Cybersecurity Risk Analyst
Domtar

Description

By supporting the Manager of IT Compliance & Governance Security team, the Cybersecurity Risk Analystwill contribute the to IT risk management practice at Paper Excellence Group by maintaining and improving the IT risk management framework, manage IT exceptions and perform 3rd party vendor risk assessments.

The resource will also participate to Business and IT projects and work with IT operation teams to assess risks and provide risk mitigation recommendations.

IT/Security Risk Assessment Framework

• Maintain and improve an IT/Security Risk Assessment Framework
• Document IT security risk, mitigating controls and present them to risk owner for decision taking.
• Coordinate with IT compliance team to ensure compensating controls have been put in place.
• Maintain the IT risk register through out IT risks lifecycle.
• Perform Privacy Impact Assessments (PIA).

3rd party vendors security assessment

• Maintain and improve 3rd party vendors assessment methodology.
• Perform 3rd party and cloud vendor security posture assessment, document the assessment and present the results to business owners.
• Review 3rd party contracts for IT security and data privacy related clauses and work in collaboration with IT Procurement and Legal teams.
• Maintain the Cloud vendor register.
• Provide vendor selection services for cybersecurity aspects to help business units select a vendor as part of RFP process.

ITException Handling Process

• Manage and maintain the ITException Handling Process.
• Document IT Exceptions, validate the needs from exception requestors and owner, seek exception approval from Cybersecurity management.
• Document risk assessment as needed.
• Maintain the IT Exceptions register and follow-up on approved exceptions.

Project advisory

• Provide project advisory services to Business and IT projects on IT risk matters to ensure risk management activities during project's lifecycle. Occasionally provide support to project security advisory team to document project security requirements and controls to implement.

Risk management KPI and KRI

• Produce and report IT risk management KPI and KRI on a monthly basis.

Required Qualifications/Professional Experiences

• Bachelor degree or 5 years of professional experience in Cybersecurity;
• Minimum of 8 years' experience of security governance, risk and compliance (GRC);
• Holds security related certifications such as CISSP, CISM, CSSP or similar an considered an asset;

Preferred Qualifications/Professional Experiences/Years of Experience:

• Practical experience with implementing and/or working with IT Risk management frameworks;
• Practical experience with performing IT Risk assessment during projects and as part of security operations;
• Practical experience with security controls and risk mitigation measures implementation.
• Practical experience by assessing 3rd party vendor risks and reviewing security and IT controls related assurances documentation provided by 3rd parties (e.g., ISO 27001 certifications, SSAE-16/18, SOC1, SOC2, etc...);
• Practical experience with managing an IT exception handling process;
• Hands-on experience and good knowledge in topics such as: identity and access management, network security, Cloud security, cryptography, web security, next generation security solutions and operating system security; and
• Experience with project life cycles, particularly security risk analysis, solutions design and broad systems integration.

Critical Competencies:

• Great organizational and analytical skills;
• Able to vulgarize, ease in expressing ideas, influence others, challenge ideas and be convincing;
• Excellent interpersonal skills to be able to interact at all levels;
• Ability to influence and engage with senior management;
• Ability to quickly adapt to changing priorities and demands;
• Worked in a decentralized environment (both technical and processes);
• Experience in an information security (application and/or infrastructure) role in an enterprise environment;
• Structured and autonomous person;
• You have the ability to work well on a collaborative team and influence others without direct authority;
• Excellent written (documentation) and verbal communication skills (English & French) a strong asset

Ouroffer:

• Alternative Work Arrangements; hybrid remote work and flextime and summerhours
• A modern and spacious workenvironment
• A flexible insurance plan (life, medical, dental)
• Anemployeeassistance program
• Competitive compensation, including annual bonusplan
• A pension plan with matching companycontributions
• Employer-paid development and continuing education

About Domtar

Domtar is a diversified manufacturer of pulp and paper, including printing and writing, packaging, and specialty papers. We believe in the enduring value of wood-based products in global markets and have built a large network of mills and chipping plants to produce them competitively.

Through our distinct approach to operational excellence, we deliver high-quality and cost-effective products to international customers.Check out ourNewsroomto learn more about Domtar, who we are and why people rely on us every day! Find us on @DomtarEveryday onFacebook,Twitter,YouTubeandLinkedIn.

Domtar is an equal-opportunity employer. Qualified applicants will be considered without regard to age, race, color, sex (including gender identity or expression, sexual orientation, and pregnancy), marital status, religion, national origin, genetic information, disability, or veteranstatus. We are also committed to ensuring reasonable accommodations for individuals protected by Section 503 of the Rehabilitation Act of 1974, and Title I of the Americans with Disability Act of 1990.

Once your application has been submitted, you will receive a confirmation email. If you are selected to interview, you will be contacted by a member of our Talent Acquisition Team.

#LI-Hybrid

Domtar is an equal opportunity employer. Qualified applicants will be considered without regard to age, race, color, sex (including gender identity or expression, sexual orientation, and pregnancy), marital status, religion, national origin, genetic information, disability, or veteran status.

---