Specialist Cybersecurity - Control Framework

Air Canada

  • Dorval, QC
  • Permanent
  • Full-time
  • 1 month ago
DescriptionBeing part of Air Canada is to become part of an iconic Canadian symbol, recently ranked the best Airline in North America. Let your career take flight by joining our diverse and vibrant team at the leading edge of passenger aviation.Air Canada is seeking a highly skilled and motivated Specialist Cybersecurity to join our dynamic team and play a pivotal role in managing, maintaining, and enhancing our organization's cybersecurity control framework. The ideal candidate will have a deep understanding of cybersecurity principles, a proven track record in designing and implementing security controls, and a strong ability to lead and collaborate across departments to ensure the ongoing protection of our digital assets.This position will be reporting to the Senior Manager, Cybersecurity Advisory & AffiliatesKey Responsibilities:
  • Oversee the development, implementation, and maintenance of the organization's cybersecurity control framework.
  • Lead the design and implementation of innovative security controls to safeguard the organization's systems, networks, and data.
  • Continuously assess and monitor the effectiveness of existing controls, identifying potential vulnerabilities and recommending improvements.
  • Advise and lead cross-functional teams to ensure that security controls align with business goals and regulatory requirements.
  • Collaborate closely with IT/OT teams to integrate security measures seamlessly into existing processes and technologies.
  • Apply a risk-based approach to determine the appropriate level of security controls for different assets and systems.
  • Ensure that the control framework is leveraged to systematically identify and prioritize cybersecurity activities based on risk exposure and potential impact.
  • Responsible for conducting regular risk assessments to identify potential security gaps and areas of improvement within the control framework.
  • Ensure compliance with relevant cybersecurity regulations, standards, and best practices, adapting controls as necessary.
  • Work with risk management teams to translate cybersecurity risks into the broader enterprise risk context.
  • Ensure accurate and up-to-date documentation related to cybersecurity controls, processes, and incident responses are maintained.
  • Validate and prepare regular reports for management detailing the status of the cybersecurity control framework, emerging threats, recommended actions, and progress in addressing identified risks.
  • Work collaboratively with Risk Management team to ensure quality of submitted metric information (e.g., scoring, justification, etc.).
  • Perform root-cause analysis of underperforming metrics and determine control gaps as required.
  • Responsible for ensuring the completeness and accuracy of remediation projects/initiatives and associated information.
Qualifications
  • A relevant University degree/technical certification, and/or relevant experience commensurate to the role.
  • 9-12 years of IT technology, operations in a large company with minimum 5 years in a cyber security control framework delivery role.
  • Strong knowledge and understanding of IT/cyber risk management concepts.
  • Information Security Certification (i.e., CISSP or others) is an asset.
  • In-depth knowledge of cybersecurity control frameworks (NIST, ISO, etc.).
  • In-depth knowledge of emerging cybersecurity threats, attack vectors, and mitigation strategies.
  • Experience with PCI and 52-109 is an asset.
  • Experience with working within multidisciplinary and collaborative environments.
  • Exceptional analytical, organizational and communication skills.
  • Self-motivated and independent worker.
  • Possess investigative nature and be self-motivated.
  • Results oriented with proactive and methodical approach to problem solving.
  • Able to multi-task and work under pressure against tight deadlines and changing priorities.
  • Must be a team player with ability to work closely with diverse groups and working styles.
  • Ability to establish and maintain effective business relationships.
  • Flexibility and willingness to work extended hours, when required.
Conditions of Employment:Candidates must be eligible to work in the country of interest, at the time any offer of employment is made and seeking any required work permits/visas or other authorizations which may be required is the sole responsibility of the candidates applying for this position.Linguistic RequirementsBased on equal qualifications, preference will be given to bilingual candidates.Diversity and InclusionAir Canada is strongly committed to Diversity and Inclusion and aims to create a healthy, accessible and rewarding work environment which highlights employees' unique contributions to our company's success.As an equal opportunity employer, we welcome applications from all to help us build a diverse workforce which reflects the diversity of our customers, and communities, in which we live and serve.Air Canada thanks all candidates for their interest; however only those selected to continue in the process will be contacted.

Air Canada