Being part of Air Canada is to become part of an iconic Canadian symbol, recently ranked the best Airline in North America. Let your career take flight by joining our diverse and vibrant team at the leading edge of passenger aviation. The Specialist Cybersecurity Governance will be working in a fast paced and innovative environment supporting the overall security posture of Air Canada’s technology environment. Air Canada’s cybersecurity systems are foundational to protecting the data and systems that allow its customers to fly safely. The Specialist Cybersecurity Governance will play a crucial role in defining Cybersecurity data protection policies, directives, standards, and procedures. In addition, they will be responsible for managing the cyber data classification, and data security through the discovery and classification tools implemented at Air Canada. As Cybersecurity threats continue to evolve, this role will be heavily involved when a Cyber incident occurs that affect data. The Cybersecurity Governance Specialist will lead the risk investigation, and produce recommendations to remediate or reduce the risks identified. This position will be reporting to Director, Cybersecurity Governance, Risk and Compliance. Responsibilities:
- Serves as the primary contact and liaison, and act as a subject matter expert for all Cybersecurity Data Protection related matters and questions.
- Recognized as a key technical resource within the team and will, guide, and mentor team members when needed.
- Lead risk investigations into Cybersecurity incidents that affected Air Canada data.
- Lead the Development, Implementation, and maintenance of the Cybersecurity data protection governance framework and ensuring data use is in compliance with applicable data protection regulations (PCI, 52-109, PIPEDA, GDPR, etc.). This includes but not limited to developing policies, directives, standards, templates and others.
- Work closely with the Cybersecurity operations, Data Governance, Legal/Privacy, Compliance, as well as other Information Technology functions, to develop and monitor applicable data protection standards.
- Participate in the Data and Information Technology Governance Committees.
- Support the leadership team on strategic initiatives specific to the respective portfolio.
- Represent the organization and take an active participation on different IT business and/or security airline specific forums.
- A relevant University degree/technical certification, and/or relevant experience commensurate to the role
- 9-12 years of IT technology with minimum 5 years in an IT Security role, operations and people leadership experience in a large company
- Extensive knowledge and understanding of information security.
- Certification in Information Security and/or Data Protection (CISSP, CDPSE, CIPP/US | CIPP/E | CIPM | CIPT) practices.
- Knowledge of various industry regulations and frameworks. (PCI, HIPAA, Data Privacy Laws, ISO27001/2, NIST, HITRUST, CIS, etc.)
- Familiarity with Data Discovery tools such as BigID. (Preferred)
- Familiarity with o365 data classification capabilities. (Preferred)
- Meaningful experience with Databases such as Microsoft SQL Server, Oracle Database, MySQL/MariaDB, IBM DB2, AWS, Azure.
- Ability to build and develop strong relationships with both technical as well as non-technical stakeholders throughout the organisation.
- Track record working with data from multiple sources and willingness to deep dive and understand the data. This is particularly important in the investigation phases of incidents.
- Possess investigative nature and be self-motivated.
- Results oriented with proactive and methodical approach to problem solving (Critical thinking).
- Able to multi-task and work under pressure while dealing with tight deadlines and changing priorities.
- Must be a team player with ability to work closely with diverse groups and working styles.
- Ability to establish and maintain effective business relationships.
- Exceptional analytical, organizational and communication skills.
- Flexibility and willingness to work extended hours, when required.
Conditions of Employment:
- Candidates must be eligible to work in the country of interest, at the time any offer of employment is made and seeking any required work permits/visas or other authorizations which may be required is the sole responsibility of the candidates applying for this position.
Based on equal qualifications, preference will be given to bilingual candidates. Diversity and Inclusion Air Canada is strongly committed to Diversity and Inclusion and aims to create a healthy, accessible and rewarding work environment which highlights employees’ unique contributions to our company’s success. As an equal opportunity employer, we welcome applications from all to help us build a diverse workforce which reflects the diversity of our customers, and communities, in which we live and serve.
Air Canada thanks all candidates for their interest; however only those selected to continue in the process will be contacted.