Cybersecurity Risk Analyst

Cybersecurity Risk Analyst

Location: Montreal, Quebec, CA, H3B 2N2

Resolute Forest Products, founded more than two centuries ago, is a global leader in the forest products industry. Through the years, it has built more than 20 predecessor companies and supported hundreds of communities.

The company owns or operates some 40 facilities, as well as power generation assets, in the United States and Canada. Our 6,600+ employees work hard to produce quality market pulp, tissue, wood products, and papers that are marketed in over 60 countries.

Resolute offers a rewarding and safe work environment with opportunities and challenges that will help grow your skills.

The location in Montreal, (Quebec, Canada), is seeking talent to fill the position of Cybersecurity Risk Analyst. This job is full-time permanent.

By supporting the Manager of IT Compliance & Governance Security team, the successful candidate will contribute to the IT risk management practice at Paper Excellence Group by maintaining and improving the IT risk management framework, managing IT exceptions, and performing 3rd party vendor risk assessments. The resource will also participate in Business and IT projects and work with IT operation teams to assess risks and provide risk mitigation recommendations.

Key Responsibilities

IT/Security Risk Assessment Framework
• Maintain and improve an IT/Security Risk Assessment Framework.
• Document IT security risk, mitigating controls, and present them to risk owners for decision-making.
• Coordinate with the IT compliance team to ensure compensating controls have been put in place.
• Maintain the IT risk register throughout the IT risk lifecycle.
• Perform Privacy Impact Assessments (PIA).

3rd Party Vendors Security Assessment
• Maintain and improve 3rd party vendors assessment methodology.
• Perform 3rd party and cloud vendor security posture assessment, document the assessment, and present the results to business owners.
• Review 3rd party contracts for IT security and data privacy-related clauses and work in collaboration with IT Procurement and Legal teams.
• Maintain the Cloud vendor register.
• Provide vendor selection services for cybersecurity aspects to help business units select a vendor as part of the RFP process.

IT Exception Handling Process
• Manage and maintain the IT Exception Handling Process.
• Document IT Exceptions, validate the needs from exception requestors and owners, and seek exception approval from Cybersecurity management.
• Document risk assessments as needed.
• Maintain the IT Exceptions register and follow-up on approved exceptions.

Project Advisory
• Provide project advisory services to Business and IT projects on IT risk matters to ensure risk management activities during the project’s lifecycle. Occasionally provide support to project security advisory teams to document project security requirements and controls to implement.

Risk Management KPI and KRI
• Produce and report IT risk management KPI and KRI on a monthly basis.

Required Qualifications/Professional Experiences

• Bachelor’s degree or 5 years of professional experience in Cybersecurity;
• Minimum of 8 years’ experience in security governance, risk, and compliance (GRC);
• Holds security-related certifications such as CISSP, CISM, CSSP, or similar considered an asset;

Preferred Qualifications/Professional Experiences

• Practical experience with implementing and/or working with IT Risk management frameworks;
• Practical experience with performing IT Risk assessments during projects and as part of security operations;
• Practical experience with security controls and risk mitigation measures implementation;
• Practical experience assessing 3rd party vendor risks and reviewing security and IT controls related assurances documentation provided by 3rd parties (e.g., ISO 27001 certifications, SSAE-16/18, SOC1, SOC2, etc.);
• Practical experience managing an IT exception handling process;
• Hands-on experience and good knowledge in topics such as identity and access management, network security, Cloud security, cryptography, web security, next-generation security solutions, and operating system security;
• Experience with project life cycles, particularly security risk analysis, solutions design, and broad systems integration.

Critical Competencies

• Great organizational and analytical skills;
• Excellent interpersonal skills to interact at all levels;
• Ability to influence and engage with senior management;
• Ability to quickly adapt to changing priorities and demands;
• Experience in an information security role in an enterprise environment;
• Excellent written and verbal communication skills (English & French).

What We Are Offering

• Competitive salary and annual bonus
• At least three weeks of vacation and three floating holidays a year from the first day of work, depending on your experience
• Full range of group insurance from the first day of work
• Defined-contribution pension plan with generous employer participation from the first day of work
• Employee and family assistance program
• Education assistance program
• Hybrid workplace: in-person and remote work
• Work environment based on respect, inclusion, and diversity
• Office accessible by public transit

Resolute is firmly committed to placing greater emphasis on the principles of equity, diversity, and inclusion to empower all employees to reach their full potential. We form a dynamic team whose diverse backgrounds and wealth of perspectives are one of the keys to our success. We offer an inclusive, rewarding, and safe work environment with opportunities that will help grow your skills.