Being part of Air Canada is to become part of an iconic Canadian symbol, recently ranked the best Airline in North America. Let your career take flight by joining our diverse and vibrant team at the leading edge of passenger aviation.
The Cyber Security department is responsible for the overall security posture of Air Canada’s technology environment: cyber monitoring, detection, and response systems. It develops and implements the latest security policies, guidelines and standards for improved security. Air Canada’s cyber security systems are foundational to protecting the data and systems that allow its customers to fly safely. The Specialist, Cyber Security acts as a cyber security subject matter expert and provides guidance concerning the cyber security program, cyber risks and compliance for Air Canada and its affiliates.
This position will be reporting to the Manager, Cyber Security, Assurance
Location: Vancouver / Edmonton / Calgary / Montreal / Toronto
- Leads the execution of assurance activities (ex. penetration tests, application security testing etc.)
- Collaborates with different departments (i.e. Advisory, Architecture, Project team) to ensure that business and technical requirements are properly identified.
- Collaborates with Strategic Procurement for the sourcing exercise and on-boarding of the third-parties for the execution of assurance activities
- Validates the results of the assurance tests with the internal and external stakeholders.
- Performs risk assessments, documents them and support the implementation of mitigating controls consistent with company strategy
- Leads the execution of third-party cyber risk assessments (pre and post contacting, and ongoing monitoring) to ensure compliance with internal information security policies and procedures, as well as external requirements
- Ensures that cybersecurity clauses are embedded in the agreements with third parties
- Provides advisory services related to cyber assurance, “security and privacy by design”, cyber security threats, technologies and related regulatory requirements.
- Mandatory Covid-19 Vaccination Required as of October 31st, 2021
- A relevant University degree/technical certification, and/or relevant experience commensurate to the role.
- 6-8 years of IT technology, operations and people leadership experience in a large company, with a minimum of 4 years of experience in a cyber security and/or risk & compliance role.
- Current information security certification (CISSP, CISM or equivalent)
- Relevant privacy industry certifications (e.g. CIPP, CIPM, etc.) an asset
- Strong knowledge and understanding of cyber security concepts, protocols, industry best practices, strategies, frameworks and regulations such as SOX, PCI DSS, ISO, CoBIT, NIST, PIPEDA, GDPR
- Relevant experience defining business processes and controls around sensitive data and applications to ensure compliance with data protection regulations (e.g. PIPEDA, GDPR)
- Strong communication skills, (written and verbal), and the ability to bridge the language between technology and business
- Self-motivated and capable to work with minimal supervision
- Results oriented with a proactive and methodical approach to problem solving
- Able to multi-task and work under pressure against tight deadlines and changing priorities
- Must be a team player with an ability to work closely with diverse groups and working styles
- Ability to establish and maintain effective business relationships.
Based on equal qualifications, preference will be given to bilingual candidates.
Diversity and Inclusion
Air Canada is strongly committed to Diversity and Inclusion and aims to create a healthy, accessible and rewarding work environment which highlights employees’ unique contributions to our company’s success.
As an equal opportunity employer, we welcome applications from all to help us build a diverse workforce which reflects the diversity of our customers, and communities, in which we live and serve.
Air Canada thanks all candidates for their interest; however only those selected to continue in the process will be contacted.