Manager, Internal Audit - Technology

Description

Being part of Air Canada is to become part of an iconic Canadian symbol, recently ranked the best Airline in North America. Let your career take flight by joining our diverse and vibrant team at the leading edge of passenger aviation.

As a member of the Corporate Audit & Advisory team, the Manger, Technology, Internal Audit will be responsible for Information Technology based governance, risk and controls-based audit and advisory engagements. Primarily responsible for the development management of cybersecurity related audits throughout the organization and its subsidiaries to support the annual risk-based audit plan in order to provide independent and objective assurance to Management and the Audit Committee on the Company's governance, risk management, compliance and control processes

Responsibilities:

• Manage and execute audits of company-wide IT areas which include, but are not limited to, IT operations, IT programs and projects, IT regulatory and compliance, IT risk management, and IT advisory.
• This includes all IT risks with focus, but are not limited to, cyber security, cyber regulatory and compliance, cyber-crime, cyber threat management, and privacy.
• Develop and maintain a cyber risk universe aligned with Air Canada corporate priorities and corporate IT strategy.
• Develop a cyber audit plan in consultation with business unit and IT senior management as well as the Senior Manager Technology Audit, Risk and Compliance.
• Lead cybersecurity audits throughout all the phases of the audit methodology.
• .Provide on-going consultation to various internal and external management personnel on cyber risks and the importance of strong internal controls, the impact on control of proposed changes in systems, procedures and policies, and other audit and internal control issues. Assist management where required in
• the development and assessment of cyber controls.
• Integrate data analytics into audit scoping and testing approaches to enhance the overall quality and relevance of engagements, including identifying key risk indicators to perform continuous monitoring.
• Deliver the audit report including observations, findings and opportunities of improvement.
• Monitor and provide input - through the Senior Manager Technology Audit, Risk and Compliance - to the Audit, Finance and Risk Committee to evaluate and report upon cyber risks and controls at Air Canada.
• Develop and continuously improve audit methodology and approach.
• Participate in the evaluation and design of new and revised systems and/or service providers in terms of cyber risks.
• Provide best practice" guidance to senior management on cyber strategy, governance, security, and risk.
• Develop continuous auditing and monitoring indicators to oversee key cyber risks at Air Canada and its subsidiaries.
• Liaise, and coordinate work, with external auditors and internal audit service providers in terms of cyber risks.
• Overall responsibility for the performance and training of cybersecurity audit employees and consultants
• Support other service lines in CAA as required, including participating in 52-109, business, operational audits, risk management activities and other compliance engagements.

Qualifications

• Must hold an undergraduate (or higher) degree in Information Security Management, Risk Management, Computer Science or Engineering or related discipline.
• Minimum of 7 years' experience relevant work experience in cybersecurity controls, risk management, technology audit and advisory.
• An industry-recognized cybersecurity relevant certification such as Certified Information systems Security Professional (CISSP); Certified Information Security Manager (CISM), or Certified Information Security Auditor (CISA).
• Strong knowledge of cybersecurity frameworks, standards and guidelines such as ISO 27001, NIST SP 800-30/34, NIST CSF, ISF CSF.
• Working knowledge of general IT and business processes and controls; cybersecurity and privacy relevant regulatory and compliance requirements such as OSFI cybersecurity self-assessment, PIPEDA, PCI-DSS; and three lines of defense model.
• Familiarity with data analytic concepts and experience using data analytic tools.
• Proven leadership and decision-making skills - results oriented.
• Strong interpersonal and communication skills at an executive level.
• Strong communication, time management, report writing, investigation, and presentation skills.
• Strong problem solving, organizational and analytical skills, with the ability to articulate complex concepts in a clear and concise manner.
• Ability to build strong relationships with both internal customers and external entities (i.e., external auditors, external service providers) and vendors.
• Exceptional planning and organizational skills - ability to cope with irregular or multiple work demands.
• Experienced in leading and developing high performance teams.
• Airline experience and knowledge of airline processes would be a distinct advantage.

This position may require occasional travel to various locations, a valid passport with ability to travel, domestically and internationally, sometimes on short notice.

Conditions of Employment:

• Candidates must be eligible to work in the country of interest, at the time any offer of employment is made and seeking any required work permits/visas or other authorizations which may be required is the sole responsibility of the candidates applying for this position.

Linguistic Requirements

Based on equal qualifications, preference will be given to bilingual candidates.

Diversity and Inclusion

Air Canada is strongly committed to Diversity and Inclusion and aims to create a healthy, accessible and rewarding work environment which highlights employees' unique contributions to our company's success.

As an equal opportunity employer, we welcome applications from all to help us build a diverse workforce which reflects the diversity of our customers, and communities, in which we live and serve.

Air Canada thanks all candidates for their interest; however only those selected to continue in the process will be contacted.