Saputo is seeking a
Cybersecurity Senior Analyst to join its Cybersecurity team and report to the IT Cybersecurity Manager.
The senior analyst will collaborate closely with IT and OT department for the awareness, Digital, Legal, Privacy, Procurement, Internal Audit, Risk Management, Human Resources, and business stakeholders to strengthen Saputo's cybersecurity posture.
The Cybersecurity Senior Analyst will lead and continuously improve several strategic cybersecurity functions, including:
• Cybersecurity Governance and Policy Management
• Cybersecurity Awareness and Culture Development
• Third-Party Risk Management (TPRM)
• TPRM Platform Administration (Archer)
• Cybersecurity Program Reporting and Executive Communications
The individual will collaborate closely with IT, Digital, Legal, Privacy, Procurement, Internal Audit, Risk Management, Human Resources, and business stakeholders to strengthen Saputo's cybersecurity posture and ensure compliance with internal requirements and external regulations.
As many operational cybersecurity activities are performed by managed security service providers and external partners, the Senior Analyst will provide governance, oversight, quality assurance, and continuous improvement recommendations to ensure the effectiveness of delivered services.
This role also requires strong communication and presentation skills to develop executive dashboards, reports, and presentations for senior leadership, the Security Committee, and the Audit Committee.
How you will make contributions that matter:Cybersecurity Governance- Develop, maintain, and review cybersecurity policies, standards, and procedures.
- Ensure alignment with regulatory requirements and industry frameworks (NIST, ISO 27001).
- Support audits and cybersecurity governance initiatives.
- Promote policy awareness and adoption across the organization.
Cybersecurity Awareness- Develop and maintain Saputo's IT and OT cybersecurity awareness strategy and roadmap.
- Design and deliver awareness campaigns, phishing simulations, and role-based training.
- Collaborate with HR and Communications to foster a strong security culture.
- Measure program effectiveness through KPIs and recommend improvements.
- Report awareness program performance to management and governance committees
- Identify opportunities to improve cybersecurity culture and employee engagement
Third-Party Risk Management- Conduct cybersecurity assessments of third-party vendors and SaaS providers.
- Review vendor security controls, certifications, and compliance documentation.
- Identify and communicate risks, remediation requirements, and recommendations.
- Support ongoing vendor monitoring and annual reassessments.
- Collaborate with Procurement, Legal, Privacy, and IT stakeholders throughout the vendor lifecycle.
Archer Platform Administration- Act as the primary subject matter expert (SME) for the Archer GRC platform
- Configure and maintain questionnaires, workflows, dashboards, and reports.
- Identify opportunities to automate and improve cybersecurity governance processes.
- Maintain the Archer enhancement roadmap and manage platform improvements.
Executive Reporting- Develop cybersecurity metrics, dashboards, and executive reports.
- Prepare presentations for senior leadership, Security Committees, and Audit Committees.
- Provide oversight of cybersecurity services delivered by external partners and managed service providers.
You Are Best Suited for The Role If You Have the Following Qualifications:- Bachelor's degree in information security, Computer Science, Information Technology or related field.
- Minimum 4 years of experience in cybersecurity, governance, risk management, consulting, or security operations.
- Able to communicate effectively with technical and non-technical stakeholders.
- Strong analytical, organizational, and problem-solving capabilities.
- Experience managing multiple initiatives in a fast-paced environment.
You are best suited for the role if you have the following qualifications:- Cybersecurity frameworks (NIST CSF, ISO 27001).
- Third-Party Risk Management and security assessments.
- Governance, Risk and Compliance (GRC) platforms Archer. Compliance
- Risk management and policy development
- Cybersecurity metrics, dashboards, and executive reporting.
- Microsoft 365, Purview, cloud security, and SaaS security concepts are assets.
- Excellent French and English written and verbal communication skills.
"As part of their duties, the position holder will be required to communicate and collaborate in English and French, both orally and in writing, with colleagues or other stakeholders located in Québec, elsewhere in Canada, or across North America."
We support and take care of our employees and their families by offering: - Generous and complete benefit coverage with group insurance
- Group retirement plan with employer contribution
- Telemedicine and assistance program for employees and their families
- Employee Share Ownership Plan with an employer match
- Paid Parental Leave program
- Paid time off: Sick days, floater days and volunteer day off
- Opportunity to contribute to a collective RRSP & TFSA
- Training and development programs
- Saputo Flex Program, flexible work environment (schedule/location/time off) according to department needs
- Organized activities for employees and their families
- Advantageous discounts on Saputo products
Salary: $$88,140 to $115,685*Salary offers will vary commensurate with experience, education, skills, and training.
STATEMENT ON AIAll applications are carefully considered by our Talent Acquisition team.
Artificial Intelligence tools may be used in screening applications.
Artificial Intelligence is not used to assess or select applications.