Specialist, IT & Cyber Governance (Cybersecurity) at Air Canada

Being part of Air Canada is to become part of an iconic Canadian symbol, recently ranked the best Airline in North America. Let your career take flight by joining our diverse and vibrant team at the leading edge of passenger aviation.

The IT & Cyber Governance Specialist plays a critical role in ensuring the organization’s cybersecurity practices align with business objectives, regulatory requirements and industry standards. This role focuses on developing, implementing and maintaining cybersecurity governance frameworks, policies, processes and controls to manage risk and ensure compliance.

In partnership with leadership, the IT & Cyber Governance Specialist will establish a structured approach for managing cybersecurity risks, controls and responsibilities using globally recognized standards such as NIST CSF & COBIT.  This includes defining accountabilities for cybersecurity decisions, establishing rules for secure behavior through policies and directives, documenting processes and procedures and monitoring KPIs/KRIs to measure effectiveness and risk exposure.  

The IT & Cyber Governance Specialist will support monitoring and reporting performance and compliance against organizational goals through established risk governance committees.  This role will support initiatives to improve and mature the Cybersecurity Operating model, reduce risk and improve compliance posture for Air Canada.  Success in this role will be measured by improvements in governance maturity, risk posture, policy adoption, and compliance posture

Responsibilities:

• Establish a structured governance approach for managing cybersecurity risks, controls and responsibilities using globally recognized standards such as NIST CSF & COBIT.  
• Ensure that the governance structure has clear accountabilities for cybersecurity decisions, policies in place to drive secure behavior and documented processes to support a mature cybersecurity operating model.
• Maintain and evolve the cybersecurity governance framework to reflect changes in business strategy or operations, emerging threats and vulnerabilities, new technologies and regulatory and compliance requirements
• Engage stakeholders to ensure the governance framework includes appropriate processes and controls to protect and enhance cyber assets.
• Monitor key performance and key risk indicators against established targets. Ensure visibility, escalation, and management of IT & Cyber risks and issues in the delivery of technology services.
• Track progress against established objectives to ensure expected benefits are on-track and being realized.  Provide transparent and factual information to leadership to support strategic decision making.
• Drive the development of clear roles and responsibilities across cybersecurity process to enable consistent and reliable process execution and value delivery.  Ensure processes are documented and managed through the Knowledge management lifecycle.
• Working with training and awareness teams to develop required training to support a mature cybersecurity operating model
• Implement processes to assess and monitor the effectiveness of Cybersecurity processes to ensure adherence to standards and policies as appropriate
• Initiate and conduct ongoing and regular reviews to ensure technology and governance best practices are incorporated into cybersecurity processes and operationalized.
• Support the development of the IT & Cyber Governance deployment strategy and business case to detail expected costs and benefits from a tailored governance program focused on maturing the overall IT, Data & Digital (IDD) operating model within Air Canada
• Assist in the preparation of reports and materials for regularly scheduled risk Governance reviews with leadership
• Facilitate gap analysis assessments between enterprise and IDD goals through the execution of independent capability & maturity assessments for cybersecurity functions  

• Bachelor degree or equivalent relevant experience
• Minimum 10 years of experience in IT, including at least 5 years in cybersecurity and 5 years in IT governance implementation5+ years’ experience in cybersecurity
• 5+ years’ experience related to the implementation of IT governance methodologies.
• Strong understanding of cybersecurity frameworks and regulatory requirements
• Experience with GRC tools
• CISM, CRISC, CISSP, COBIT, ITIL or other relevant certification
• Excellent verbal and written communication skills with the ability to influence the actions of internal stakeholders and manage relationships with external stakeholders.
• Experience in the development of IT processes, methods, standards, tools and measurement/scorecards
• Experience in risk and controls assessment
• Strong teamwork skills, embodies Air Canada’s philosophies, vision and values
• Proven ability to work cross-functionally, communicate succinctly and efficiently
• Demonstrate punctuality and dependability to support overall team success in a fast-paced environment.

Conditions of Employment:

• Candidates must be eligible to work in the country of interest, at the time any offer of employment is made and seeking any required work permits/visas or other authorizations which may be required is the sole responsibility of the candidates applying for this position.

Linguistic Requirements

Based on equal qualifications, preference will be given to bilingual candidates.

Diversity and Inclusion

Air Canada is strongly committed to Diversity and Inclusion and aims to create a healthy, accessible and rewarding work environment which highlights employees’ unique contributions to our company’s success.

As an equal opportunity employer, we welcome applications from all to help us build a diverse workforce which reflects the diversity of our customers, and communities, in which we live and serve.

Air Canada thanks all candidates for their interest; however only those selected to continue in the process will be contacted.