Are you passionate about reaching new heights, teamwork and making a meaningful contribution? Do you picture yourself as a valued member of an industry-leading organization? If you answered yes to these questions, Air Canada is seeking enthusiastic individuals to join the diverse and vibrant team working together to lead the growth and expansion of Canada’s flag carrier.
Air Canada is replacing its legacy Reservation and Departure control system with a modern integrated Passenger Service System (PSS) to provide customers an improved and consistent experience across all channels worldwide. A dedicated PSS Program team has been established and is responsible for implementing the new system as well as integrating a broad range of IT products and applications, which will enable the realization of a successful launch and transition to the system.
The PSS Program is currently recruiting for a Cyber Security Specialist who will be part of the Cybersecurity Program Delivery team. The incumbent will be responsible to act as hands on technology and solution advisor/designer/implementation lead with experience in the Cloud technologies & Mobile Security domain. The Cyber Security Specialist should be able to speak to the Cloud technologies & Mobile security landscape, architectural models and solutions credibly, and possess the ability to discuss and present to members of a project team as well as management. (S)He is responsible for generating and compiling gap analysis and remediation reports based on either request from stakeholders across Business and IT as well as reporting their own findings, complete with probable causes and possible solutions to security issues. This individual will apply proven communication, analytical, and problem-solving skills to help maximize the benefit of Cybersecurity program Delivery team.
- Lead collaborative working with other teams within IT to ensure that capabilities are complete, operable, conform to business processes and meet the business needs with the agreed quality of service
- Review and participate in the design, implementation and delivery of security solutions
- Analyze and interpret information required to support operational planning, inform decision-making and apply current policies and practices
- Measure risks, recommend action plans, correct problematic situations and ensure solutions are implemented in line with the organization’s security standards and regulations
- Participate in the planning, organization and management of all the activities required for the implementation of IT Security Policies within the program/project
- Develop and propose action plans to limit the risks to the AC acceptable thresholds
- Assess and translate business needs to security configurations that the will be implement in the program
- Perform security assessments to detect critical deficiencies, security gaps and recommend solutions, controls and remediation for improvement. Plan and design information systems and implement updates within scope of established guidelines and objectives while delivering cybersecurity requirements across the security practice areas - IAM, DLP, SSDLC, Network security, Server & Endpoint protection and Cyber threat management
- Collaborate with stakeholders on security audits to ensure compliance with the security framework and coordinate the resolution of deficiency with the various IT Teams
- Prepare risks evaluations and make recommendations to bring security risks level to the organization’s security standards and regulations
- Inform and track the security standards to be used by the various IT Teams, more specifically those related to network equipment such as firewalls, switches, routers, etc.
- Work with industry organizations, business partners, and technology teams to develop remediation controls and compliance validation methods where appropriate
- Work with business liaisons and IT colleagues to determine security requirements and prepare detailed specifications for the design and development of security infrastructures, such as to Cyber Cloud Capabilities, DLP, CASB, Mobile, Security Information and Event Management (SIEM), PKI, firewalls, vulnerability management and intrusion detection systems
- Responsible to implement appropriate control requirements as required by per industry standards: ISO 2700x, C198, PIPEDA, PCI, etc.
- Produce and maintain business risk and impact analysis
- Provides follow-up, assistance and quality assurance
- Experience in business analysis, systems analysis, requirements definition and deployment of business requirements to information systems.
- 5 years experience in risk assessment and developing business security solutions.
- A thorough understanding of OOP, design patterns, iOS, Android, and enterprise in mobile application integration including experience with Web services consumption using protocols like JSON/REST, message queuing (MQ) and MQTT.
- Experience in Cloud Security principles and frameworks (oAuth2, SAML)
- Proven track record of increasing responsibility for positioning and delivering Security Architecture and Application Security related services across large complicated organizations
- Proven experience understanding current state, desired capabilities and documenting target architectures, gaps, roadmaps and architectural patterns
- Experience with mobile security protocols, Single Sign-On (SSO) infrastructure and web flows including OAuth 2.0.: particular focus on authentication and authorization: customer, employee, APIs, federation, risk based, policy driven, continuous, biometrics, mobile and understanding of JWT, OIDC, OAuth, SAML, XACML
- Experience performing security design reviews to assess security implications for introduction of new or differing technologies within the environment
- Experience with service-oriented architecture particularly for cloud-based services, plus if experiences with Microsoft Azure AD, Azure IaaS
- Solid and practical understanding of the end-to-end information technology (IT) process, including architecture, design, engineering, development, implementation, and operations
- Ability to provide direction and guidance on use cases and requirements for security related efforts
- Knowledge of information security standards (e.g., ISO 17799/27002, NIST 800-63, etc.), rules and regulations related to information security, data protection and privacy
- Strong analytical/problem solving experience to deal with complex business problems.
- Proven ability to work well under pressure and with minimal supervision.
- Strong organizational skills with an aptitude to juggle priorities to meet strict deadlines.
- Sense of initiative, self discipline and proactive thinking.
- Strong interpersonal skills; must be a team player.
- Highly developed PC skills: Windows, Word, Excel, PowerPoint, MS Access, Visio, MS Project
- Flexibility and availability to work extended hours including evenings nights and occasionally weekends.
Based on equal qualifications, preference will be given to bilingual candidates.
Diversity and Inclusion
Air Canada is strongly committed to Diversity and Inclusion and aims to create a healthy, accessible and rewarding work environment which highlights employees’ unique contributions to our company’s success.
As an equal opportunity employer, we welcome applications from all to help us build a diverse workforce which reflects the diversity of our customers, and communities, in which we live and serve.
Air Canada thanks all candidates for their interest; however only those selected to continue in the process will be contacted.