IT Specialist, Security & Compliance
Job Overview
- Company Name Saputo
- Job Start Date Sat, 11 Nov 2023 23:02:16 GMT
- Job Type Full Time - Permanent
- Job Source Careerjet
Job title: IT Specialist, Security & Compliance
Job description: At Saputo, our best comes from our people. We’re a talented and caring team with a longstanding history of excellence. Since our first days delivering cheese on a bicycle, we’ve grown into a leading global dairy processor by staying true to the culture that defines us. Each of our employees is committed to uphold our tradition of care, quality, and passion through food, and together, we foster an environment where we can all make contributions that matter–from our manufacturing plants to our office locations and everywhere in-between.
Overview of The Role
Saputo is looking for a Security Compliance Specialist, reporting to IT Security and Compliance Manager. The position is a key role involved many areas: Cybersecurity awareness program, Third Party compliance, IT Security Policies review and project solutions review and coordination. Many tasks are performed by a third-party partner, The specialist will work in collaboration to supervise, improve, and review the tasks achievement.
Maintaining IT security policies is a crucial aspect of ensuring the security and integrity of an organization’s information systems.
Developing and implementing a responsible cybersecurity awareness program is essential for promoting a culture of security.
The Third-Party compliance responsibility is to ensure that information exchanged with partners benefit from adequate controls and are aligned with the Saputo SAAS vendor assessment process.
In your role, you will have to document executive presentation and communicate it to upper management, Security Committee and Audit Committee.
How You Will Make Contributions That Matter:
Develop, review and update IT security policies, standards, and procedures.
Collaborate with relevant stakeholders (IT teams, legal, compliance, and management) to develop comprehensive IT security policies that align with industry best practices, regulatory requirements, and the organization’s specific needs.
Ensure that IT security policies are effectively communicated to all employees, contractors, and third-party vendors who have access to the organization’s systems and data.
Conduct regular training and awareness programs to educate stakeholders about the policies, their importance, and the expected compliance.
Stay updated with industry standards and regulatory requirements related to IT security. Ensure that policies are aligned with these standards & that Saputo remains compliant with relevant regulations.
Cybersecurity Awareness Training
Design and develop a comprehensive cybersecurity awareness program that aligns with the organization’s goals, culture, process, and specific cybersecurity needs.
High involvement to implement Cybersecurity Training to Operational Technology (OT) employees
Develop and deliver security training materials to employees at all levels of the organizations.
Collaborate with IT communication team to send cybersecurity awareness messages to employees.
Ensure that employees are aware of IT security policies, standards, and guidelines. Regularly communicate policy updates & changes.
Conduct regular phishing and social engineering simulations to test employees’ susceptibility to these types of attacks.
Establish metrics to measure the effectiveness of the cybersecurity awareness program.
Continuously evaluate & enhance the cybersecurity awareness program based on feedback, industry trends, and emerging threats. Stay updated with the latest security practices and technologies.
Third Party Vendor Assessment
Collaborate with stakeholders (procurement, legal, digital and IT teams) assess vendors based on their access to critical systems, sensitive data and service provided.
Develop a comprehensive assessment plan (scope, objectives, and methodology) for evaluating the vendor’s security & risk posture in respect of industry standards and regulatory compliance.
Develop and administer cybersecurity questionnaires to gather information about the vendor’s security practices, infrastructure, and controls.
Evaluate the vendor’s security risks based on the information gathered from documentation reviews, questionnaires. Identify any potential vulnerabilities, weaknesses, or gaps in their security controls that could pose a risk to Saputo systems or data.
Prepare comprehensive assessment reports that summarize the findings, risks, and recommendations for each vendor assessed and communicate the results to stakeholders,
Establish mechanisms for ongoing monitoring and oversight of the vendor’s security practices.
Ensure that the vendor’s security practices align with Saputo security requirements, industry standards, and regulatory obligations. Review and update vendor contracts to include specific security requirements, responsibilities, and consequences for non-compliance.
Complete compliance annual SAAS vendor review with selected vendors.
You Are Best Suited for The Role If You Have the Following Qualifications:
Undergraduate degree in Information Management, Computer Science, Computer Engineering, Information Security, or related field.
Overall 7+ years of information security consulting, security operations or advisory.
Working experience with industry frameworks (NIST CSF & ISO27K) and knowledgeable of data privacy laws and regulations.
Very strong written and communication skills to non-technical stakeholders.
Ability to work with teams to achieve goals and meet deadlines in a fast-paced environment.
Work well under pressure and time constraints and can prioritize competing priorities.
Work independently with minimal supervision and direction.
Experience in project management.
TECHNICAL SKILLS:
CISSP, CISSP-ISSAP, CISM, CSSA, certification a strong asset
Broad understanding of Cybersecurity framework (NIST Cybersecurity Framework, ISO27001)
Knowledge of information security and risk mitigation principles, theories, and techniques.
Experience with Security Awareness Software such as Knowbe4.
Experience with Third Party Vendor Assessment process.
Excellent French and English written and verbal communication skills.
As part of his duties, the incumbent will have to communicate and collaborate in English, both orally and in writing with colleagues or other stakeholders in Quebec as well as in the rest of Canada or in North America.
We support and care for our employees and their families by providing:
Competitive salaries
Advantageous corporate agreements
Full range of group insurance benefits
Group retirement pension plan with employer contribution
Purchase option of company stocks
Group RRSP
Health and wellness program in the workplace
Assistance program for employees and their families
Saputo products at a discounted price
We support employment equity. Saputo strives to embed diversity and inclusion in its operations and invites candidates from all horizons to join its family.
Our story began in Canada in 1954, when the Saputo family’s hard work and dedication created a thriving dairy business. More than 65 years later, our roots in this country remain strong with our Corporate Headquarters in Montréal. Today, we are a leading cheese manufacturer and fluid milk and cream processor in Canada with well-loved brands, such as Saputo, Alexis de Portneuf, Armstrong, Baxter, Dairyland, Joyya, Milk2Go, Milk2Go Sport, Neilson, Nutrilait, Scotsburn* and Woolwich Goat Dairy. Thanks to our national footprint, we’re proud to bring our best to our customers and consumers, and have plenty of opportunities for our employees to grow in their own way. And we do it while also striving to build a healthier future for our people and the communities where we operate, guided by our values and the Saputo Promise. To learn more about Saputo in Canada, please click here. ( )
Join the Saputo Dairy Products Canada team to make your contributions matter every day!
- SCOTSBURN is a registered trademark and is used under license by Saputo Dairy Products Canada G.P.
The material contained herein is provided for informational purposes only. All open jobs offered by Saputo Inc. and all companies, corporations, partnerships, limited partnerships and other entities controlled by Saputo Inc. (collectively, “Saputo”) on Saputo’s web site are subject to specific job skill requirements. The job skill requirements, qualifications, and preferred experience are determined by a Saputo subsidiary, office or department, and all positions are subject to local prevailing employment laws and restrictions. This would include immigration laws pertaining to work authorization requirements and any other applicable government permissions or compliance. The materials on this site are provided without warranties of any kind, either expressed or implied, including but not limited to warranties regarding the accuracy or completeness of the information contained on this site or in any referenced links. While Saputo attempts to update this site on a timely basis, the information is effective only as of the time and date of posting. Strict confidentiality will be observed at all times. Saputo is an equal opportunity employer. The information on this site is for information purposes only and is not intended to be relied upon with legal consequence.
Saputo welcomes and encourages applications from people with disabilities. Accommodations may be available upon request for candidates taking part in all aspects of the selection process.
Source: