Website Air Canada
The Cyber Security department is responsible for the overall security posture of Air Canada’s technology environment: cyber monitoring, detection, and response systems. It develops and implements the latest security policies, guidelines and standards for improved security. Air Canada’s cyber security systems are foundational to protecting the data and systems that allow its customers to fly safely. The Manager, Cyber Security Risk acts as a cyber security subject matter expert and provides guidance concerning the cyber security program, cyber risks and compliance for Air Canada and its affiliates.
- Advises the organization about cyber security threats, technologies and related regulatory requirements
- Leads, monitors and advises on the execution of risk management activities and assessments.
- Participates in new business initiatives and product development activities to promote and implement functionality necessary to support “security by design” capabilities
- Contributes to the development, documentation, monitoring and maintenance of information security standards, policies and protocols to ensure organizational infrastructure, data and resources are protected from unauthorized and inappropriate use or access
- Accountable for remediation follow-up with individual risk owners
- Responsible for guiding and leading the strategy for planning and implementation of the Cyber Security Risk Management program and its requirements.
- Provides expertise in the definition, selection and implementation of cyber security related controls
- Leads and advises on identification of cyber risks, communication and development of “best practice” solutions, and implementation of mitigating controls consistent with company strategy
- 9-12 years of IT technology, operations and people leadership experience in a large company, with a minimum of 5 years of experience in a cyber security and/or risk & compliance role.
- Current information security certification (CISSP, CISM or equivalent)
- Relevant privacy industry certifications (e.g. CIPP, CIPM, etc.) an asset
- Relevant experience defining business processes and controls around sensitive data and applications to ensure compliance with data protection regulations (e.g. PIPEDA, GDPR)
- A relevant University degree/technical certification, and/or relevant experience commensurate to the role.
- Strong knowledge and understanding of cyber security concepts, protocols, industry best practices, strategies, frameworks and regulations such as SOX, PCI DSS, ISO, CoBIT, NIST, PIPEDA, GDPR
- Self-motivated and capable to work with minimal supervision
- Strong communication skills, (written and verbal), and the ability to bridge the language between technology and business
Company: Air Canada
Vacancy Type: Full Time
Job Location: Winnipeg, Manitoba, CA
Application Deadline: N/A