The Domtar Information Security group manages security in accordance with regulations and legal requirements impacting the corporation. The group also effectively manages the risk level that is aligned with Domtar business strategies and priorities. It ensures the confidentiality, integrity, availability and compliance of Domtar’s information assets.
Reporting to the Senior Director Corporate IT Shared Services and Security your role as Sr. Manager, Cybersecurity Program consist of managing a group of Cyber security professionals to develop, maintain and implement the Cyber Security program that supports the mission of Domtar Information Security of providing secure Information environment and protecting Domtar assets based on acceptable risk.
Also, you will provide security leadership to Domtar Business Divisions and contribute to the development of the long-term strategy while mentoring and growing the team to achieve established goals.
- Manage a team of Cyber Security Professionals by providing proper guidance to employees, conduct employee’s management formal reviews of performance, apply HR practices and policies to foster the performance of COE resources, help employees develop their talent in order to improve motivation and resource retention. Identify staffing needs related to internal resources and outside consultants to meet project requirements and business objectives;
- Develop, maintain and implement the Cyber Security Program based on Threats, Acceptable risk and Business evolution by interacting with different organizations and committees to ensure implementation across Domtar;
- Develop the overall prioritization, milestones, deliverables, and success criteria of the Cybersecurity program;
- Ensure the sustainability and increasing the maturity level of security controls based on the acceptable risk;
- Lead the development, implementation and maintenance of Security policies and standards across all technology projects, systems and services;
- Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program;
- Provide updates on remediation activities including tracking, reporting, and driving remediation for all vulnerabilities, deficiencies and corrective management action plans;
- Work across the different organizations to build relationships, and drive progress;
- Track changes to the relevant control frameworks (e.g. NIST, SOX, PCI, HIPPA, GDPR and Internal Security Policy), and assesses the potential impact to the cyber security program;
- Identify and analyze problems by taking the initiative to implement improvements identified with a recognized business benefit;
- Develop and maintain the budget of the Cyber Security organization that is based on the acceptable risk.
- You are known for your excellent organizational skills and proficiency in multi-tasking and prioritizing multiple projects;
- Skills in Developing Cyber Security program based on acceptable Risk;
- Skills in Developing information Security Risk Management framework;
- Skills in developing cyber security policies and standards;
- Skills in leading programs, projects or teams in a large IT environment;
- Must have skills in the different Areas of Cyber security such as, access and identity management, security compliance and architecture, security operations, threat and vulnerability management or cyber risk management;
- Experience of Security Operations Center (SOC) monitoring tools and processes, and the design and maintenance of technical security controls;
- Skills in developing Security incident response Policies, and Process;
- E xcellent communication and interpersonal skills; including a strong ability to create positive and professional business relationships with partner, peers and various security teams across IT;
- Ability to communicate clearly and professionally at all levels in the organization;
- Excellent time management skills and be accustomed to working within prescribed deadlines;
- Attention to detail, strong analytical and problem-solving skills.
- Bachelor’s Degree in Computer Science and Master’s degree in Information Security or relevant experience;
- Minimum of 15 years of relevant experience and including at least 5 years in managing Information security organization;
- Management qualifications including certifications in project management (i.e. PMP);
- Need to have either Certified Information System Security Professional (CISSP) or a Certified Information Security Manager (CISM);
- Experience and competency with Privacy Programs (PII), Governance & Risk Management & Compliance;
- You demonstrate coaching skills to lead a team;
- You are bilingual (both spoken and written in French and English);
- You are willingness to travel occasionally.
You must successfully complete a selection process that includes interviews, aptitude tests (for some positions) and reference verification.
Domtar is an equal opportunity employer. We invite women, Aboriginal peoples, persons with disabilities and members of visible minorities to apply.
Domtar Inc. is a producer of specialty and fine papers.