Specialist Cybersecurity - Control Framework
Air Canada
- Dorval, QC
- Permanent
- Full-time
- Oversee the development, implementation, and maintenance of the organization's cybersecurity control framework.
- Lead the design and implementation of innovative security controls to safeguard the organization's systems, networks, and data.
- Continuously assess and monitor the effectiveness of existing controls, identifying potential vulnerabilities and recommending improvements.
- Advise and lead cross-functional teams to ensure that security controls align with business goals and regulatory requirements.
- Collaborate closely with IT/OT teams to integrate security measures seamlessly into existing processes and technologies.
- Apply a risk-based approach to determine the appropriate level of security controls for different assets and systems.
- Ensure that the control framework is leveraged to systematically identify and prioritize cybersecurity activities based on risk exposure and potential impact.
- Responsible for conducting regular risk assessments to identify potential security gaps and areas of improvement within the control framework.
- Ensure compliance with relevant cybersecurity regulations, standards, and best practices, adapting controls as necessary.
- Work with risk management teams to translate cybersecurity risks into the broader enterprise risk context.
- Ensure accurate and up-to-date documentation related to cybersecurity controls, processes, and incident responses are maintained.
- Validate and prepare regular reports for management detailing the status of the cybersecurity control framework, emerging threats, recommended actions, and progress in addressing identified risks.
- Work collaboratively with Risk Management team to ensure quality of submitted metric information (e.g., scoring, justification, etc.).
- Perform root-cause analysis of underperforming metrics and determine control gaps as required.
- Responsible for ensuring the completeness and accuracy of remediation projects/initiatives and associated information.
- A relevant University degree/technical certification, and/or relevant experience commensurate to the role.
- 9-12 years of IT technology, operations in a large company with minimum 5 years in a cyber security control framework delivery role.
- Strong knowledge and understanding of IT/cyber risk management concepts.
- Information Security Certification (i.e., CISSP or others) is an asset.
- In-depth knowledge of cybersecurity control frameworks (NIST, ISO, etc.).
- In-depth knowledge of emerging cybersecurity threats, attack vectors, and mitigation strategies.
- Experience with PCI and 52-109 is an asset.
- Experience with working within multidisciplinary and collaborative environments.
- Exceptional analytical, organizational and communication skills.
- Self-motivated and independent worker.
- Possess investigative nature and be self-motivated.
- Results oriented with proactive and methodical approach to problem solving.
- Able to multi-task and work under pressure against tight deadlines and changing priorities.
- Must be a team player with ability to work closely with diverse groups and working styles.
- Ability to establish and maintain effective business relationships.
- Flexibility and willingness to work extended hours, when required.