Cybersecurity Risk Analyst

IT/Security Risk Assessment Framework

• Maintain and improve an IT/Security Risk Assessment Framework.
• Document IT security risks, mitigating controls, and present them to risk owners for decision-making.
• Coordinate with the IT compliance team to ensure compensating controls have been put in place.
• Maintain the IT risk register throughout the IT risks lifecycle.
• Perform Privacy Impact Assessments (PIA).

3rd Party Vendors Security Assessment

• Maintain and improve 3rd party vendors assessment methodology.
• Perform 3rd party and cloud vendor security posture assessments, document the assessments, and present the results to business owners.
• Review 3rd party contracts for IT security and data privacy-related clauses and work in collaboration with IT Procurement and Legal teams.
• Maintain the Cloud vendor register.
• Provide vendor selection services for cybersecurity aspects to help business units select a vendor as part of the RFP process.

IT Exception Handling Process

• Manage and maintain the IT Exception Handling Process.
• Document IT Exceptions, validate the needs from exception requestors and owners, and seek exception approval from Cybersecurity management.
• Document risk assessments as needed.
• Maintain the IT Exceptions register and follow up on approved exceptions.

Project Advisory

• Provide project advisory services to Business and IT projects on IT risk matters to ensure risk management activities during the project’s lifecycle. Occasionally provide support to the project security advisory team to document project security requirements and controls to implement.

Risk Management KPI and KRI

• Produce and report IT risk management KPI and KRI on a monthly basis.

Required Qualifications/Professional Experiences

• Bachelor's degree or 5 years of professional experience in Cybersecurity.
• Minimum of 8 years’ experience in security governance, risk, and compliance (GRC).
• Holds security-related certifications such as CISSP, CISM, CSSP, or similar considered an asset.

Preferred Qualifications/Professional Experiences

• Practical experience with implementing and/or working with IT Risk management frameworks.
• Practical experience with performing IT Risk assessments during projects and as part of security operations.
• Practical experience with security controls and risk mitigation measures implementation.
• Practical experience assessing 3rd party vendor risks and reviewing security and IT controls related assurances documentation provided by 3rd parties (e.g., ISO 27001 certifications, SSAE-16/18, SOC1, SOC2, etc.).
• Practical experience managing an IT exception handling process.
• Hands-on experience and good knowledge in topics such as identity and access management, network security, Cloud security, cryptography, web security, next-generation security solutions, and operating system security.
• Experience with project life cycles, particularly security risk analysis, solutions design, and broad systems integration.

Critical Competencies

• Great organizational and analytical skills.
• Able to vulgarize, ease in expressing ideas, influence others, challenge ideas, and be convincing.
• Excellent interpersonal skills to be able to interact at all levels.
• Ability to influence and engage with senior management.
• Ability to quickly adapt to changing priorities and demands.
• Worked in a decentralized environment (both technical and processes).
• Experience in an information security (application and/or infrastructure) role in an enterprise environment.
• Structured and autonomous person.
• Ability to work well on a collaborative team and influence others without direct authority.
• Excellent written (documentation) and verbal communication skills (English & French) a strong asset.

Our Offer:

• Alternative Work Arrangements; hybrid remote work and flextime and summer hours.
• A modern and spacious work environment.
• A flexible insurance plan (life, medical, dental).
• An employee assistance program.
• Competitive compensation, including an annual bonus plan.
• A pension plan with matching company contributions.
• Employer-paid development and continuing education.

About Domtar

Domtar is a diversified manufacturer of pulp and paper, including printing and writing, packaging, and specialty papers. We believe in the enduring value of wood-based products in global markets and have built a large network of mills and chipping plants to produce them competitively. Through our distinct approach to operational excellence, we deliver high-quality and cost-effective products to international customers.

Check out our Newsroom to learn more about Domtar, who we are, and why people rely on us every day! Find us on @DomtarEveryday on Facebook, Twitter, YouTube, and LinkedIn.

Domtar is an equal-opportunity employer. Qualified applicants will be considered without regard to age, race, color, sex (including gender identity or expression, sexual orientation, and pregnancy), marital status, religion, national origin, genetic information, disability, or veteran status. We are also committed to ensuring reasonable accommodations for individuals protected by Section 503 of the Rehabilitation Act of 1974, and Title I of the Americans with Disability Act of 1990.

Once your application has been submitted, you will receive a confirmation email. If you are selected to interview, you will be contacted by a member of our Talent Acquisition Team.

#LI-Hybrid