Manager, IT & Cyber Governance

Being part of Air Canada is to become part of an iconic Canadian symbol, recently ranked the best Airline in North America. Let your career take flight by joining our diverse and vibrant team at the leading edge of passenger aviation.

The Manager of IT & Cyber Governance is responsible for establishing and operationalizing an adaptive governance framework that will support the leadership in fulfilling their roles of exercising proper oversight of IT, Data and Digital (IDD) risk through unbiased reporting, analysis, and insights to drive the following 5 key outcomes: performance management, strategic alignment, risk optimization, resource optimization & value delivery. The Manager of IT & Cyber Governance will work closely with senior leadership and IDD functional leads to ensure the appropriate processes and controls are in place to protect, enhance and ensure the availability of IT & Cyber assets to support enterprise goals.

The Manager of IT & Cyber Governance will maintain the risk governance framework and operating model that identifies key decisions impacting IDD’s ability to deliver business value and develop an effective, efficient, transparent, and fit for purpose decision-making and performance monitoring framework to support those key decisions. The risk governance framework will identify & monitor improvement requirements, ensure clarity of responsibilities and authorities, and the development of a long-term plan to move from controlled governance to automated governance. The Manager of IT & Cyber Governance will continually review and monitor the effectiveness of the governance operating model in delivering the following benefits: Improved clarity within the IDD Management system, greater visibility and transparency into decision making processes, improved coordination across IDD and increased effectiveness of IDD.

Responsibilities:

• Define and evolve a risk-based governance operating model that reviews core components of structure, oversight responsibilities, performance & culture, and infrastructure on a regular basis to ensure that IDD is supporting enterprise goals.
• Establish the following aspects within the risk governance operating model: Governing bodies & their oversight responsibilities, evaluating organizational design and reporting structures to ensure governance and management roles and responsibilities are clearly defined including decision making accountability and authority, and establishing and operationalizing a performance management framework to ensure on-going monitoring of Governance, Risk and Compliance’s (GRC) progress towards established goals and strategies.
• Collaborate with and provide support to senior leaders and stakeholders in their effort to design, implement, improve, and sustain effective and efficient IDD service delivery to business by means of Governance, Compliance, Performance Measurement, Operating Model and Process Management capabilities leveraging recognized industry best practices, leading frameworks, standards and regulations.
• Collaborate with senior leadership to develop and promote the adoption of a process culture to ensure management processes are working to achieve organizational objectives within established governance framework. Create internal partnerships with key stakeholders to influence and align functional areas that are needed to achieve governance objectives.
• Promote risk Governance across IDD through internal communication, education, collaboration, and by driving a culture of continuous improvement within the IDD Governance and Management operating model.
• Continually seek and evaluate emerging governance best practices and technologies to support the on-going evolution of the risk governance operating model.
• Develop and operationalize a long-term plan to move from controlled governance to adaptive governance that incorporates governance into ways of working by translating and cascading the governance framework down to processes, roles & responsibilities, and communications. Continually increase the use of automation to drive the governance framework and enable agile decision making.
• Drive non-bias compliance reporting that is timely, contains the appropriate level of detail on context, scope, objectives and is appropriate for stakeholders at multiple levels within the organization. Establish a reporting framework that ensures messaging is accurate, factual, constructive and includes recommendations for remediation.
• Operationalize & institutionalize the Guiding principles for risk within IDD culture. This includes on-going communication across IDD (top down & bottoms up) as well as on-going monitoring of the efficacy of the principles to ensure they remain aligned with the organization’s objectives. Support the development of a consistent culture and way of working within Core IT.
• Develop a communications framework to ensure stakeholders are aware and understand performance opportunities, challenges, issues, and risks in a timely manner.
• Work closely with enterprise governance and audit teams to ensure alignment and synergy.
• Demonstrate a management style that encourages mentorship, teamwork, participation, and communication. Manage, develop, coach, and empower leaders within the Governance team to meet or exceed functional objectives as well as provide support to various IT functional teams across all Domains. Motivate direct reports to continuously develop their professional expertise and provide guidance and support on potential career paths.
• Organize operational, financial, risk management and reporting governance processes to ensure leadership receives required information to make informed decisions to drive value-based outcomes. Establish reliable and repeatable methods & mechanisms for operationalizing governance i.e. governing bodies, policies, KPI dashboards etc.
• Govern the effectiveness and continuous improvement of the IT risk operating model through a mature operating oversight process (oversight, reporting & metrics) to assure IDD’s ability to deliver value. Develop, operationalize, and resource the framework to help drive Enterprise and Domain performance. Support a highly functioning leadership team through structured meetings, strong cadence and effective governance.
• Develop and execute an annual strategic assurance review plan to identify process gaps and risk areas across IDD that impact IDD’s ability to execute against the established strategy and priorities. Execute independent assurance reviews that will assess gap instances for size, risk, and impact, and will work with owners to develop and track remediation plans to closure.
• Develop assurance reports that detail assurance review objective, scope of work performance and identified gaps with assign prioritizations based on size, risk and impact. Work with management to ensure there is an agreement on and acceptance of the preliminary findings and recommendations, solicit management feedback on findings to be included in the final report. Work with IT Risk and process owners to recommend, develop and implement acceptable remediation plans. Present executive summary of assurance findings to IDD leadership with a focus on risk, impact, and remediation plans.
• Work closely with IDD Governing bodies to develop an appropriate policy portfolio that provides guidance, consistency, accountability, efficiency, and clarity on how IT will operate. Develop the appropriate balance between policies and processes, organizational needs, and risk landscape. Drive proactive policy management (create, update, retire, implement) to ensure policies meet organization needs and respond to changing business, technology, and compliance requirements.
• Develop and implement a compliance monitoring framework to ensure adherence to organizational processes and policies. Evaluate efficacy of policies, procedures, controls and drive continuous improvement to ensure timely and accurate reporting of non-compliances to senior leadership. Drive continuous monitoring of identified gaps to ensure remediation and closure.

Qualifications

• 5+ years’ experience in IT & Cyber
• 7 + years’ experience related to governance methodologies and compliance.
• Bachelor’s degree or equivalent relevant experience (MBA is an asset)
• Certifications in IT Governance, IT Best Practices, Cybersecurity and Project Management (e.g. Agile, ITIL, COBIT, PMP, CISSP)
• Demonstrated experience designing, managing, and executing large-scale, enterprise-wide initiatives.
• Excellent verbal and written communication skills with the ability to influence the actions of internal stakeholders and manage relationships with external stakeholders.
• Proven experience working with and presenting to senior leadership and executive teams
• Deep understanding of strategy, business processes, governance bodies, and strategic analysis supporting Governance
• Experience in enforcing processes, methods, standards, tools and measurement/scorecards
• Experience in risk and controls assessment
• Proven ability to manage budgets and resources effectively
• Strong leadership and management skills, with the ability to lead and motivate direct and indirect teams
• Proven ability to work cross-functionally, communicate succinctly and efficiently, build consensus and handle complex projects in similar environments.
• Demonstrate punctuality and dependability to support overall team success in a fast-paced environment.

Conditions of Employment:

Candidates must be eligible to work in the country of interest, at the time any offer of employment is made and seeking any required work permits/visas or other authorizations which may be required is the sole responsibility of the candidates applying for this position.

Linguistic Requirements

Based on equal qualifications, preference will be given to bilingual candidates.

Diversity and Inclusion

Air Canada is strongly committed to Diversity and Inclusion and aims to create a healthy, accessible and rewarding work environment which highlights employees’ unique contributions to our company’s success.

As an equal opportunity employer, we welcome applications from all to help us build a diverse workforce which reflects the diversity of our customers, and communities, in which we live and serve.

Air Canada thanks all candidates for their interest; however only those selected to continue in the process will be contacted.