diversity, Inclusion & Belonging at Innovapost

We value diversity as an essential part of who we are as a company, how we operate and how we see our future. We believe that attracting, developing, and retaining people who reflect the diversity of Canada is essential to our success. We encourage applications from women, Indigenous people, persons with disabilities and visible minorities.


Hybrid Workplace

Innovapost has a highly flexible Hybrid Workplace Practice which outlines our default work arrangement as ‘Hybrid Local’. This enables employees to work from either a Local Personal Residence, an Assigned Office Location, or both. Your Assigned Office Location for this position will either be our Ottawa or Toronto office based on the requirements for your role. 

Specifically, ‘Local’ refers to a location either within the National Capital Region (NCR) or the Greater Toronto Area (GTA), as employees are expected to be within reasonable commuting distance of one of our offices. Hybrid Local does not mean that employees work from home all the time, nor does it mean that employees are in the office all the time. 

Hybrid work arrangements enable employees to collaborate in person with their colleagues as determined by their leadership team. This may include events and activities established to enhance in-person collaboration.



Innovapost is committed to providing an inclusive and barrier-free work environment, starting with the hiring process. If you are contacted by Innovapost regarding a job opportunity, please advise if you have any restrictions that need to be accommodated. All information received in relation to accommodation will be kept confidential.


The work we do at Innovapost impacts every Canadian. To work with us, you must be eligible to obtain a Canada Post Reliability Security Clearance.

Good luck! We look forward to hearing from you!