×
Register Here to Apply for Jobs or Post Jobs. X

Cyber Security Risk Analyst

Job in Baie-Comeau, Saguenay, Province de Québec, Canada
Listing for: Alcoa
Full Time position
Listed on 2026-07-07
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, IT Business Analyst, IT Consultant
Salary/Wage Range or Industry Benchmark: 80000 - 100000 CAD Yearly CAD 80000.00 100000.00 YEAR
Job Description & How to Apply Below
Location: Baie-Comeau

About the Role

Alcoa is seeking a Cyber Security Risk Analyst to serve as a key contributor to the cybersecurity risk management program, providing subject matter expertise in identifying, assessing, and managing risks across both Information Technology (IT) and Operational Technology (OT) environments. This role supports informed business decision-making by translating complex technical risks into business and operational impact. The Analyst independently leads risk assessments and partners closely with IT, OT, audit, and senior leaders to ensure cybersecurity risks are understood, documented, mitigated, and monitored in accordance with corporate policies and industry standards.

Responsibilities
  • Contribute to the development, implementation, and continuous improvement of the Cybersecurity Risk Management Program, including frameworks, methodologies, policies, standards, and supporting tools.
  • Perform cybersecurity risk assessments across IT, OT, cloud, and third‑party environments, including enterprise systems and manufacturing/process control systems (PCS).
  • Facilitate risk workshops with technical and business stakeholders to evaluate risks associated with new technologies, projects, and operational changes.
  • Serve as a subject matter expert on risk methodology, scoring, and evaluation.
  • Maintain and enhance the cybersecurity risk register, including risk scoring, treatment plans, and residual risk tracking.
  • Support and guide risk treatment strategies (mitigation, acceptance, transfer, avoidance) and partner with compliance teams to design and implement appropriate controls.
  • Translate technical risk findings into clear business and operational impact statements for non‑technical audiences and senior leadership.
  • Advise leadership on risk exposure, trends, and residual risks, including impacts to business operations and production.
  • Define, monitor, and report Key Risk Indicators (KRIs) and emerging threat trends.
  • Support audit, regulatory, and compliance activities (e.g., ISO 27001, NIST, SOC) related to cybersecurity risk management.
  • Collaborate with Enterprise Risk Management (ERM) and Operations Risk Management teams to ensure alignment and integration of cybersecurity risks into broader risk reporting.
  • Build and maintain strong relationships with stakeholders across IT, OT, business units, and risk management functions.
  • Continuously monitor evolving cyber threats, emerging technologies, and industry practices to enhance risk management processes and capabilities.
Qualifications
  • Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, Engineering, Risk Management, or a related discipline; equivalent professional experience may be considered in lieu of a degree.
  • 6+ years of experience in cybersecurity, IT risk management, information security, governance, compliance, or IT operations within enterprise environments.
  • Demonstrated experience assessing cybersecurity risk across IT and OT environments; experience in manufacturing or industrial organizations preferred.
  • Strong knowledge of cybersecurity frameworks and standards (e.g., ISO 27001, NIST CSF, NIST 800‑53, CIS Controls, SOX).
  • Proven experience executing core GRC activities, including risk assessments, policy and standard development, control validation, audit support, and remediation tracking.
  • Expertise in cybersecurity governance, risk assessment, and compliance program implementation.
  • Experience using Governance, Risk, and Compliance (GRC) tools and risk reporting dashboards.
  • Solid understanding of security principles, including security controls, threat modeling, vulnerability management, and incident risk analysis.
  • Excellent written, verbal, and facilitation skills, with the ability to translate complex technical risks into clear business impacts.
  • Demonstrated ability to collaborate effectively with cross‑functional stakeholders, including technical teams, operations, and senior leadership, while managing multiple priorities in fast‑paced environments.
Preferred Qualifications
  • Relevant industry certifications such as CISSP, CISM, CRISC, CISA, CGRC, Security+, GRCP, or equivalent.
  • Experience with third‑party/vendor risk management,…
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary