Join our Talent Network

Specialist - Cyber Security Control Framework - 23874

Location: MONTREAL, QC, Canada
Posting Start Date: Aug 23, 2019
Posting End Date: Sep 2, 2019


Job Description


Are you passionate about reaching new heights, teamwork and making a meaningful contribution? Do you picture yourself as a valued member of an industry-leading organization? If you answered yes to these questions, Air Canada is seeking enthusiastic individuals to join the diverse and vibrant team working together to lead the growth and expansion of Canada’s flag carrier.

The specialist will be responsible for the maintenance and enhancement of the Air Canada cybersecurity control framework. He/she is responsible to engage and interact with various control owners, including operations and risk management to ensure that the controls appropriately protect Air Canada and that their effectiveness is optimized. The specialist is also responsible to drive the cyber risk reduction strategy.

  • Responsible for overall security posture of Air Canada’s technology environment
  • Coordinate with operational groups and business units to set up and implement identity and access management measures to prevent or detect security incidents or breaches
  • Develop and communicate organizational objectives; inspire, motivate and train team members to follow and achieve organizational security standards
  • Generate security reports for IT administrators and business managers to evaluate the efficacy of security systems and policies
  • Lead business and technology analysis efforts for the Cybersecurity Control Framework
  • Lead requirement and systems analysis efforts, including translating business requirements
  • Participate on agile teams
  • Lead business case creation efforts to increase the effectiveness of the controls
  • Lead Planning and monitoring processes for the Cybersecurity Control Framework
  • Provide management with economic impact and compliance issues surrounding key business decisions
  • Define and maintain methods, techniques and calculations for identifying ways to improve business/technical processes


  • A relevant University degree/technical certification, and/or relevant experience commensurate to the role
  • 9-12 years of IT technology, operations and people leadership experience in a large company
  • Certification in Information Security (CISSP, ISC, or CISM) practices and policies
  • 8+ years in an information security/compliance role
  • Previous security GRC experience
  • Previous experience in managing and working with strategic partners (outsourced model)
  • IT security certifications is an asset (SSCP, CISM, CISA, or CISSP)
  • In-depth knowledge of cybersecurity control frameworks (NIST, ISO, etc).
  • Experience in IT security risk management is an asset
  • Experience with PCI and 52-109 is an asset
  • Ability to work across multiple technical teams to set direction and priority
  • Experience with working within multidisciplinary and collaborative environments
  • Exceptional analytical, organizational and communication skills
  • Self-motivated and independent worker
  • Possess investigative nature and be self-motivated
  • Results oriented with proactive and methodical approach to problem solving
  • Able to multi-task and work under pressure against tight deadlines and changing priorities
  • Must be a team player with ability to work closely with diverse groups and working styles
  • Ability to establish and maintain effective business relationships
  • Flexibility and willingness to work extended hours, when required
Bilingual (English and French)
Diversity and Inclusion

Air Canada is strongly committed to Diversity and Inclusion and aims to create a healthy, accessible and rewarding work environment which highlights employees’ unique contributions to our company’s success.


As an equal opportunity employer, we welcome applications from all to help us build a diverse workforce which reflects the diversity of our customers, and communities, in which we live and serve.


Air Canada thanks all candidates for their interest; however only those selected to continue in the process will be contacted.