Cybersecurity Risk Management Specialist
3 months ago
In collaboration with the Manager of IT Compliance & Governance Security team, the Cybersecurity Risk Management Specialist will play a vital role in enhancing the IT risk management practices at Domtar Corporation. This includes the upkeep and refinement of the IT risk management framework, overseeing IT exceptions, and conducting assessments of third-party vendor risks. The specialist will also engage in various Business and IT initiatives, working alongside IT operations teams to evaluate risks and offer risk mitigation strategies.
This role offers a hybrid work arrangement with designated in-office days.
IT/Security Risk Assessment Framework- Enhance and maintain an IT/Security Risk Assessment Framework.
- Identify and document IT security risks along with mitigating controls, presenting findings to risk owners for informed decision-making.
- Collaborate with the IT compliance team to ensure that compensating controls are effectively implemented.
- Manage the IT risk register throughout the lifecycle of IT risks.
- Conduct Privacy Impact Assessments (PIA) as required.
- Develop and refine the assessment methodology for third-party vendors.
- Carry out security posture evaluations for third-party and cloud vendors, documenting findings and sharing results with business stakeholders.
- Review third-party contracts for IT security and data privacy provisions, working closely with IT Procurement and Legal teams.
- Maintain an updated register of cloud vendors.
- Assist business units in selecting vendors by providing cybersecurity insights during the RFP process.
- Oversee and manage the IT Exception Handling Process.
- Document IT exceptions, assess the needs of exception requestors and owners, and seek approval from Cybersecurity management.
- Conduct risk assessments as necessary.
- Maintain the IT Exceptions register and monitor approved exceptions.
- Offer advisory services for Business and IT projects concerning IT risk to ensure effective risk management throughout the project lifecycle. Occasionally support the project security advisory team in documenting security requirements and controls.
- Generate and report on IT risk management KPIs and KRIs on a monthly basis.
- Bachelor's degree or a minimum of 5 years of professional experience in Cybersecurity.
- At least 8 years of experience in security governance, risk, and compliance (GRC).
- Possession of security-related certifications such as CISSP, CISM, CSSP, or similar is advantageous.
- Hands-on experience with the implementation and/or operation of IT Risk management frameworks.
- Experience conducting IT Risk assessments during projects and as part of security operations.
- Practical knowledge of security controls and risk mitigation strategies.
- Experience in assessing third-party vendor risks and reviewing security and IT controls documentation provided by third parties (e.g., ISO 27001 certifications, SSAE-16/18, SOC1, SOC2, etc.).
- Experience managing an IT exception handling process.
- Strong knowledge in areas such as identity and access management, network security, cloud security, cryptography, web security, next-generation security solutions, and operating system security.
- Familiarity with project life cycles, particularly in security risk analysis, solutions design, and systems integration.
- Exceptional organizational and analytical abilities.
- Strong communication skills, capable of articulating ideas clearly and influencing others.
- Excellent interpersonal skills for interaction at all organizational levels.
- Ability to engage and influence senior management effectively.
- Adaptability to changing priorities and demands.
- Experience in a decentralized environment (both technical and process-oriented).
- Experience in an information security role within an enterprise setting.
- Structured, autonomous, and collaborative work style.
- Outstanding written and verbal communication skills in English; proficiency in French is a significant asset.
- Flexible work arrangements, including hybrid remote work and flexible hours.
- A modern and spacious workplace.
- A customizable insurance plan (life, medical, dental).
- An employee assistance program.
- Competitive salary with an annual bonus opportunity.
- A pension plan with matching contributions from the company.
- Employer-sponsored professional development and continuing education opportunities.
Domtar Corporation is a leading manufacturer of pulp and paper products, including printing and writing, packaging, and specialty papers. We are committed to the sustainable use of wood-based products in global markets and have established a comprehensive network of mills and chipping plants to produce these products competitively. Through our focus on operational excellence, we deliver high-quality and cost-effective solutions to our international clientele.
We are an equal-opportunity employer, and we welcome applications from qualified individuals without regard to age, race, color, sex (including gender identity or expression, sexual orientation, and pregnancy), marital status, religion, national origin, genetic information, disability, or veteran status. We are also dedicated to providing reasonable accommodations for individuals protected by relevant legislation.
Upon submission of your application, you will receive a confirmation email. If selected for an interview, a member of our Talent Acquisition Team will reach out to you.
#LI-Hybrid
#J-18808-Ljbffr-
Cybersecurity Risk Management Specialist
2 months ago
Montreal, Quebec, Canada Domtar Corporation Full timeCybersecurity Risk Management SpecialistDomtar Corporation is seeking a highly skilled Cybersecurity Risk Management Specialist to join our team. As a key member of our IT Compliance & Governance Security team, you will play a critical role in maintaining and improving our IT risk management framework, managing IT exceptions, and performing 3rd party vendor...
-
Cybersecurity Risk Management Specialist
2 months ago
Montreal, Quebec, Canada Domtar Corporation Full timeCybersecurity Risk Management SpecialistDomtar Corporation is seeking a highly skilled Cybersecurity Risk Management Specialist to join our team. As a key member of our IT Compliance & Governance Security team, you will play a critical role in maintaining and improving our IT risk management framework, managing IT exceptions, and performing 3rd party vendor...
-
Cybersecurity Risk Management Specialist
2 weeks ago
Montreal, Quebec, Canada Produits forestiers Résolu Full timeCybersecurity Risk Management SpecialistAbout ResoluteResolute Forest Products is a leading global player in the forest products industry, with a rich history spanning over two centuries. The company has built a strong foundation through the acquisition of more than 20 predecessor companies, supporting hundreds of communities along the way. With a presence...
-
Cybersecurity Risk Management Specialist
2 weeks ago
Montreal, Quebec, Canada Produits forestiers Résolu Full timeAt Produits forestiers Résolu, we are seeking a highly skilled Cybersecurity Risk Management Specialist to join our team. This role will be responsible for maintaining and improving our IT risk management framework, managing IT exceptions, and performing 3rd party vendor risk assessments.Key Responsibilities:Maintain and improve the IT risk management...
-
Cybersecurity Risk Management Specialist
2 months ago
Montreal, Quebec, Canada Domtar Corporation Full timeCybersecurity Risk Management SpecialistIn collaboration with the IT Compliance & Governance Security team, the Cybersecurity Risk Management Specialist will play a vital role in enhancing the IT risk management practices at Domtar Corporation. This role involves the ongoing maintenance and enhancement of the IT risk management framework, overseeing IT...
-
Cybersecurity Risk Management Specialist
2 months ago
Montreal, Quebec, Canada Domtar Corporation Full timeCybersecurity Risk Management SpecialistIn collaboration with the IT Compliance & Governance Security team, the Cybersecurity Risk Management Specialist will play a vital role in enhancing the IT risk management strategy at Domtar Corporation. This position involves refining the IT risk management framework, overseeing IT exceptions, and conducting...
-
Cybersecurity Risk Management Specialist
3 months ago
Montreal, Quebec, Canada Domtar Corporation Full timeCybersecurity Risk Management SpecialistIn collaboration with the IT Compliance & Governance Security team, the Cybersecurity Risk Management Specialist will play a vital role in enhancing the IT risk management strategy at Domtar Corporation. This position involves refining the IT risk management framework, overseeing IT exceptions, and conducting...
-
Cybersecurity Risk Management Specialist
3 months ago
Montreal, Quebec, Canada Domtar Corporation Full timeCybersecurity Risk Management SpecialistIn collaboration with the IT Compliance & Governance Security team, the Cybersecurity Risk Management Specialist will play a vital role in enhancing the IT risk management practices at Domtar Corporation. This role involves the ongoing maintenance and enhancement of the IT risk management framework, overseeing IT...
-
Cybersecurity Risk Management Specialist
3 weeks ago
Montreal, Quebec, Canada Domtar Corporation Full timeCybersecurity Risk Management RoleAs a Cybersecurity Risk Management Specialist at Domtar Corporation, you will play a crucial part in maintaining and improving the IT risk management framework. This involves managing IT exceptions, performing 3rd party vendor risk assessments, and contributing to the IT risk management practice. You will work closely with...
-
Cybersecurity Risk Management Specialist
3 weeks ago
Montreal, Quebec, Canada Domtar Corporation Full timeCybersecurity Risk Management RoleAs a Cybersecurity Risk Management Specialist at Domtar Corporation, you will play a crucial part in maintaining and improving the IT risk management framework. This involves managing IT exceptions, performing 3rd party vendor risk assessments, and contributing to the IT risk management practice. You will work closely with...
-
Cybersecurity Risk and Compliance Specialist
2 months ago
Montreal, Quebec, Canada Domtar Corporation Full timeCybersecurity Risk and Compliance Specialist In collaboration with the Manager of IT Compliance & Governance Security team, the Cybersecurity Risk and Compliance Specialist will play a vital role in enhancing the IT risk management framework at Domtar Corporation. This position involves the management of IT exceptions and conducting thorough assessments of...
-
Cybersecurity Risk and Compliance Specialist
3 months ago
Montreal, Quebec, Canada Domtar Corporation Full timeCybersecurity Risk and Compliance Specialist In collaboration with the Manager of IT Compliance & Governance Security team, the Cybersecurity Risk and Compliance Specialist will play a vital role in enhancing the IT risk management framework at Domtar Corporation. This position involves the management of IT exceptions and conducting thorough assessments of...
-
Cybersecurity Risk Management Specialist
2 months ago
Montreal, Quebec, Canada Produits forestiers Résolu Full timeAbout the RoleWe are seeking a highly skilled Cybersecurity Risk Management Specialist to join our team at Produits forestiers Résolu. As a key member of our IT Security Governance team, you will play a critical role in maintaining and improving our IT risk management framework, managing IT exceptions, and performing 3rd party vendor risk assessments.Key...
-
Cybersecurity Risk Management Specialist
2 months ago
Montreal, Quebec, Canada Produits forestiers Résolu Full timeAbout the RoleWe are seeking a highly skilled Cybersecurity Risk Management Specialist to join our team at Produits forestiers Résolu. As a key member of our IT Security Governance team, you will play a critical role in maintaining and improving our IT risk management framework, managing IT exceptions, and performing 3rd party vendor risk assessments.Key...
-
Cybersecurity Risk Manager
1 month ago
Montreal, Quebec, Canada Intact Financial Corporation Full timeJob Title: Cybersecurity Risk ManagerAt Intact Financial Corporation, we are seeking a highly skilled Cybersecurity Risk Manager to join our team. As a key member of our cybersecurity team, you will be responsible for managing and mitigating cybersecurity risks across the organization.Key Responsibilities:Develop and implement effective cybersecurity risk...
-
Cybersecurity Risk Manager
1 month ago
Montreal, Quebec, Canada Intact Financial Corporation Full timeJob Title: Cybersecurity Risk ManagerAt Intact Financial Corporation, we are seeking a highly skilled Cybersecurity Risk Manager to join our team. As a key member of our cybersecurity team, you will be responsible for managing and mitigating cybersecurity risks across the organization.Key Responsibilities:Develop and implement effective cybersecurity risk...
-
Cybersecurity Risk Management Specialist
2 months ago
Montreal, Quebec, Canada Domtar Corporation Full timeCybersecurity Risk Analyst Job DescriptionWe are seeking a highly skilled Cybersecurity Risk Analyst to join our team at Domtar Corporation. As a Cybersecurity Risk Analyst, you will play a critical role in maintaining and improving our IT risk management framework, managing IT exceptions, and performing 3rd party vendor risk assessments.Key...
-
Cybersecurity Risk Management Specialist
2 months ago
Montreal, Quebec, Canada Domtar Corporation Full timeCybersecurity Risk Analyst Job DescriptionWe are seeking a highly skilled Cybersecurity Risk Analyst to join our team at Domtar Corporation. As a Cybersecurity Risk Analyst, you will play a critical role in maintaining and improving our IT risk management framework, managing IT exceptions, and performing 3rd party vendor risk assessments.Key...
-
Cybersecurity Risk Management Specialist
2 months ago
Montreal, Quebec, Canada Domtar Corporation Full timeCybersecurity Risk Analyst Job DescriptionWe are seeking a highly skilled Cybersecurity Risk Analyst to join our team at Domtar Corporation. As a Cybersecurity Risk Analyst, you will play a critical role in maintaining and improving our IT risk management framework, managing IT exceptions, and performing 3rd party vendor risk assessments.Key...
-
Cybersecurity Risk Management Specialist
2 months ago
Montreal, Quebec, Canada Domtar Corporation Full timeCybersecurity Risk Analyst Job DescriptionWe are seeking a highly skilled Cybersecurity Risk Analyst to join our team at Domtar Corporation. As a Cybersecurity Risk Analyst, you will play a critical role in maintaining and improving our IT risk management framework, managing IT exceptions, and performing 3rd party vendor risk assessments.Key...