Performs tasks such as, but not limited to, the following:
Coordinate with key stakeholders to initiate, scope and plan cybersecurity risk controls assessments of new and existing high risk suppliers.
Assists with the implementation of risk management programs/ frameworks while identifying and minimizing negative impacts to the business.
Develops and implements risk mitigation strategies.
Acts as a subject matter expert in the evaluation, development and implementation of an internal control system.
Participates in the IT Risk assessments - serve as a third party risk assessor, performing risk assessments by evaluating third party attestations, performing control design review, and control implementation validation.
Make meaningful risk mitigating recommendations to directly improve the third party risk posture of Celestica.
Builds effective relationships with internal/external stakeholders.
Ensures alignment between stakeholders.
Develops, documents and maintains business/group procedures updating and obtaining approvals as regulations or the operating environment changes and communicates changes to the business/group & relevant stakeholder groups.
Tracks exception/exemption requests and corresponding approvals.
Builds awareness, knowledge, and skills and, as necessary, provides communication, practical tools and ongoing support including making presentations, to promote a culture of risk identification and management.
Recommends adjustments to the overall program, policy or processes within the business/group in accordance with the Risk Appetite Statement, Governance and Corporate Policy.
Supports the business/group through internal/external audits or regulatory examinations and assists in development of action plans to resolve any identified issues.
Broader work or accountabilities may be assigned as needed.
Liaise with key business stakeholders and IT teams to support the completion of the third party risk management processes and due diligence.
Knowledge/Skills/Competencies:
Experience and understanding of third-party risk management, process mapping, bottleneck identification and associated control remediation.
Knowledge and experience working with third party management frameworks.
Knowledge and insight of regulatory requirements and expectation on third party risk management.
Knowledge of team budget and tracking mechanisms
Knowledge of Celestica’s technology, business and IT strategies.
Knowledge of IT analysis, design and development.
Knowledge of IT Security controls and frameworks
Proficient in Data Management and Analytics
Proficient in Business Partnering
Proficient in IT Risk Management
Ability to work in a team environment
Change Management and project management skills
Excellent resource management and prioritization skills.
Excellent analytical and problem solving skills
Excellent verbal and written communication skills
Knowledge of IT audit procedures and techniques
Technical proficiency gained through education and/or business experience
Collaboration & team skills - In-depth
Physical Demands:
Duties of this position are performed in a normal office environment.
Duties may require extended periods of sitting and sustained visual concentration on a computer monitor or on numbers and other detailed data. Repetitive manual movements (e.g., data entry, using a computer mouse, using a calculator, etc.) are frequently required.
Typical Experience:
4 to 6 years experience with cybersecurity, third party risk management, IT Risk and Compliance, IT Audit, Information Security or Assurance.
Typical Education:
Bachelor’s Degree in related field.
Available security courses around security and compliance.
Notes:
This job description is not intended to be an exhaustive list of all duties and responsibilities of the position. Employees are held accountable for all duties of the job. Job duties and the % of time identified for any function are subject to change at any time.
Celestica is an equal opportunity employer. All qualified applicants will receive consideration for employment and will not be discriminated against on any protected status (including race, religion, national origin, gender, sexual orientation, age, marital status, veteran or disability status or other characteristics protected by law).
At Celestica we are committed to fostering an inclusive, accessible environment, where all employees and customers feel valued, respected and supported. Special arrangements can be made for candidates who need it throughout the hiring process. Please indicate your needs and we will work with you to meet them.
COMPANY OVERVIEW:
Celestica (NYSE, TSX: CLS) enables the world’s best brands. Through our recognized customer-centric approach, we partner with leading companies in Aerospace and Defense, Communications, Enterprise, HealthTech, Industrial, Capital Equipment and Energy to deliver solutions for their most complex challenges. As a leader in design, manufacturing, hardware platform and supply chain solutions, Celestica brings global expertise and insight at every stage of product development – from drawing board to full-scale production and after-market services for products from advanced medical devices, to highly engineered aviation systems, to next-generation hardware platform solutions for the Cloud. Headquartered in Toronto, with talented teams spanning 40+ locations in 13 countries across the Americas, Europe and Asia, we imagine, develop and deliver a better future with our customers.
Celestica would like to thank all applicants, however, only qualified applicants will be contacted.
Celestica does not accept unsolicited resumes from recruitment agencies or fee based recruitment services.