.. : Support the Corporate Quality and Safety Policy and ensure It is promoted within your functional area of responsibility; Master the .. Committee (QSMC) meetings; Receive and analyze safety reports, including Data Entry into the database, incident investigation, risk assessment, root .. read more
Job Description Description Being part of Air Canada is to become part of an iconic Canadian symbol, recently ranked the best Airline in North America. Let your career take flight by joining our diverse and vibrant team at the leading edge of passenger aviation. The Cybersecurity Governance Specialist will be working in a fast paced and innovative environment supporting the overall security posture of Air Canada's technology environment. Air Canada's cybersecurity systems are foundational to protecting the data and systems that allow its customers to fly safely. This Cybersecurity Governance Specialist will be focused on developing and driving Cybersecurity Configuration Management by understanding, creating, measuring, and improving the secure configuration management posture across all the airlines IT assets. The Cybersecurity Governance Specialist will be involved in the risk investigation, and ultimately produce recommendations to remediate or reduce the risks identified related to configuration. This role is also responsible for developing new configuration guidelines and standards. This role will be reporting to the Manager, Cybersecurity. Responsibilities: Serves as the primary contact and liaison, and act as a subject matter expert for all Cybersecurity configuration related matters and questions. Implement and maintain configuration management processes and tools. Responsible for defining, growing, and refining the Secure Configuration Management Controls, benchmarks and guidelines for all IT assets. Work with our IT Architects and IT Teams to continually improve the secure benchmarks and configuration guidelines for all IT assets based on industry best practice, threat modelling and vulnerability management findings. Report adherence to these benchmarks and support platform and service owners in managing remediation to increase security and mitigate risk. Identify process improvement opportunities and assist with automating the end-to-end implementation of the Secure Configuration Management controls. Identify and resolve any security configuration issues or deviations. Have the ability to build relationships with technical as well as non-technical stakeholders throughout the organisation. Proactively manage risk, internal, and external obligations, and responsibilities; contribute to and develop policies, directives, procedures, processes, guidelines, and standards. If you have an agile mindset, a great attitude and are willing to build on existing Cyber skills, consider applying. Qualifications A relevant University degree/technical certification, and/or relevant experience commensurate to the role. 7 years of IT technology with minimum 5 or more years of experience in Cyber Security, preferably in Cyber Configuration Security Management or Cyber Security Architecture. Exceptional analytical, organizational and communication skills, and self-motivated and independent worker. A current recognized information security credential (e.g. CISSP, CEH, OSCP) is desired A background in IT/Cyber Architecture is preferred. Thorough comprehension and understanding of security frameworks eg: CIS, NIST, STIG, and Others. Able to multi-task and work under pressure against tight deadlines and changing priorities, and the ability to prioritize work. Familiarity with the following: OWASP (Open Web Application Security Project) MITRE ATT&CK framework Threat Modeling techniques Network Security and Vulnerability scanning tools (e.g. Nessus, Nmap, Rapid7 tools, Qualys, etc.) TCP/IP Networking Network protocol analyzers (e.g. Wireshark) Penetration testing methodology Incident Response Techniques Experience in endpoint security. Possess investigative nature and results oriented with proactive and methodical approach to problem solving. Must be a team player with ability to work closely with diverse groups and working styles. Ability to establish and maintain effective business relationships. Conditions of Employment: Candidates must be eligible to work in the country of interest, at the time any offer of employment is made and seeking any required work permits/visas or other authorizations which may be required is the sole responsibility of the candidates applying for this position. Linguistic Requirements Based on equal qualifications, preference will be given to bilingual candidates. Diversity and Inclusion Air Canada is strongly committed to Diversity and Inclusion and aims to create a healthy, accessible and rewarding work environment which highlights employees' unique contributions to our company's success. As an equal opportunity employer, we welcome applications from all to help us build a diverse workforce which reflects the diversity of our customers, and communities, in which we live and serve. Air Canada thanks all candidates for their interest; however only those selected to continue in the process will be contacted.