Specialist, IT and Cybersecurity Risk

Being part of Air Canada is to become part of an iconic Canadian symbol, recently ranked the best Airline in North America. Let your career take flight by joining our diverse and vibrant team at the leading edge of passenger aviation.

The Specialist, IT and Cybersecurity Risk will be working in a fast paced and innovative environment supporting the overall security posture of Air Canada’s technology environment. Air Canada’s IT and OT systems are foundational to protecting the data and systems that allow its customers to fly safely.
The Specialist, IT and Cybersecurity Risk acts as an IT and cybersecurity subject matter expert and provides guidance concerning the IT and cybersecurity risks for Air Canada and its affiliates. The incumbent, will evaluate Air Canada’s existing IT and OT systems to determine potential IT and cybersecurity risks, provide inputs on IT and cybersecurity requirements for personal, commercial and financial data as well as the operation of Air Canada IT networks and infrastructure. Cybersecurity threats continue to evolve, and the IT and Cybersecurity Risk team will evolve with it.
This position will be reporting to the Manager, IT and Cybersecurity.

Responsibilities:

• Collaborates with Strategic Procurement for the sourcing exercise and on-boarding of the third-parties for the execution of IT and cybersecurity controls.
• Leads the execution of third-party IT and cybersecurity risk assessments (pre and post contacting, and ongoing monitoring) to ensure compliance with internal information security policies and procedures, as well as external requirements.
• Ensures that cybersecurity clauses are embedded in the agreements with third parties.
• Manage IT and cybersecurity risks, issues, and defects from identification to remediation.
• Performs IT and cybersecurity risk assessments, documents them and supports the implementation of mitigating controls consistent with company strategy.
• Generate reports to demonstrate IT and cybersecurity metrics and KPIs and KRIs.
• Identify IT and Cybersecurity risks, communicate and develop “best practice” solutions, and recommend mitigating controls consistent with company strategy.
• Introduce new processes and initiatives to improve IT and cybersecurity risk practice.
• Represent the organization and take active participation in different IT or cybersecurity airline specific forums.
• Supporting the leadership team on strategic initiatives specific to the respective portfolio.

Qualifications

• A relevant University degree/technical certification, and/or relevant experience commensurate to the role
• 6-8 years of IT technology, operations, and people leadership experience in a large company, with a minimum of 4 years of experience in IT and cybersecurity governance, risk and compliance role.
• Strong knowledge in IT and cybersecurity risk management processes, methods, and tools.
• Strong knowledge of cybersecurity standards, IT and cybersecurity risks, threats, prevention measures, and best practices.
• Strong knowledge and understanding of cyber security concepts, protocols, industry best practices, strategies, frameworks and regulations such as SOX, PCI DSS, ISO, CoBIT, NIST, PIPEDA, GDPR.
• Thorough understanding of Application Security Testing, Penetration Test, Tabletop Exercises.
• Current information security certification (CISSP, CISM or equivalent) is an asset.
• Exceptional analytical, organizational, and communication skills.
• Self-motivated and independent worker.
• Possess investigative nature and be self-motivated.
• Results oriented with a proactive and methodical approach to problem solving.
• Able to multi-task and work under pressure against tight deadlines and changing priorities.
• Must be a team player with the ability to work closely with diverse groups and working styles.
• Ability to establish and maintain effective business relationships.
• Flexibility and willingness to work extended hours, when required.
• Demonstrate punctuality and dependability to support overall team success in a fast-paced environment.

Conditions of Employment:

Candidates must be eligible to work in the country of interest, at the time any offer of employment is made and seeking any required work permits/visas or other authorizations which may be required is the sole responsibility of the candidates applying for this position.

Linguistic Requirements

Based on equal qualifications, preference will be given to bilingual candidates.

Diversity and Inclusion

Air Canada is strongly committed to Diversity and Inclusion and aims to create a healthy, accessible and rewarding work environment which highlights employees’ unique contributions to our company’s success.

As an equal opportunity employer, we welcome applications from all to help us build a diverse workforce which reflects the diversity of our customers, and communities, in which we live and serve.

Air Canada thanks all candidates for their interest; however only those selected to continue in the process will be contacted.