Being part of Air Canada is to become part of an iconic Canadian symbol, recently ranked the best Airline in North America. Let your career take flight by joining our diverse and vibrant team at the leading edge of passenger aviation.
As a member of the Corporate Audit & Advisory team, the Cybersecurity Auditor will be expected to perform risk-based Cybersecurity audit and advisory projects.
The scope of assignments will cover the complex systems involved in running a state-of-the-art airline as well as the processes to support those systems, focusing on maintaining the confidentiality, integrity and availability of the information. Additional responsibilities could include advisory and testing assistance for business process audits.
Key Functions & Accountabilities:
Reporting to the Manager, IT Audit, Risk and Compliance, the position requires the individual to support the following activities of Corporate Audit & Advisory (CAA) service line:
Perform risk-based audits and assessments of Cybersecurity processes and controls and assess the adequacy of measures in place to mitigate risks.
Validate IT and Cybersecurity compliance of third-party companies providing system and related services to the Company (including SaaS providers), and review their Cybersecurity measures and procedures to ensure the confidentiality, integrity and availability of information, adherence to contractual terms.
Assist in providing value-added and effective audit recommendations to senior management identifying significant issues in a business context.
Assist in preparing clear and concise audit conclusions based on evidence collected, data analytics results, root cause analysis and industry best practices.
May perform Cyber forensic analysis of digital information and gather and handle evidence.
Demonstrate technical understanding of data analysis concepts and practices. Effectively use data analysis software to facilitate audit scoping and testing.
Assist in developing security metrics that can be used to assess Air Canada cybersecurity posture.
Provide support for other audits and investigations where the scope includes the extensive use of Information Technology.
Support automation requirements of the Corporate Audit & Advisory group,and provide development assistance in the creation of continuous auditing and/or monitoring technologies.
Must be able to work both independently and as part of a team.
Actively seek to be informed of industry and corporate initiatives and trends in order to support effective audit continuous monitoring, proper management of information and cyber security risks.
Mandatory Covid-19 Vaccination Required as of October 31st 2021
Must hold an undergraduate degree in a computer-related field or another related discipline.
Professional certification such as CISA, CSX, CISM, CISSP, CEH, GCIA
Experience in the assessment of threats and risks over IT processes and assets.
Knowledge and experience with security assessment tools (penetration test, vulnerability assessment) and Security Operations Centre software (IDS, IPS, SIEM, etc.).
Three to five years’ experience in IT audit or IT Security management.
Knowledge and awareness of the following would be an asset:
Network security architecture, penetration testing, Red Team testing, vulnerability assessments, Data Loss Prevention, web application security, secure coding assessment, cloud security, DDoS protection, encryption, and malware protection
IT Governance frameworks (for example, COBIT, ITIL, etc.).
Information Security frameworks and compliance programs including but not limited to NIST, PCI DSS, ISO/IEC 27001.
Familiarity with laws and regulations in the areas of governance (GDPR), and permissible use of data (PIPEDA).
Experience using data analytic tools (e.g. Power BI)
Excellent interpersonal, oral and written communication skills, including the ability to prepare concise reports.
Proven analytical abilities, as well as very strong planning and organization skills to manage competing demands.
Experience with IT Complex environment and associated operating systems and security applications.
Airline experience and knowledge of airline processes would be a distinct advantage.
Valid passport and ability to travel (nationally and internationally), sometimes on short notice.
Based on equal qualifications, bilingualism (English and French) is desirable
Based on equal qualifications, preference will be given to bilingual candidates.
Diversity and Inclusion
Air Canada is strongly committed to Diversity and Inclusion and aims to create a healthy, accessible and rewarding work environment which highlights employees’ unique contributions to our company’s success.
As an equal opportunity employer, we welcome applications from all to help us build a diverse workforce which reflects the diversity of our customers, and communities, in which we live and serve.
Air Canada thanks all candidates for their interest; however only those selected to continue in the process will be contacted.
Are you passionate about reaching new heights, teamwork and making a meaningful contribution? Do you picture yourself as a valued member of an industry-leading organization? If you answered yes to these questions, Air Canada is seeking enthusiastic individuals to join the diverse and vibrant team working together to lead the growth and expansion of Canada’s flag carrier.