Cybersecurity Risk Analyst
3 weeks ago
Location: Montreal, Quebec, CA, H3B 2N2
Resolute Forest Products, founded more than two centuries ago, is a global leader in the forest products industry. The company owns or operates some 40 facilities, as well as power generation assets, in the United States and Canada. Our 6,600+ employees work hard to produce quality market pulp, tissue, wood products and papers that are marketed in over 60 countries.
The location in Montreal is seeking talent to fill the position of Cybersecurity Risk Analyst. This job is full-time permanent.
By supporting the Manager of IT Compliance & Governance Security team, you will contribute to the IT risk management practice at Paper Excellence Group by maintaining and improving the IT risk management framework, managing IT exceptions, and performing 3rd party vendor risk assessments. You will also participate in Business and IT projects and work with IT operation teams to assess risks and provide risk mitigation recommendations.
ResponsibilitiesIT/Security Risk Assessment Framework
• Maintain and improve an IT/Security Risk Assessment Framework.
• Document IT security risk, mitigating controls, and present them to risk owners for decision making.
• Coordinate with the IT compliance team to ensure compensating controls are in place.
• Maintain the IT risk register throughout the IT risks lifecycle.
• Perform Privacy Impact Assessments (PIA).
3rd Party Vendors Security Assessment
• Maintain and improve 3rd party vendors assessment methodology.
• Perform 3rd party and cloud vendor security posture assessments, document the assessment, and present the results to business owners.
• Review 3rd party contracts for IT security and data privacy-related clauses and collaborate with IT Procurement and Legal teams.
• Maintain the Cloud vendor register.
• Provide vendor selection services for cybersecurity aspects to help business units select a vendor as part of the RFP process.
IT Exception Handling Process
• Manage and maintain the IT Exception Handling Process.
• Document IT Exceptions, validate the needs from exception requestors and owners, and seek exception approval from Cybersecurity management.
• Document risk assessments as needed.
• Maintain the IT Exceptions register and follow up on approved exceptions.
Project Advisory
• Provide project advisory services to Business and IT projects on IT risk matters to ensure risk management activities during the project lifecycle. Occasionally provide support to the project security advisory team to document project security requirements and controls to implement.
Risk Management KPI and KRI
• Produce and report IT risk management KPI and KRI on a monthly basis.
• Bachelor’s degree or 5 years of professional experience in Cybersecurity;
• Minimum of 8 years’ experience in security governance, risk, and compliance (GRC);
• Holds security-related certifications such as CISSP, CISM, CSSP or similar, considered an asset.
• Practical experience with implementing and/or working with IT Risk management frameworks;
• Practical experience with performing IT Risk assessments during projects and as part of security operations;
• Practical experience with security controls and risk mitigation measures implementation;
• Practical experience in assessing 3rd party vendor risks and reviewing security and IT controls-related assurances documentation provided by 3rd parties (e.g., ISO 27001 certifications, SSAE-16/18, SOC1, SOC2, etc.);
• Practical experience with managing an IT exception handling process;
• Hands-on experience and good knowledge in topics such as identity and access management, network security, Cloud security, cryptography, web security, next-generation security solutions, and operating system security;
• Experience with project life cycles, particularly security risk analysis, solutions design, and broad systems integration.
• Great organizational and analytical skills;
• Excellent interpersonal skills to interact at all levels;
• Ability to influence and engage with senior management;
• Ability to quickly adapt to changing priorities and demands;
• Worked in a decentralized environment (both technical and processes);
• Structured and autonomous person;
• Ability to work well on a collaborative team and influence others without direct authority;
• Excellent written (documentation) and verbal communication skills (English & French).
- Competitive salary and annual bonus
- At least three weeks of vacation and three floating holidays a year from the first day of work, depending on your experience
- Full range of group insurance from the first day of work
- Defined-contribution pension plan with generous employer participation from the first day of work
- Employee and family assistance program
- Education assistance program
- Hybrid workplace: in-person and remote work
- Work environment based on respect, inclusion, and diversity
- Office accessible by public transit
Resolute is committed to equity, diversity, and inclusion to empower all employees to reach their full potential. We offer an inclusive, rewarding, and safe work environment with opportunities that will help grow your skills.
#J-18808-Ljbffr-
Cybersecurity Risk Analyst
3 weeks ago
Montreal, Quebec, G4F, CA Domtar Corporation Full timeCybersecurity Risk AnalystBy supporting the Manager of IT Compliance & Governance Security team, the Cybersecurity Risk Analyst will contribute to the IT risk management practice at Paper Excellence Group by maintaining and improving the IT risk management framework, managing IT exceptions, and performing 3rd party vendor risk assessments. The Cybersecurity...
-
Cybersecurity Risk Analyst
4 weeks ago
Montreal, Quebec, G4F, CA Produits forestiers Résolu Full timeResolute Forest Products, founded more than two centuries ago, is a global leader in the forest products industry. Through the years, it has built more than 20 predecessor companies and supported hundreds of communities. The company owns or operates some 40 facilities, as well as power generation assets, in the United States and Canada. Our 6,600+...
-
Operational Risk Manager – Cybersecurity Risks
3 weeks ago
Montreal, Quebec, G4F, CA SGS Société Générale de Surveillance SA Full timeResponsibilitiesThe Risk Management Department contributes to the sustainable growth of the Societe Generale group through its expertise, understanding of risks, and risk management techniques. The department’s mission is to independently analyze, assess, manage, and monitor risk-taking activities with the objective of achieving, together with the first...
-
Operational Risk Manager – Cybersecurity Risks
4 weeks ago
Montreal, Quebec, G4F, CA SGS Société Générale de Surveillance SA Full timeResponsibilitiesThe Risk Management Department contributes to the sustainable growth of the Societe Generale group through its expertise, understanding of risks, and risk management techniques. The department’s mission is to independently analyze, assess, manage, and monitor risk-taking activities with the objective of achieving, together with the first...
-
Operational Risk Manager – Cybersecurity Risks
3 weeks ago
Montreal, Quebec, G4F, CA SGS Société Générale de Surveillance SA Full timeResponsibilitiesThe Risk Management Department contributes to the sustainable growth of the Societe Generale group through its expertise, understanding of risks, and risk management techniques. The department’s mission is to independently analyze, assess, manage and monitor risk-taking activities with the objective of achieving, together with the first...
-
Operational Risk Manager – Cybersecurity Risks
3 weeks ago
Montreal, Quebec, G4F, CA SGS Société Générale de Surveillance SA Full timeResponsibilitiesThe Risk Management Department contributes to the sustainable growth of the Societe Generale group through its expertise, understanding of risks, and risk management techniques. The department’s mission is to independently analyze, assess, manage and monitor risk-taking activities with the objective of achieving, together with the first...
-
Operational Risk Manager – Cybersecurity Risks
3 weeks ago
Montreal, Quebec, G4F, CA SGS Société Générale de Surveillance SA Full timeResponsibilitiesThe Risk Management Department contributes to the sustainable growth of the Societe Generale group through its expertise, understanding of risks, and risk management techniques. The department’s mission is to independently analyze, assess, manage and monitor risk-taking activities with the objective of achieving, together with the first...
-
Operational Risk Manager – Cybersecurity Risks
4 weeks ago
Montreal, Quebec, G4F, CA SGS Société Générale de Surveillance SA Full timeResponsibilitiesThe Risk Management Department contributes to the sustainable growth of the Societe Generale group through its expertise, understanding of risks, and risk management techniques. The department’s mission is to independently analyze, assess, manage and monitor risk-taking activities with the objective of achieving, together with the first...
-
Cybersecurity Analyst, Application Solutions
1 month ago
Montreal, Quebec, G4F, CA Scrapmetal Full timeCybersecurity Analyst, Application SolutionsFull-timeAmerican Iron & Metal (AIM) is a family-owned company and recognized global leader in the metal recycling industry with more than 125 sites and 4000 employees worldwide. We have continued to prosper for the last eight decades thanks to the dedication of our employees and the ongoing trust and support of...
-
Manager, Cybersecurity and GRC
4 weeks ago
Montreal, Quebec, G4F, CA American Iron & Metal Co Full timeAmerican Iron & Metal (AIM) is a family-owned company and recognized global leader in the metal recycling industry with more than 125 sites and 4000 employees worldwide. We have continued to prosper for the last eight decades thanks to the dedication of our employees and the ongoing trust and support of our customers.Become part of team AIM, a growing team...
-
Analyst, Risk and Internal Control Analyst
1 month ago
Montreal, Quebec, G4F, CA Accoravillage Full timeAnalyst, Risk and Internal Control AnalystTuesday, August 6, 2024WHY JOIN LANTIC?It's simple: we strive to be a great company to partner with, work for and invest in, offering best-in-class portfolio of natural sweetener solutions.With over 130 years of experience, we have proven that we are committed to creating lasting brand connections and long-term...
-
Analyst, Risk and Internal Control Analyst
1 month ago
Montreal, Quebec, G4F, CA Accoravillage Full timeAnalyst, Risk and Internal Control AnalystTuesday, August 6, 2024WHY JOIN LANTIC?It's simple: we strive to be a great company to partner with, work for and invest in, offering best-in-class portfolio of natural sweetener solutions.With over 130 years of experience, we have proven that we are committed to creating lasting brand connections and long-term...
-
Analyst, Risk and Internal Control Analyst
1 month ago
Montreal, Quebec, G4F, CA Accoravillage Full timeAnalyst, Risk and Internal Control AnalystTuesday, August 6, 2024WHY JOIN LANTIC?It's simple: we strive to be a great company to partner with, work for and invest in, offering best-in-class portfolio of natural sweetener solutions.With over 130 years of experience, we have proven that we are committed to creating lasting brand connections and long-term...
-
Montreal, Quebec, G4F, CA Scrapmetal Full timeManager, Cybersecurity GRC and Process ImprovementFull-timeAmerican Iron & Metal (AIM) is a family-owned company and recognized global leader in the metal recycling industry with more than 125 sites and 4000 employees worldwide. We have continued to prosper for the last eight decades thanks to the dedication of our employees and the ongoing trust and support...
-
Montreal, Quebec, G4F, CA National Bank Full timeAs a Chief Advisor, Technology and Cyber Risk Management for Business Lines on the Technology, Cyber and Data Risk Management team at National Bank, you will act as a second line of defence specialist on information technology and cybersecurity. Your experience in several areas of technology (IT architecture, cloud, cyber) will help you to have a positive...
-
Analyst Credit risk
4 weeks ago
Montreal, Quebec, G4F, CA Desjardins Full timeAs a Credit Risk Analyst, you assist with credit authorization, research, analysis and development to implement credit risk management best practices. You serve as a technical collaborator and provide discipline-specific support for your unit’s activities, initiatives, and processes. The ability to tailor your approach as needed is therefore essential. You...
-
Analyst Credit risk
4 weeks ago
Montreal, Quebec, G4F, CA Desjardins Group Full timeAs a Credit Risk Analyst, you assist with credit authorization, research, analysis and development to implement credit risk management best practices. You serve as a technical collaborator and provide discipline-specific support for your unit’s activities, initiatives and processes. The ability to tailor your approach as needed is therefore essential. You...
-
Senior Analyst Credit Risk
1 month ago
Montreal, Quebec, G4F, CA National Bank Full timeA career at National Bank as a Senior Analyst in the Risk Management department for the Financial Markets and International sector means acting as a credit expert in a variety of business opportunities and having expertise in a diversified portfolio of counterparties. This job allows you to have a positive impact on our organization, thanks to your financial...
-
IT Business Analyst
1 month ago
Montreal, Quebec, G4F, CA Intelcom Express Inc. Full timeIntelcom is currently hiring an Information Technology (IT) Business Analyst, IT Resilience and Compliance for our Service Center (Head office) located in Griffintown, Montreal, Quebec.Reporting to the Senior Manager, IT Resilience and Compliance and working collaboratively with the Specialist, and greater IT Resilience and Compliance team, the successful...
-
Cyber Security Analyst
1 month ago
Montreal, Quebec, G4F, CA Sanimax Full timeResponsibilities:Participate in the development of policies and guidelines (ISO 27001 & CIS).Participate in internal audits and compliance testing.Document and implement internal processes.Monitor existing security mechanisms and ensure control over the protection of IT assets.Define security and compliance requirements, ensuring the technical viability of...
