Security Generalist – Cybersecurity Governance

Job Description

Job Title: Security Generalist - Cybersecurity Governance 

Location: Toronto ON, Hybrid position

Reports To: Cybersecurity Director

Employment Type: Full-Time

Compensation: 95,000$ - 110,000$ + benefits + bonus

Salary ranges are determined by role, level, and location.   The range reflects the minimum and maximum target for new hire salaries for the position.   Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training.   More specific salary range for your preferred location can be discussed during the hiring process.  Please note that the compensation details listed reflect the base salary only, and do not include bonus, benefits, pension contributions or additional incentives.  

Chemtrade is committed to delivering innovative solutions that address the complex challenges faced by our customers. As a responsible corporate citizen, we prioritize safety, sustainability, and environmental stewardship in all operations. Our talented and diverse workforce is at the heart of our success, as we recognize that their knowledge, skills, and dedication drive our ability to deliver exceptional products and services. At Chemtrade, we believe in creating an environment where everyone feels valued, respected, and empowered to contribute their unique perspectives and talents. By putting people at the center of our operations, we build strong connections, nurture innovation, and create a fulfilling work experience for all.

Scope of the position:

The Security Generalist – Cybersecurity Governance plays a key role in strengthening the Cybersecurity posture of Chemtrade IT, manufacturing operations and corporate environment. This role focuses on Cybersecurity governance, risk, and compliance (GRC), ensuring that security policies, standards and frameworks are effectively implemented across IT and OT (Operational Technology) systems. The ideal candidate combines knowledge of Cybersecurity principles with an understanding of industrial operations, compliance standards, and risk management.

Key Responsibilities

• Develop, maintain, and update Cybersecurity policies, standards, and procedures aligned with business and regulatory requirements (e.g., NIST CSF, ISO 27001).
• Support the enterprise risk management process by identifying, assessing, and tracking Cybersecurity risks across IT and OT environments.
• Conduct and document risk assessments for critical technology systems, vendors, and new technologies.
• Coordinate periodic reviews of policies and standards, exception management, and control testing activities.
• Assist in preparing security metrics and governance reports for leadership and Security Council.

• Support compliance initiatives related to internal Cybersecurity standards, relevant regulations and internal/external audits.
• Prepare documentation and evidence for internal and external audits.
• Partner with internal stakeholders to ensure security controls meet both regulatory and customer requirements.

• Assist in third-party risk assessments and vendor security reviews, ensuring suppliers and contractors meet corporate Cybersecurity standards.
• Maintain a vendor risk register and coordinate follow-up actions for identified issues.

• Support the delivery of Cybersecurity awareness and training programs tailored for plant floor employees and office staff.
• Stay current on evolving Cybersecurity regulations, manufacturing industry threats, and governance best practices.
• Recommend process improvements and assist in developing maturity roadmaps for security governance.

• Participate in the Cybersecurity incident response process, helping coordinate response, documentation, and post-incident analysis.
• Monitor and assist with security tool management (e.g., endpoint protection, SIEM alerts, access reviews).
• Ensure governance alignment between IT and OT security teams for effective control implementation and incident response.

Qualifications

Education and Experience:

• Bachelor’s degree in Cybersecurity, Computer Science, Industrial Technology, or a related field; or equivalent experience.
• 3–7 years of experience in Cybersecurity, governance, risk, and compliance (GRC), preferably within manufacturing or industrial environments.
• Strong understanding of Cybersecurity frameworks (NIST CSF, ISO 27001, CIS Controls).
• Familiarity with risk management and control assessment processes.
• Excellent documentation, analytical, and communication skills.

Other experience:

• Experience with operational technology (OT) or industrial control systems (ICS) Cybersecurity principles.
• Knowledge of relevant manufacturing compliance standards (e.g., NIST 800-171, ISA/IEC 62443).
• Certifications such as CompTIA Security+, CISA, CRISC, CISSP, or ISO 27001 Lead Implementer/Auditor.
• Familiarity with GRC tools and platforms.

Key Competencies

• Governance Mindset: Strong understanding of control frameworks and policy management.
• Cross-Functional Collaboration: Ability to work with IT, OT, Operations, Finance, HR and other business teams.
• Attention to Detail: Accuracy in documentation and compliance evidence collection.
• Risk Awareness: Ability to assess and communicate Cybersecurity risks in business terms.
• Continuous Improvement: Proactive in identifying and implementing governance enhancements.

What Chemtrade Offers You

Embracing Diversity, Maximizing Results

At Chemtrade, we are committed to cultivating a work environment that embraces and values the unique qualities of every employee. We believe in harnessing the richness of diverse talents, ideas, backgrounds, experiences, and perspectives to drive our business forward. Our vision is to create a workplace where all individuals feel respected, empowered, and inspired to contribute their experiences, ideas, and perspectives.

In our culture, we celebrate multiple approaches and viewpoints. To foster an inclusive environment, we actively encourage the creation of Employee Resource Groups. These groups provide platforms for employees to share their unique perspectives, contribute their ideas, and help shape our inclusive culture. Together, we strive to build a workplace that recognizes and celebrates the diverse voices within our organization.

We recognize that the diversity of our employees is paramount to our organization's success. It is through the diversity of perspectives that we develop and shape programs and tools that support our employees' growth and career management.

Join us in our journey towards building an inclusive workplace that values diversity and promotes the personal and professional development of our employees.

We recognize the immense value of Employee Resource Groups (ERG’s) in fostering an including and supportive work environment.  Our ERG’s serve as vital platforms for employees to connect, share experiences, and celebrate their unique backgrounds and perspectives. 

We firmly believe that diversity drives innovation and fuels our success as an organization. By encouraging the formation of ERG’s, we aim to create a workplace where all individual feel empowered to bring their whole selves to work and contribute their diverse talents and ideas.  Additionally, we understand the importance of work-life balance and the well-being of our employees and their families.  That is why we proudly offer a range of family-friendly benefits, and opportunities for career growth and advancement. 

We are committed to supporting our employees at every stage of their lives and ensuring they can thrive both professionally and personally.  Join us and be a part of a company that values diversity, inclusion and the well-being of its employees.

Learn more about Chemtrade by following us on LinkedIn or Facebook  and check us out on YouTube: Chemtrade 

#Chemtrade123

#LI-PRO