Being part of Air Canada is to become part of an iconic Canadian symbol, recently ranked the best Airline in North America. Let your career take flight by joining our diverse and vibrant team at the leading edge of passenger aviation.
The Cyber Security department is responsible for the overall security posture of Air Canada’s technology environment: cyber monitoring, detection, and response systems. It develops and implements the latest security policies, guidelines and standards for improved security. Air Canada’s cyber security systems are foundational to protecting the data and systems that allow its customers to fly safely. The Manager, Cyber Security Risk acts as a cyber security subject matter expert and provides guidance concerning the cyber security program, cyber risks and compliance for Air Canada and its affiliates.
This position will be reporting to the Director, Cyber Security, Governance, Risk and Control
Location: Vancouver / Edmonton / Calgary / Montreal / Toronto
- Responsible for guiding and leading the strategy for planning and implementation of the Cyber Security Risk Management program and its requirements.
- Leads, monitors and advises on the execution of risk management activities and assessments.
- Leads and advises on identification of cyber risks, communication and development of “best practice” solutions, and implementation of mitigating controls consistent with company strategy
- Accountable for remediation follow-up with individual risk owners
- Provides expertise in the definition, selection and implementation of cyber security related controls
- Contributes to the development, documentation, monitoring and maintenance of information security standards, policies and protocols to ensure organizational infrastructure, data and resources are protected from unauthorized and inappropriate use or access
- Participates in new business initiatives and product development activities to promote and implement functionality necessary to support “security by design” capabilities
- Advises the organization about cyber security threats, technologies and related regulatory requirements
Mandatory Covid-19 Vaccination Required as of October 31st, 2021
A relevant University degree/technical certification, and/or relevant experience commensurate to the role.
9-12 years of IT technology, operations and people leadership experience in a large company, with a minimum of 5 years of experience in a cyber security and/or risk & compliance role.
Current information security certification (CISSP, CISM or equivalent)
Relevant privacy industry certifications (e.g. CIPP, CIPM, etc.) an asset
Strong knowledge and understanding of cyber security concepts, protocols, industry best practices, strategies, frameworks and regulations such as SOX, PCI DSS, ISO, CoBIT, NIST, PIPEDA, GDPR
Relevant experience defining business processes and controls around sensitive data and applications to ensure compliance with data protection regulations (e.g. PIPEDA, GDPR)
Strong communication skills, (written and verbal), and the ability to bridge the language between technology and business
Self-motivated and capable to work with minimal supervision
Results oriented with a proactive and methodical approach to problem solving
Able to multi-task and work under pressure against tight deadlines and changing priorities
Must be a team player with an ability to work closely with diverse groups and working styles
Ability to establish and maintain effective business relationships.
Based on equal qualifications, preference will be given to bilingual candidates.
Diversity and Inclusion
Air Canada is strongly committed to Diversity and Inclusion and aims to create a healthy, accessible and rewarding work environment which highlights employees’ unique contributions to our company’s success.
As an equal opportunity employer, we welcome applications from all to help us build a diverse workforce which reflects the diversity of our customers, and communities, in which we live and serve.
Air Canada thanks all candidates for their interest; however only those selected to continue in the process will be contacted.