Cybersecurity Risk Management Specialist
3 months ago
In collaboration with the IT Compliance & Governance Security team, the Cybersecurity Risk Management Specialist will play a vital role in enhancing the IT risk management strategy at Domtar Corporation. This position involves refining the IT risk management framework, overseeing IT exceptions, and conducting assessments of third-party vendor risks. The specialist will also engage in various Business and IT initiatives, working alongside IT operations teams to evaluate risks and propose effective risk mitigation strategies.
This role offers a hybrid work arrangement with designated office days.
IT/Security Risk Assessment Framework- Enhance and maintain an IT/Security Risk Assessment Framework.
- Identify and document IT security risks along with mitigating controls, presenting findings to risk owners for informed decision-making.
- Collaborate with the IT compliance team to ensure that compensating controls are effectively implemented.
- Manage the IT risk register throughout the lifecycle of IT risks.
- Conduct Privacy Impact Assessments (PIA) as necessary.
- Refine and maintain the assessment methodology for third-party vendors.
- Conduct security posture evaluations for third-party and cloud vendors, documenting results and sharing findings with business stakeholders.
- Review third-party contracts for clauses related to IT security and data privacy, collaborating with IT Procurement and Legal teams.
- Maintain an updated register of cloud vendors.
- Offer vendor selection support regarding cybersecurity considerations during the RFP process.
- Oversee and manage the IT Exception Management Process.
- Document IT exceptions, validate requests from exception requestors and owners, and seek approval from Cybersecurity management.
- Conduct risk assessments as required.
- Maintain the IT Exceptions register and monitor approved exceptions.
- Provide advisory services for Business and IT projects concerning IT risk to ensure risk management practices are integrated throughout the project lifecycle. Occasionally assist the project security advisory team in documenting security requirements and controls.
- Generate and report on IT risk management KPIs and KRIs on a monthly basis.
- Bachelor's degree or 5 years of relevant professional experience in Cybersecurity.
- A minimum of 8 years of experience in security governance, risk, and compliance (GRC).
- Possession of security-related certifications such as CISSP, CISM, CSSP, or similar is considered advantageous.
- Hands-on experience with the implementation and/or operation of IT Risk management frameworks.
- Experience conducting IT Risk assessments in project settings and as part of security operations.
- Familiarity with the implementation of security controls and risk mitigation strategies.
- Experience in assessing third-party vendor risks and reviewing documentation related to security and IT controls provided by third parties (e.g., ISO 27001 certifications, SSAE-16/18, SOC1, SOC2, etc.).
- Experience managing an IT exception handling process.
- Solid understanding of topics such as identity and access management, network security, cloud security, cryptography, web security, next-generation security solutions, and operating system security.
- Experience with project life cycles, particularly in security risk analysis, solutions design, and systems integration.
- Strong organizational and analytical abilities.
- Effective communication skills, capable of articulating ideas clearly and influencing others.
- Excellent interpersonal skills for interaction at all organizational levels.
- Ability to engage and influence senior management.
- Adaptability to changing priorities and demands.
- Experience in a decentralized environment (both technical and process-oriented).
- Background in information security (application and/or infrastructure) within an enterprise context.
- Structured and self-motivated individual.
- Ability to collaborate effectively within a team and influence others without direct authority.
- Strong written and verbal communication skills (English & French) are a significant asset.
- Flexible work arrangements, including hybrid remote work and flexible hours.
- A modern and spacious work environment.
- A customizable insurance plan (life, medical, dental).
- An employee assistance program.
- Competitive compensation package, including an annual bonus plan.
- A pension plan with company matching contributions.
- Employer-sponsored professional development and continuing education opportunities.
Domtar Corporation is a leading manufacturer of pulp and paper products, including printing and writing papers, packaging materials, and specialty papers. We are committed to the sustainable use of wood-based products in global markets and have established a comprehensive network of mills and chipping plants to produce these products competitively. Through our unique approach to operational excellence, we deliver high-quality and cost-effective solutions to our international clientele.
Domtar Corporation is an equal-opportunity employer. We consider qualified applicants without regard to age, race, color, sex (including gender identity or expression, sexual orientation, and pregnancy), marital status, religion, national origin, genetic information, disability, or veteran status. We are dedicated to providing reasonable accommodations for individuals protected by relevant legislation.
Upon submission of your application, you will receive a confirmation email. If selected for an interview, a member of our Talent Acquisition Team will reach out to you.
#LI-Hybrid
#J-18808-Ljbffr-
Cybersecurity Risk Management Specialist
2 months ago
Montreal, Quebec, Canada Domtar Corporation Full timeCybersecurity Risk Management SpecialistDomtar Corporation is seeking a highly skilled Cybersecurity Risk Management Specialist to join our team. As a key member of our IT Compliance & Governance Security team, you will play a critical role in maintaining and improving our IT risk management framework, managing IT exceptions, and performing 3rd party vendor...
-
Cybersecurity Risk Management Specialist
2 months ago
Montreal, Quebec, Canada Domtar Corporation Full timeCybersecurity Risk Management SpecialistDomtar Corporation is seeking a highly skilled Cybersecurity Risk Management Specialist to join our team. As a key member of our IT Compliance & Governance Security team, you will play a critical role in maintaining and improving our IT risk management framework, managing IT exceptions, and performing 3rd party vendor...
-
Cybersecurity Risk Management Specialist
1 week ago
Montreal, Quebec, Canada Produits forestiers Résolu Full timeCybersecurity Risk Management SpecialistAbout ResoluteResolute Forest Products is a leading global player in the forest products industry, with a rich history spanning over two centuries. The company has built a strong foundation through the acquisition of more than 20 predecessor companies, supporting hundreds of communities along the way. With a presence...
-
Cybersecurity Risk Management Specialist
2 weeks ago
Montreal, Quebec, Canada Produits forestiers Résolu Full timeAt Produits forestiers Résolu, we are seeking a highly skilled Cybersecurity Risk Management Specialist to join our team. This role will be responsible for maintaining and improving our IT risk management framework, managing IT exceptions, and performing 3rd party vendor risk assessments.Key Responsibilities:Maintain and improve the IT risk management...
-
Cybersecurity Risk Management Specialist
3 months ago
Montreal, Quebec, Canada Domtar Corporation Full timeCybersecurity Risk Management SpecialistIn collaboration with the IT Compliance & Governance Security team, the Cybersecurity Risk Management Specialist will play a vital role in enhancing the IT risk management practices at Domtar Corporation. This role involves the ongoing maintenance and enhancement of the IT risk management framework, overseeing IT...
-
Cybersecurity Risk Management Specialist
2 months ago
Montreal, Quebec, Canada Domtar Corporation Full timeCybersecurity Risk Management SpecialistIn collaboration with the IT Compliance & Governance Security team, the Cybersecurity Risk Management Specialist will play a vital role in enhancing the IT risk management practices at Domtar Corporation. This role involves the ongoing maintenance and enhancement of the IT risk management framework, overseeing IT...
-
Cybersecurity Risk Management Specialist
3 months ago
Montreal, Quebec, Canada Domtar Corporation Full timeCybersecurity Risk Management SpecialistIn collaboration with the Manager of IT Compliance & Governance Security team, the Cybersecurity Risk Management Specialist will play a vital role in enhancing the IT risk management practices at Domtar Corporation. This includes the upkeep and refinement of the IT risk management framework, overseeing IT exceptions,...
-
Cybersecurity Risk Management Specialist
2 months ago
Montreal, Quebec, Canada Domtar Corporation Full timeCybersecurity Risk Management SpecialistIn collaboration with the Manager of IT Compliance & Governance Security team, the Cybersecurity Risk Management Specialist will play a vital role in enhancing the IT risk management practices at Domtar Corporation. This includes the upkeep and refinement of the IT risk management framework, overseeing IT exceptions,...
-
Cybersecurity Risk Management Specialist
3 weeks ago
Montreal, Quebec, Canada Domtar Corporation Full timeCybersecurity Risk Management RoleAs a Cybersecurity Risk Management Specialist at Domtar Corporation, you will play a crucial part in maintaining and improving the IT risk management framework. This involves managing IT exceptions, performing 3rd party vendor risk assessments, and contributing to the IT risk management practice. You will work closely with...
-
Cybersecurity Risk Management Specialist
3 weeks ago
Montreal, Quebec, Canada Domtar Corporation Full timeCybersecurity Risk Management RoleAs a Cybersecurity Risk Management Specialist at Domtar Corporation, you will play a crucial part in maintaining and improving the IT risk management framework. This involves managing IT exceptions, performing 3rd party vendor risk assessments, and contributing to the IT risk management practice. You will work closely with...
-
Cybersecurity Risk Manager
2 months ago
Montreal, Quebec, Canada SGS Société Générale de Surveillance SA Full timeAbout the RoleWe are seeking a highly skilled Cybersecurity Risk Manager to join our Risk Management Department. As a key member of our team, you will be responsible for evaluating and managing cybersecurity risks across our organization.Key ResponsibilitiesEvaluate and assess cybersecurity risks, identifying potential threats and vulnerabilities.Develop and...
-
Cybersecurity Risk Manager
2 months ago
Montreal, Quebec, Canada SGS Société Générale de Surveillance SA Full timeAbout the RoleWe are seeking a highly skilled Cybersecurity Risk Manager to join our Risk Management Department. As a key member of our team, you will be responsible for evaluating and managing cybersecurity risks across our organization.Key ResponsibilitiesEvaluate and assess cybersecurity risks, identifying potential threats and vulnerabilities.Develop and...
-
Cybersecurity Risk and Compliance Specialist
2 months ago
Montreal, Quebec, Canada Domtar Corporation Full timeCybersecurity Risk and Compliance Specialist In collaboration with the Manager of IT Compliance & Governance Security team, the Cybersecurity Risk and Compliance Specialist will play a vital role in enhancing the IT risk management framework at Domtar Corporation. This position involves the management of IT exceptions and conducting thorough assessments of...
-
Cybersecurity Risk and Compliance Specialist
3 months ago
Montreal, Quebec, Canada Domtar Corporation Full timeCybersecurity Risk and Compliance Specialist In collaboration with the Manager of IT Compliance & Governance Security team, the Cybersecurity Risk and Compliance Specialist will play a vital role in enhancing the IT risk management framework at Domtar Corporation. This position involves the management of IT exceptions and conducting thorough assessments of...
-
Cybersecurity Risk Manager
2 months ago
Montreal, Quebec, Canada SGS Société Générale de Surveillance SA Full timeAbout the RoleWe are seeking a highly skilled Cybersecurity Risk Manager to join our Risk Management Department. As a key member of our team, you will be responsible for evaluating and managing cybersecurity risks across our organization.Key ResponsibilitiesEvaluate and assess cybersecurity risks, identifying potential threats and vulnerabilities.Develop and...
-
Cybersecurity Risk Manager
2 months ago
Montreal, Quebec, Canada SGS Société Générale de Surveillance SA Full timeAbout the RoleWe are seeking a highly skilled Cybersecurity Risk Manager to join our Risk Management Department. As a key member of our team, you will be responsible for evaluating and managing cybersecurity risks across our organization.Key ResponsibilitiesEvaluate and assess cybersecurity risks, identifying potential threats and vulnerabilities.Develop and...
-
Cybersecurity Risk Manager
2 months ago
Montreal, Quebec, Canada SGS Société Générale de Surveillance SA Full timeAbout the RoleWe are seeking a highly skilled Cybersecurity Risk Manager to join our Risk Management Department. As a key member of our team, you will be responsible for evaluating and managing cybersecurity risks across our organization.Key ResponsibilitiesPerform comprehensive risk assessments and develop strategies to mitigate cybersecurity...
-
Cybersecurity Risk Manager
2 months ago
Montreal, Quebec, Canada SGS Société Générale de Surveillance SA Full timeAbout the RoleWe are seeking a highly skilled Cybersecurity Risk Manager to join our Risk Management Department. As a key member of our team, you will be responsible for evaluating and managing cybersecurity risks across our organization.Key ResponsibilitiesPerform comprehensive risk assessments and develop strategies to mitigate cybersecurity...
-
Cybersecurity Risk Manager
2 months ago
Montreal, Quebec, Canada SGS Société Générale de Surveillance SA Full timeAbout the RoleWe are seeking a highly skilled Cybersecurity Risk Manager to join our Risk Management Department. As a key member of our team, you will be responsible for evaluating and managing cybersecurity risks across our organization.ResponsibilitiesEvaluate and assess cybersecurity risks, identifying potential threats and vulnerabilities.Develop and...
-
Cybersecurity Risk Manager
2 months ago
Montreal, Quebec, Canada SGS Société Générale de Surveillance SA Full timeAbout the RoleWe are seeking a highly skilled Cybersecurity Risk Manager to join our Risk Management Department. As a key member of our team, you will be responsible for evaluating and managing cybersecurity risks across our organization.ResponsibilitiesEvaluate and assess cybersecurity risks, identifying potential threats and vulnerabilities.Develop and...
