Join our Talent Network

Manager, Cybersecurity Audit, Risk & Compliance - 30911

Location: DORVAL, QC, Canada
Posting Start Date: Oct 6, 2022
Posting End Date: Oct 16, 2022

Share:

Job Description

Description

Being part of Air Canada is to become part of an iconic Canadian symbol, recently ranked the best Airline in North America. Let your career take flight by joining our diverse and vibrant team at the leading edge of passenger aviation.
 
Overall responsibility for the development of the cybersecurity audit risk universe and the development and delivery of the cybersecurity audit plan. Provide overall leadership and responsibility for the completion of company-wide audits of cybersecurity operations, processes and systems to ensure the adequacy of controls over the Company’s business processes and information. Provide independent feedback and leading practice insight, together with the Senior Manager Technology Audit, Risk and Compliance, to Executive management on the corporate cybersecurity strategy and governance function at Air Canada. The individual will report to the Senior Manager Technology Audit, Risk and Compliance and will be a key member of the Audit, Risk & Compliance management team.   
 
Key Functions & Accountabilities:  
  • Perform audits of company-wide cyber risks which include, but are not limited to, cyber security, cyber regulatory and compliance, cyber crime, cyber threat management, and privacy.  
  • Develop a cyber risk universe aligned with Air Canada corporate priorities and corporate IT strategy.
  • Develop a cyber audit plan in consultation with business unit and IT senior management as well as the Senior Manager Technology Audit, Risk and Compliance .
  • Lead cybersecurity audits throughout all the phases of the audit methodology. 
  • Provide independent feedback and leading practice insight, together with the Senior Manager Technology Audit, Risk and Compliance, to Executive management on the corporate cybersecurity strategy and governance function at Air Canada.
  • Provide on-going consultation to various internal and external management personnel on cyber risks and the importance of strong internal controls, the impact on control of proposed changes in systems, procedures and policies, and other audit and internal control issues. Assist management where required in the development and assessment of cyber controls.
  • Monitor and provide input – through the Senior Manager Technology Audit, Risk and Compliance - to the Audit, Finance and Risk Committee to evaluate and report upon cyber risks and controls at Air Canada.
  • Develop and continuously improve audit methodology and approach.
  • Overall responsibility for the completion of company-wide audits of computer and computer-based operations, processes and systems as well as audits of third-party companies providing computer and related services to the Company.
  • Participate in the evaluation and design of new and revised systems and/or service providers in terms of cyber risks.
  • Provide “best practice” guidance to senior management on cyber strategy, governance, security, and risk. 
  • Use and develop automation to test controls and report findings
  • Develop continuous auditing and monitoring indicators to oversee key cyber risks at Air Canada and its subsidiaries.
  • Liaise, and coordinate work, with external auditors and internal audit service providers in terms of cyber risks.
  • Overall responsibility for the performance and training of cybersecurity audit employees and consultants

Qualifications

  • Must hold undergraduate (or higher) degree in Information Security Management, Risk Management, Computer Science or Engineering or related discipline.
  • Minimum of 8 years’ experience relevant work experience in cybersecurity controls, risk management, technology audit and advisory.
  • An industry-recognized cybersecurity relevant certification such as Certified Information systems Security Professional (CISSP); Certified Information Security Manager (CISM), or Certified Information Security Auditor (CISA).
  • Strong knowledge of cybersecurity frameworks, standards and guidelines such as ISO 27001, NIST SP 800-30/34, NIST CSF, ISF CSF.
  • Working knowledge of general IT and business processes and controls; cybersecurity and privacy relevant regulatory and compliance requirements such as OSFI cybersecurity self-assessment, PIPEDA, PCI-DSS; and three lines of defense model.
  • Familiarity with data analytic concepts and experience using data analytic tools. 
  • Proven leadership and decision-making skills – results oriented.
  • Strong interpersonal and communication skills at an executive level.
  • Strong communication, time management, report writing, investigation, and presentation skills.
  • Strong problem solving, organizational and analytical skills, with the ability to articulate complex concepts in a clear and concise manner.
  • Ability to build strong relationships with both internal customers and external entities (i.e., external auditors, external service providers) and vendors.
  • Exceptional planning and organizational skills - ability to cope with irregular or multiple work demands.
  • Experienced in leading and developing high performance teams.
  • Airline experience and knowledge of airline processes would be a distinct advantage.
  • Valid passport and ability to travel (nationally and internationally), sometimes on short notice.
Conditions of Employment:
  • Candidates must be eligible to work in the country of interest, at the time any offer of employment is made and seeking any required work permits/visas or other authorizations which may be required is the sole responsibility of the candidates applying for this position.
Linguistic Requirements

Based on equal qualifications, preference will be given to bilingual candidates. 
 
Diversity and Inclusion
 
Air Canada is strongly committed to Diversity and Inclusion and aims to create a healthy, accessible and rewarding work environment which highlights employees’ unique contributions to our company’s success.
 
As an equal opportunity employer, we welcome applications from all to help us build a diverse workforce which reflects the diversity of our customers, and communities, in which we live and serve.

Air Canada thanks all candidates for their interest; however only those selected to continue in the process will be contacted
Share: