Cybersecurity Risk Management Specialist
3 months ago
In collaboration with the IT Compliance & Governance Security team, the Cybersecurity Risk Management Specialist will play a vital role in enhancing the IT risk management practices at Domtar Corporation. This role involves the ongoing maintenance and enhancement of the IT risk management framework, overseeing IT exceptions, and conducting thorough assessments of third-party vendor risks. The specialist will also engage in various Business and IT initiatives, working closely with IT operations teams to evaluate risks and propose effective risk mitigation strategies.
This position offers a hybrid work model with designated in-office days.
IT/Security Risk Assessment Framework- Enhance and sustain an IT/Security Risk Assessment Framework.
- Identify and document IT security risks along with mitigating controls, presenting findings to risk owners for informed decision-making.
- Collaborate with the IT compliance team to ensure that compensating controls are effectively implemented.
- Manage the IT risk register throughout the lifecycle of IT risks.
- Conduct Privacy Impact Assessments (PIA) as necessary.
- Refine and maintain the methodology for assessing third-party vendors.
- Carry out security posture assessments for third-party and cloud vendors, documenting the results and presenting them to business stakeholders.
- Examine third-party contracts for clauses related to IT security and data privacy, collaborating with IT Procurement and Legal teams.
- Keep the Cloud vendor register updated.
- Assist business units in vendor selection by providing cybersecurity insights during the RFP process.
- Oversee and manage the IT Exception Management Process.
- Document IT exceptions, validate the requirements from requestors and owners, and seek necessary approvals from Cybersecurity management.
- Conduct risk assessments as required.
- Maintain the IT Exceptions register and monitor approved exceptions.
- Offer advisory services on IT risk matters for Business and IT projects to ensure effective risk management throughout the project lifecycle. Occasionally support the project security advisory team in documenting security requirements and controls.
- Generate and report on IT risk management KPIs and KRIs on a monthly basis.
- Bachelor's degree or 5 years of relevant professional experience in Cybersecurity.
- A minimum of 8 years of experience in security governance, risk, and compliance (GRC).
- Possession of security-related certifications such as CISSP, CISM, CSSP, or similar is considered advantageous.
- Hands-on experience with the implementation and/or operation of IT Risk management frameworks.
- Experience in conducting IT Risk assessments during projects and as part of security operations.
- Practical knowledge of security controls and risk mitigation strategies.
- Experience in assessing third-party vendor risks and reviewing security and IT controls documentation provided by third parties (e.g., ISO 27001 certifications, SSAE-16/18, SOC1, SOC2, etc.).
- Experience managing an IT exception handling process.
- Strong understanding of topics such as identity and access management, network security, Cloud security, cryptography, web security, next-generation security solutions, and operating system security.
- Familiarity with project life cycles, particularly in security risk analysis, solutions design, and systems integration.
- Exceptional organizational and analytical abilities.
- Strong communication skills, with the ability to articulate ideas clearly and influence others.
- Excellent interpersonal skills for effective interaction at all organizational levels.
- Capability to engage and influence senior management.
- Adaptability to changing priorities and demands.
- Experience in a decentralized environment (both technical and procedural).
- Background in information security (application and/or infrastructure) within an enterprise context.
- Structured and self-directed work style.
- Ability to collaborate effectively within a team and influence peers without direct authority.
- Proficient written and verbal communication skills in English; proficiency in French is a strong asset.
- Flexible work arrangements, including hybrid remote work and flexible hours.
- A modern and spacious workplace.
- A customizable insurance plan (life, medical, dental).
- An employee assistance program.
- Competitive salary, including an annual bonus opportunity.
- A pension plan with company matching contributions.
- Employer-sponsored professional development and continuing education opportunities.
Domtar Corporation is a leading manufacturer of pulp and paper products, including printing and writing papers, packaging solutions, and specialty papers. We are committed to the sustainable use of wood-based products in global markets and have established a comprehensive network of mills and chipping plants to produce high-quality products competitively. Through our dedication to operational excellence, we deliver superior products to our international clientele.
Domtar Corporation is an equal opportunity employer. We welcome applications from qualified individuals without regard to age, race, color, sex (including gender identity or expression, sexual orientation, and pregnancy), marital status, religion, national origin, genetic information, disability, or veteran status. We are also committed to providing reasonable accommodations for individuals protected by applicable laws.
Upon submission of your application, you will receive a confirmation email. If selected for an interview, a member of our Talent Acquisition Team will reach out to you.
#LI-Hybrid
#J-18808-Ljbffr-
Cybersecurity Risk Management Specialist
2 months ago
Montreal, Quebec, Canada Domtar Corporation Full timeCybersecurity Risk Management SpecialistDomtar Corporation is seeking a highly skilled Cybersecurity Risk Management Specialist to join our team. As a key member of our IT Compliance & Governance Security team, you will play a critical role in maintaining and improving our IT risk management framework, managing IT exceptions, and performing 3rd party vendor...
-
Cybersecurity Risk Management Specialist
2 months ago
Montreal, Quebec, Canada Domtar Corporation Full timeCybersecurity Risk Management SpecialistDomtar Corporation is seeking a highly skilled Cybersecurity Risk Management Specialist to join our team. As a key member of our IT Compliance & Governance Security team, you will play a critical role in maintaining and improving our IT risk management framework, managing IT exceptions, and performing 3rd party vendor...
-
Cybersecurity Risk Management Specialist
1 week ago
Montreal, Quebec, Canada Produits forestiers Résolu Full timeCybersecurity Risk Management SpecialistAbout ResoluteResolute Forest Products is a leading global player in the forest products industry, with a rich history spanning over two centuries. The company has built a strong foundation through the acquisition of more than 20 predecessor companies, supporting hundreds of communities along the way. With a presence...
-
Cybersecurity Risk Management Specialist
2 weeks ago
Montreal, Quebec, Canada Produits forestiers Résolu Full timeAt Produits forestiers Résolu, we are seeking a highly skilled Cybersecurity Risk Management Specialist to join our team. This role will be responsible for maintaining and improving our IT risk management framework, managing IT exceptions, and performing 3rd party vendor risk assessments.Key Responsibilities:Maintain and improve the IT risk management...
-
Cybersecurity Risk Management Specialist
2 months ago
Montreal, Quebec, Canada Domtar Corporation Full timeCybersecurity Risk Management SpecialistIn collaboration with the IT Compliance & Governance Security team, the Cybersecurity Risk Management Specialist will play a vital role in enhancing the IT risk management strategy at Domtar Corporation. This position involves refining the IT risk management framework, overseeing IT exceptions, and conducting...
-
Cybersecurity Risk Management Specialist
3 months ago
Montreal, Quebec, Canada Domtar Corporation Full timeCybersecurity Risk Management SpecialistIn collaboration with the IT Compliance & Governance Security team, the Cybersecurity Risk Management Specialist will play a vital role in enhancing the IT risk management strategy at Domtar Corporation. This position involves refining the IT risk management framework, overseeing IT exceptions, and conducting...
-
Cybersecurity Risk Management Specialist
2 months ago
Montreal, Quebec, Canada Domtar Corporation Full timeCybersecurity Risk Management SpecialistIn collaboration with the Manager of IT Compliance & Governance Security team, the Cybersecurity Risk Management Specialist will play a vital role in enhancing the IT risk management practices at Domtar Corporation. This includes the upkeep and refinement of the IT risk management framework, overseeing IT exceptions,...
-
Cybersecurity Risk Management Specialist
3 months ago
Montreal, Quebec, Canada Domtar Corporation Full timeCybersecurity Risk Management SpecialistIn collaboration with the Manager of IT Compliance & Governance Security team, the Cybersecurity Risk Management Specialist will play a vital role in enhancing the IT risk management practices at Domtar Corporation. This includes the upkeep and refinement of the IT risk management framework, overseeing IT exceptions,...
-
Cybersecurity Risk Management Specialist
3 weeks ago
Montreal, Quebec, Canada Domtar Corporation Full timeCybersecurity Risk Management RoleAs a Cybersecurity Risk Management Specialist at Domtar Corporation, you will play a crucial part in maintaining and improving the IT risk management framework. This involves managing IT exceptions, performing 3rd party vendor risk assessments, and contributing to the IT risk management practice. You will work closely with...
-
Cybersecurity Risk Management Specialist
3 weeks ago
Montreal, Quebec, Canada Domtar Corporation Full timeCybersecurity Risk Management RoleAs a Cybersecurity Risk Management Specialist at Domtar Corporation, you will play a crucial part in maintaining and improving the IT risk management framework. This involves managing IT exceptions, performing 3rd party vendor risk assessments, and contributing to the IT risk management practice. You will work closely with...
-
Cybersecurity Risk and Compliance Specialist
2 months ago
Montreal, Quebec, Canada Domtar Corporation Full timeCybersecurity Risk and Compliance Specialist In collaboration with the Manager of IT Compliance & Governance Security team, the Cybersecurity Risk and Compliance Specialist will play a vital role in enhancing the IT risk management framework at Domtar Corporation. This position involves the management of IT exceptions and conducting thorough assessments of...
-
Cybersecurity Risk and Compliance Specialist
3 months ago
Montreal, Quebec, Canada Domtar Corporation Full timeCybersecurity Risk and Compliance Specialist In collaboration with the Manager of IT Compliance & Governance Security team, the Cybersecurity Risk and Compliance Specialist will play a vital role in enhancing the IT risk management framework at Domtar Corporation. This position involves the management of IT exceptions and conducting thorough assessments of...
-
Cybersecurity Risk Manager
2 months ago
Montreal, Quebec, Canada SGS Société Générale de Surveillance SA Full timeAbout the RoleWe are seeking a highly skilled Cybersecurity Risk Manager to join our Risk Management Department. As a key member of our team, you will be responsible for evaluating and managing cybersecurity risks across our organization.Key ResponsibilitiesEvaluate and assess cybersecurity risks, identifying potential threats and vulnerabilities.Develop and...
-
Cybersecurity Risk Manager
2 months ago
Montreal, Quebec, Canada SGS Société Générale de Surveillance SA Full timeAbout the RoleWe are seeking a highly skilled Cybersecurity Risk Manager to join our Risk Management Department. As a key member of our team, you will be responsible for evaluating and managing cybersecurity risks across our organization.Key ResponsibilitiesEvaluate and assess cybersecurity risks, identifying potential threats and vulnerabilities.Develop and...
-
Cybersecurity Risk Manager
2 months ago
Montreal, Quebec, Canada SGS Société Générale de Surveillance SA Full timeAbout the RoleWe are seeking a highly skilled Cybersecurity Risk Manager to join our Risk Management Department. As a key member of our team, you will be responsible for evaluating and managing cybersecurity risks across our organization.Key ResponsibilitiesEvaluate and assess cybersecurity risks, identifying potential threats and vulnerabilities.Develop and...
-
Cybersecurity Risk Manager
2 months ago
Montreal, Quebec, Canada SGS Société Générale de Surveillance SA Full timeAbout the RoleWe are seeking a highly skilled Cybersecurity Risk Manager to join our Risk Management Department. As a key member of our team, you will be responsible for evaluating and managing cybersecurity risks across our organization.Key ResponsibilitiesEvaluate and assess cybersecurity risks, identifying potential threats and vulnerabilities.Develop and...
-
Cybersecurity Risk Manager
2 months ago
Montreal, Quebec, Canada SGS Société Générale de Surveillance SA Full timeAbout the RoleWe are seeking a highly skilled Cybersecurity Risk Manager to join our Risk Management Department. As a key member of our team, you will be responsible for evaluating and managing cybersecurity risks across our organization.Key ResponsibilitiesPerform comprehensive risk assessments and develop strategies to mitigate cybersecurity...
-
Cybersecurity Risk Manager
2 months ago
Montreal, Quebec, Canada SGS Société Générale de Surveillance SA Full timeAbout the RoleWe are seeking a highly skilled Cybersecurity Risk Manager to join our Risk Management Department. As a key member of our team, you will be responsible for evaluating and managing cybersecurity risks across our organization.Key ResponsibilitiesPerform comprehensive risk assessments and develop strategies to mitigate cybersecurity...
-
Cybersecurity Risk Manager
2 months ago
Montreal, Quebec, Canada SGS Société Générale de Surveillance SA Full timeAbout the RoleWe are seeking a highly skilled Cybersecurity Risk Manager to join our Risk Management Department. As a key member of our team, you will be responsible for evaluating and managing cybersecurity risks across our organization.ResponsibilitiesEvaluate and assess cybersecurity risks, identifying potential threats and vulnerabilities.Develop and...
-
Cybersecurity Risk Manager
2 months ago
Montreal, Quebec, Canada SGS Société Générale de Surveillance SA Full timeAbout the RoleWe are seeking a highly skilled Cybersecurity Risk Manager to join our Risk Management Department. As a key member of our team, you will be responsible for evaluating and managing cybersecurity risks across our organization.ResponsibilitiesEvaluate and assess cybersecurity risks, identifying potential threats and vulnerabilities.Develop and...
