Resolute Forest Products, founded more than two centuries ago, is a global leader in the forest products industry. Through the years, it has built more than 20 predecessor companies and supported hundreds of communities.
The company owns or operates some 40 facilities, as well as power generation assets, in the United States and Canada. Our 6,600+ employees work hard to produce quality market pulp, tissue, wood products and papers that are marketed in over 50 countries.
Resolute offers a rewarding and safe work environment with opportunities and challenges that will help grow your skills.
The location in Montreal, (Quebec, Canada), is seeking talent to fill the position of OT (Operational Technology) Senior Security Analyst. This job is full-time permanent.
Your team and challenges:
Reporting to the Director, Cyber Security, you will be part of a highly dynamic team whose leaders and members are encouraged to exceed expectations.
The Sr. OT Security Analyst is responsible for maintaining a robust cyber security presence across Resolute’ manufacturing (OT) environments. This position participates in the identification, tracking, monitoring, containment and mitigation of OT security threats across complex and disperse environments.
Role and responsibilities:
- Responsible for monitoring, managing and assessing OT cyber security risks.
- Participate & Contribute to the development of the OT Security Program
- Manage the process of gathering, analyzing and assessing the current and future threat landscape, as well as providing a realistic overview of risks and threats in the operational environment.
- Contributes to the development of the OT security strategic plan and roadmap:
- Identification of short- and long-term goals and objectives.
- Participate in project prioritization
- Participate in the development of business cases to support request for funding
- Provide OT Security guidance on OT Projects.
- Provide recommendations on how best to mitigate OT risks
- Responsible for the development & implementation of OT Security policies & procedures
- Responsible for the development and implementation of OT governance
- Monitor existing OT Security solutions to recommend initiatives / projects.
- Document & follow up OT cyber security incidents
- Contribute to the establishment and maintenance of OT Incident Response capability – Policy / Procedures / Plans
- Present changes at the Change Advisory Board (CAB) as needed
- Establish metrics and key performance indicators to monitor the overall health and effectiveness of the OT cybersecurity and infrastructure program
- Technology ownership for identified OT security stack components.
- Ensure operational status on a day-to-day basis ensuring no degradation to the OT Security eco system.
- Perform daily checks across all identified OT security stack components.
- Management of the identified OT Threat Library.
- Planning of all OT Security related projects.
- Participation in projects as required
- Provide best possible proactive and reactive measures to minimize OT security incidents and loss of production
- Build relationships with mill process control groups to provide insight into OT Security risks
- Stay informed about the latest cyber threats to the OT and ICS environment
- Serve as subject matter expert in Industrial Automation and Control Systems security
Your team:
Reporting to the Director, Cyber Security, you will be part of a highly dynamic team whose leaders and members are encouraged to exceed expectations.
Education and experience required :
- University degree in information system, computer science or engineering, or a related field of study and a M.Sc in information security is preferred.
- A minimum of ten years of IT experience, with seven years in an information security role
- A minimum 5 years’ experience within Cyber Security gained from Operational Technology environments
- Certifications:
- Certified Risk and Information Systems Control (CRISC) is required
- Either Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP) is required
- As well as a minimum of one of the following certifications or related certifications: Certified Information Systems Auditor (CISA), Certified Cybersecurity Practitioner (CSX-P), Certified Cloud Security Professional (CCSP), Certified Incident Handler (GCIH) and Certified Ethical Hacker (CEH).
- Experience in conducting cyber incident investigation
- Experience in contributing to the development of cybersecurity and infrastructure technology strategies for OT environments with clear understanding of the differences between IT and OT environments (e.g. 24x7 production operating model, safety and environmental risk factors, patching and anti-virus processes, segmentation requirements and security policies in ICS environments, technical debt and technology lifecycle management, etc.).
- Experience developing and maintaining policies, procedures, standards and guidelines.
- Experienced working with OT technologies / providers (ie: PLCs, DCs, Rockwell, Andritz, Allen-Bradley, Foxboro, etc)
- Experience in development of OT Security policies & procedures
Skills required :
- Excellent written and verbal communication and presentation skills in both French and English with the ability to articulate new ideas and concepts to technical and nontechnical audiences at all level of the organisation.
- Strong leadership skills and the ability to work effectively and efficiently with the IT and OT managers, the OT engineers and OT operations staff.
- Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
- Excellent understanding of the differences between IT and OT environments as it pertains to cyber security & mitigation as well as OT security concepts, protocols, industry best practices and strategies.
- Proficiency in performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies.
- Ability to manage tasks and priorities in a context of fast-paced teamwork
- Project management skills and experience in creating and managing project plans, including budgeting and resource allocation.
- An understanding of operating system and network protocols.
- Sound judgment and the ability to make informed decisions.
- Practical approach to problem solving and decision-making.
- Vendor- and technology-neutral /objectivity when assessing and recommending overall EA directions and solutions
#Li-Hybrid
What we are offering
- Competitive salary and annual bonus
- At least three weeks of vacation and three floating holidays a year from the first day of work, depending on your experience
- Full range of group insurance from the first day of work
- Telemedicine services
- Defined-contribution pension plan with generous employer participation from the first day of work
- Employee and family assistance program
- Education assistance program
- Health club reimbursement program
- Hybrid workplace: in-person and remote work
- Work environment based on respect, inclusion and diversity
- Office accessible by public transit
Since January 1, 2022, we have occupied new state-of-the-art, open-concept, collaborative offices at 1010 De La Gauchetière Street West (Bonaventure metro station).
Four core values influence everything we do at Resolute and help ensure our continued growth and success:
- Work safely
- Be accountable
- Ensure sustainability
- Succeed together
Consult the Resolute Blog and follow us on LinkedIn, Instagram and Twitter to learn more about our company.
Resolute Forest Products is committed to the principles of employment equity.
15380
[[titleNOC]]
Information Technology