Analyste Principal(e) Sécurité, Projets / SR. Security Analyst, Project Advisory

Description

Position title: Sr. Security Analyst, Project Advisory

Location: Montreal

Reports to: Manager, Governance Security & IT Compliance

Domtar is a leading provider of a wide variety of fiber-based products including communication, specialty and packaging papers, market pulp and air laid nonwovens. Domtar’s principal executive office is in Fort Mill, South Carolina and Domtar is part of the Paper Excellence group of companies.

With approximately 6,000 employees serving more than 50 countries around the world, Domtar is driven by a commitment to turn sustainable wood fiber into useful products that people rely on every day. Through our values of agility, caring and innovation, we constantly find better ways to serve our customers, support our employees and strengthen our communities.

By supporting the Manager of IT Compliance & Governance Security team, he/she will contribute to secure Domtar IT environment and systems. The resource will advise project teams on security requirements, review system architecture and assess identified risks to ensure projects are delivered in a secure manner.

Job Responsibilities/Accountabilities:

• Provide project advisory services regarding cybersecurity matters to Business and IT projects and initiatives following Domtar established methodology.
• Perform security risks and present the results to system owners and project sponsors.
• Evaluate the security posture of Cloud vendors and 3rd party vendors.
• Ensure that appropriate IT general controls (ITGC) and security controls are applied during project delivery.
• Improve the project security advisory methodology to make it leaner, efficient, and flexible.
• Provide assistance during the bi-annual security health check assessment.

Required Qualifications/Professional Experiences

• Bachelor in Computer Science or equivalent to 10 years of professional experience in IT Security.
• Minimum of 8 years’ experience in cybersecurity including risk assessments and providing security advisory to IT and Business projects.
• Holds security related certifications such as: Certified Information Systems Security Professional (CISSP), Global Information Assurance Certification (GIAC), Certified Cloud Security Professional (CCSP).

Preferred Qualifications/Professional Experiences:

• In-depth knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls.
• Strong experiences advising on security risks and controls for IT and Business projects and smaller initiatives.
• Strong knowledge of and experience in developing, documenting and reviewing security architectures.
• Design and implementation experience of security project advisory methodology is an asset.
• Experience with common information security management and specialized security frameworks, such as: ISO27002, NIST CSF frameworks, CSA, OWASP.
• Application security testing experience is an asset.
• Proficiency in performing risk, business impact, control and vulnerability assessments.
• Strong understanding of IT infrastructure and business applications, including ERP and financial systems.
• Strong technical knowledge of mainstream operating systems and a wide range of security technologies and domains, such as network security appliances, identity and access management (IAM) systems, virtualization, cloud security, web security, anti-malware solutions and endpoint security tools.
• Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
• Ability to interact with Domtar personnel at all levels and across all business units.

Essential competencies:

• Great organizational and analytical skills.
• Able to vulgarize, ease in expressing ideas, influencing and convincing.
• Excellent interpersonal skills to be able to interact at all levels.
• Ability to influence and engage with business and senior management.
• Ability to quickly adapt to changing priorities and demands.
• Positive attitude and good team player.
• Able to provide positive feedback and provide continuous improvement to our security project advisory methodology.
• Worked in a decentralized environment.
• Structured and autonomous person.
• Ability to be agile and adapt to non-planned events.
• Having the ability to work well on a collaborative team and influence others without direct authority.
• Ability to follow establish methodology and document expected deliverables.
• Excellent written (documentation) and verbal communication skills (English & French).

You must successfully complete a selection process that includes interviews, aptitude tests (for some positions) and reference verification.

Domtar is an equal opportunity employer. We invite women, Aboriginal peoples, persons with disabilities and members of visible minorities to apply.

Our offer:

• A downtown location (Place-des-Arts metro) – Garden/park;
• Alternative Work Arrangements; hybrid remote work and flextime;
• A modern, spacious and dynamic environment;
• Competitive compensation, including annual bonus plan;
• An extended flexible insurance plan (life, medical, dental);
• An employee assistance program;
• A pension plan with matching company contributions to help make planning for your retirement easy;
• Employer-paid development and continuing education;
• A childcare Centre on location.