Cybersecurity Risk Analyst
4 weeks ago
Domtar Corporation is seeking a highly skilled Cybersecurity Risk Analyst to join our team. As a key member of our IT Compliance & Governance Security team, you will contribute to the IT risk management practice by maintaining and improving the IT risk management framework, managing IT exceptions, and performing 3rd party vendor risk assessments.
This is a hybrid work schedule position with specified days in the office.
Key Responsibilities- Maintain and improve an IT/Security Risk Assessment Framework.
- Document IT security risks, mitigating controls, and present them to risk owners for decision-making.
- Coordinate with the IT compliance team to ensure compensating controls have been put in place.
- Maintain the IT risk register throughout the IT risks lifecycle.
- Perform Privacy Impact Assessments (PIA).
- Maintain and improve 3rd party vendors assessment methodology.
- Perform 3rd party and cloud vendor security posture assessments, document the assessments, and present the results to business owners.
- Review 3rd party contracts for IT security and data privacy-related clauses and work in collaboration with IT Procurement and Legal teams.
- Maintain the Cloud vendor register.
- Provide vendor selection services for cybersecurity aspects to help business units select a vendor as part of the RFP process.
- Manage and maintain the IT Exception Handling Process.
- Document IT Exceptions, validate the needs from exception requestors and owners, and seek exception approval from Cybersecurity management.
- Document risk assessments as needed.
- Maintain the IT Exceptions register and follow up on approved exceptions.
- Provide project advisory services to Business and IT projects on IT risk matters to ensure risk management activities during the project's lifecycle.
- Bachelor's degree or 5 years of professional experience in Cybersecurity.
- Minimum of 8 years' experience in security governance, risk, and compliance (GRC).
- Holds security-related certifications such as CISSP, CISM, CSSP, or similar considered an asset.
- Practical experience with implementing and/or working with IT Risk management frameworks.
- Practical experience with performing IT Risk assessments during projects and as part of security operations.
- Practical experience with security controls and risk mitigation measures implementation.
- Practical experience assessing 3rd party vendor risks and reviewing security and IT controls related assurances documentation provided by 3rd parties (e.g., ISO 27001 certifications, SSAE-16/18, SOC1, SOC2, etc.).
- Practical experience managing an IT exception handling process.
- Hands-on experience and good knowledge in topics such as identity and access management, network security, Cloud security, cryptography, web security, next-generation security solutions, and operating system security.
- Experience with project life cycles, particularly security risk analysis, solutions design, and broad systems integration.
- Great organizational and analytical skills.
- Able to vulgarize, ease in expressing ideas, influence others, challenge ideas, and be convincing.
- Excellent interpersonal skills to be able to interact at all levels.
- Ability to influence and engage with senior management.
- Ability to quickly adapt to changing priorities and demands.
- Worked in a decentralized environment (both technical and processes).
- Experience in an information security (application and/or infrastructure) role in an enterprise environment.
- Structured and autonomous person.
- Ability to work well on a collaborative team and influence others without direct authority.
- Excellent written (documentation) and verbal communication skills (English & French) a strong asset.
- Alternative Work Arrangements; hybrid remote work and flextime and summer hours.
- A modern and spacious work environment.
- A flexible insurance plan (life, medical, dental).
- An employee assistance program.
- Competitive compensation, including an annual bonus plan.
- A pension plan with matching company contributions.
- Employer-paid development and continuing education.
Domtar is a diversified manufacturer of pulp and paper, including printing and writing, packaging, and specialty papers. We believe in the enduring value of wood-based products in global markets and have built a large network of mills and chipping plants to produce them competitively. Through our distinct approach to operational excellence, we deliver high-quality and cost-effective products to international customers.
Check out our Newsroom to learn more about Domtar, who we are, and why people rely on us every day Find us on @DomtarEveryday on Facebook, Twitter, YouTube, and LinkedIn.
Domtar is an equal-opportunity employer. Qualified applicants will be considered without regard to age, race, color, sex (including gender identity or expression, sexual orientation, and pregnancy), marital status, religion, national origin, genetic information, disability, or veteran status. We are also committed to ensuring reasonable accommodations for individuals protected by Section 503 of the Rehabilitation Act of 1974, and Title I of the Americans with Disability Act of 1990.
Once your application has been submitted, you will receive a confirmation email. If you are selected to interview, you will be contacted by a member of our Talent Acquisition Team.
#LI-Hybrid
#J-18808-Ljbffr-
Cybersecurity Risk Analyst
1 month ago
Montreal, Quebec, Canada Domtar Corporation Full timeCybersecurity Risk Analyst Job DescriptionDomtar Corporation is seeking a highly skilled Cybersecurity Risk Analyst to join our team. As a Cybersecurity Risk Analyst, you will play a critical role in maintaining and improving our IT risk management framework, managing IT exceptions, and performing 3rd party vendor risk assessments.Key...
-
Cybersecurity Risk Analyst
1 month ago
Montreal, Quebec, Canada Domtar Corporation Full timeCybersecurity Risk Analyst Job DescriptionDomtar Corporation is seeking a highly skilled Cybersecurity Risk Analyst to join our team. As a Cybersecurity Risk Analyst, you will play a critical role in maintaining and improving our IT risk management framework, managing IT exceptions, and performing 3rd party vendor risk assessments.Key...
-
Cybersecurity Risk Analyst
4 weeks ago
Montreal, Quebec, Canada Domtar Full timeCybersecurity Risk AnalystDomtar is seeking a highly skilled Cybersecurity Risk Analyst to join our team. As a key member of our IT Compliance & Governance Security team, you will contribute to the development and implementation of our IT risk management framework, ensuring the security and integrity of our systems and data.Key Responsibilities:Maintain and...
-
Cybersecurity Risk Analyst
4 weeks ago
Montreal, Quebec, Canada Domtar Full timeCybersecurity Risk AnalystDomtar is seeking a highly skilled Cybersecurity Risk Analyst to join our team. As a key member of our IT Compliance & Governance Security team, you will contribute to the development and implementation of our IT risk management framework, ensuring the security and integrity of our systems and data.Key Responsibilities:Maintain and...
-
Cybersecurity Risk Analyst
4 weeks ago
Montreal, Quebec, Canada Domtar Full timeCybersecurity Risk AnalystDomtar is seeking a highly skilled Cybersecurity Risk Analyst to join our team. As a key member of our IT Compliance & Governance Security team, you will contribute to the development and implementation of our IT risk management framework, ensuring the security and integrity of our systems and data.Key Responsibilities:Maintain and...
-
Cybersecurity Risk Analyst
4 weeks ago
Montreal, Quebec, Canada Produits forestiers Résolu Full timeCybersecurity Risk Analyst Job DescriptionAt Produits forestiers Résolu, we are seeking a highly skilled Cybersecurity Risk Analyst to join our team. As a key member of our IT Compliance & Governance Security team, you will play a critical role in maintaining and improving our IT risk management framework.Key Responsibilities:Maintain and improve an...
-
Cybersecurity Risk Analyst
4 weeks ago
Montreal, Quebec, Canada Produits forestiers Résolu Full timeCybersecurity Risk Analyst Job DescriptionAt Produits forestiers Résolu, we are seeking a highly skilled Cybersecurity Risk Analyst to join our team. As a key member of our IT Compliance & Governance Security team, you will play a critical role in maintaining and improving our IT risk management framework.Key Responsibilities:Maintain and improve an...
-
Cybersecurity Risk Analyst
1 month ago
Montreal, Quebec, Canada Produits forestiers Résolu Full timeJob Title: Cybersecurity Risk AnalystResolute Forest Products is seeking a highly skilled Cybersecurity Risk Analyst to join our team. As a key member of our IT Compliance & Governance Security team, you will play a critical role in maintaining and improving our IT risk management framework.Key Responsibilities:Maintain and improve the IT/Security Risk...
-
Cybersecurity Risk Analyst
1 month ago
Montreal, Quebec, Canada Produits forestiers Résolu Full timeJob Title: Cybersecurity Risk AnalystResolute Forest Products is seeking a highly skilled Cybersecurity Risk Analyst to join our team. As a key member of our IT Compliance & Governance Security team, you will play a critical role in maintaining and improving our IT risk management framework.Key Responsibilities:Maintain and improve the IT/Security Risk...
-
Cybersecurity Risk Analyst
2 weeks ago
Montreal, Quebec, Canada Resolute Forest Products Inc. Full timeCybersecurity Risk AnalystResolute Forest Products Inc. is seeking a highly skilled Cybersecurity Risk Analyst to join our team. As a key member of our IT Compliance & Governance Security team, you will contribute to the IT risk management practice by maintaining and improving the IT risk management framework, managing IT exceptions, and performing 3rd party...
-
Cybersecurity Risk Analyst
2 weeks ago
Montreal, Quebec, Canada Produits forestiers Résolu Full timeCybersecurity Risk Analyst Job DescriptionResolute Forest Products is seeking a highly skilled Cybersecurity Risk Analyst to join our team in Montreal, Quebec, Canada. As a key member of our IT Compliance & Governance Security team, you will play a critical role in maintaining and improving our IT risk management framework, managing IT exceptions, and...
-
Cybersecurity Risk Analyst
1 month ago
Montreal, Quebec, Canada Domtar Full timeJob DescriptionDomtar is seeking a highly skilled Cybersecurity Risk Analyst to join our team. As a key member of our IT Compliance & Governance Security team, you will play a critical role in maintaining and improving our IT risk management framework, managing IT exceptions, and performing third-party vendor risk assessments.Key ResponsibilitiesMaintain and...
-
Cybersecurity Risk Analyst
1 month ago
Montreal, Quebec, Canada Domtar Full timeJob DescriptionDomtar is seeking a highly skilled Cybersecurity Risk Analyst to join our team. As a key member of our IT Compliance & Governance Security team, you will play a critical role in maintaining and improving our IT risk management framework, managing IT exceptions, and performing third-party vendor risk assessments.Key ResponsibilitiesMaintain and...
-
Cybersecurity Risk Analyst
1 month ago
Montreal, Quebec, Canada Domtar Full timeJob DescriptionDomtar is seeking a highly skilled Cybersecurity Risk Analyst to join our team. As a key member of our IT Compliance & Governance Security team, you will play a critical role in maintaining and improving our IT risk management framework, managing IT exceptions, and performing third-party vendor risk assessments.Key ResponsibilitiesMaintain and...
-
Cybersecurity Governance Risk Analyst
1 month ago
Montreal, Quebec, Canada Domtar Corporation Full timeCybersecurity Risk Analyst Job DescriptionWe are seeking a highly skilled Cybersecurity Risk Analyst to join our team at Domtar Corporation. As a key member of our IT Compliance & Governance Security team, you will play a critical role in maintaining and improving our IT risk management framework.Key Responsibilities:Maintain and improve the IT risk...
-
Cybersecurity Governance Risk Analyst
1 month ago
Montreal, Quebec, Canada Domtar Corporation Full timeCybersecurity Risk Analyst Job DescriptionWe are seeking a highly skilled Cybersecurity Risk Analyst to join our team at Domtar Corporation. As a key member of our IT Compliance & Governance Security team, you will play a critical role in maintaining and improving our IT risk management framework.Key Responsibilities:Maintain and improve the IT risk...
-
Cybersecurity Governance Risk Analyst
1 month ago
Montreal, Quebec, Canada Domtar Corporation Full timeCybersecurity Risk Analyst Job DescriptionWe are seeking a highly skilled Cybersecurity Risk Analyst to join our team at Domtar Corporation. As a key member of our IT Compliance & Governance Security team, you will play a critical role in maintaining and improving our IT risk management framework.Key Responsibilities:Maintain and improve the IT risk...
-
Cybersecurity Governance Risk Analyst
1 month ago
Montreal, Quebec, Canada Domtar Corporation Full timeCybersecurity Risk Analyst Job DescriptionWe are seeking a highly skilled Cybersecurity Risk Analyst to join our team at Domtar Corporation. As a key member of our IT Compliance & Governance Security team, you will play a critical role in maintaining and improving our IT risk management framework.Key Responsibilities:Maintain and improve the IT risk...
-
Cybersecurity Governance Risk Analyst
1 month ago
Montreal, Quebec, Canada Domtar Corporation Full timeCybersecurity Risk Analyst Job DescriptionWe are seeking a highly skilled Cybersecurity Risk Analyst to join our team at Domtar Corporation. As a key member of our IT Compliance & Governance Security team, you will play a critical role in maintaining and improving our IT risk management framework.Key Responsibilities:Maintain and improve the IT risk...
-
Cybersecurity Governance Risk Analyst
1 month ago
Montreal, Quebec, Canada Domtar Corporation Full timeCybersecurity Risk Analyst Job DescriptionWe are seeking a highly skilled Cybersecurity Risk Analyst to join our team at Domtar Corporation. As a key member of our IT Compliance & Governance Security team, you will play a critical role in maintaining and improving our IT risk management framework.Key Responsibilities:Maintain and improve the IT risk...
