Security Analyst - G2
Request for consultant
Project specifics
Security Analyst
Project name & Description
Domtar Security Program
Project duration
Starting date:
Ending date :
ASAP
3 months, renewable
Expenses reimbursement
Not applicable under this mandate or as incurred
Working hours:
Monday to Friday from 9:00 AM to 5:00 PM (7 hours per day). Management approval is mandatory for any overtime work to be billed by SUPPLIER.
Location:
Montreal
Ownership of the project/budget
Resource profile
Specifics technical qualifications
· Practical experience in redaction of Security Standards and processes
· Practical experience in multiple environments with different security practices maturity
· Knowledgeable about tools and processes related to the standards listed below
· Practical experience in IT Security Operations
Non-technical qualifications
French and English, written and spoken
Communication skills, team player
Capable of driving workshops with technical subject matter experts
Level of experience
Senior (8 years +) in IT Security
Role and responsibilities:
Within the context of the development of Domtar Security Program, the candidate shall assume the role of security analyst and perform the following tasks:
• Understand the Security Program and the Security Policy and Standards creation roadmap.
• Participate to the development and writing of Security Policies & Standards (in English) that will reflect Domtar security requirements
• Review the translation from English to French (translation performed by 3rd party).
• Participate to the review workshop with the stakeholders (security team and Subject Matter Experts from other teams).
• Participate to the presentation to the Director IT Technology & Security the policies and standards and explain the logic behind the statements. Adjust as necessary.
• Participate to Coordinate the reviews with Internal Audit and prepare answers and adjustments to be agreed upon.
Expected deliverables:
• Continue and improve the standards already in development:
o Security Information Event Management standard
o Cyber Security Incident Management Standard
o Email Security Standard
o Web Filtering Security Standard
o Vulnerability Management Standard (to include Patch Management)
o Anti-malware Management Standard
• Create the following Standard and processes
o Firewall & IDS Security Standard
o Exception Handling Process
o Cyber Security Incident Management Process
Last updated: 705 days ago
© 2021 - 2022