Being part of Air Canada is to become part of an iconic Canadian symbol, recently ranked the best Airline in North America. Let your career take flight by joining our diverse and vibrant team at the leading edge of passenger aviation.
Senior Specialist, Cyber Security will work with cybersecurity and operational personnel to develop and/or deploy mitigation techniques in order to effectively defend against cyber threats and vulnerabilities within the OT environment. The ideal candidate will contribute to improve the overall OT security posture by utilising their strong understanding of Operational Technology systems and environment in performing cyber security functions and maintaining security systems across Air Canada's OT systems and environments. The ideal candidate with have previous experience with OT systems in Aviation industry such as Aircraft Control Systems, Baggage Handling Systems, Cargo Processing Systems and Building Automation / Security Systems.
This position will report to the Senior Director, Cybersecurity Strategy & Operations Technology
- Verify OT assets discovery process and asset inventory, commissioning and decommissioning.
- Outline OT assets and network diagram to ensure visibility.
- Develop change management processes to authorise and validate OT system changes.
- Collaborate with owners of security technologies such as antivirus, IDS/IPS, SIEM, endpoint detection & response, configuration management, privileged identify management, etc. to ensure that all assets in the OT environments are being managed.
- Work with cybersecurity personnel to identify appropriate asset management solutions for deployment and implement security controls to mitigate associated risks.
- Establish security validation processes and assessment on OT assets for compliance against established baselines.
- Define the patching and control needs of the organisation's OT system and perform prioritisation of activities.
- Oversee implementation of controls or patches and ensure minimisation of disruption within acceptable limits of risks.
- Partner with operational and cybersecurity personnel to plan and monitor periodic maintenance of OT security infrastructure.
- Conduct OT security posture assessment and upkeeping.
- Perform site specific implementation of OT cybersecurity controls and metrics.
- Establish authentication and identification rules across devices and users to drive cybersecurity objectives within the OT environment.
- Monitor third party and vendor's access and activities in the OT environment.
- Develop OT technical documentation, policies, procedures and standards.
- Promote knowledge sharing in both the IT and OT cybersecurity teams.
- Develop standardised vocabulary for IT and OT cybersecurity teams based on the identified standards and framework.
- Articulate potential pain points and solutions in aligning IT and OT departments.
- Manage cross-team strategic projects according to guidance from the senior leadership.
- Work with the cybersecurity team to conduct research to develop or deploy new capabilities and solutions.
- Represent the organization and take an active participation on different IT/OT business or security airline specific forums.
- Higher Degree (Bachelor or Master) in Engineering, Cybersecurity, Information Systems or Computer Science (IT).
- 10+ years experience working with Operational Technology (OT) systems in Critical Infrastructure.
- 8+ years experience in Cyber Security with advanced knowledge of cyber security domains such as OT/ICS security architecture, security assessment, GRC implementation, security strategy and operating model, data leakage detection.
- 3+ years experience with OT/ICS security monitoring tools implementation, Security Information and Event Management (SIEM) implementation, security analytics and threat intelligence, vulnerability management, industrial IoT security and cloud management.
- Certifications preferred - Cybersecurity Related Certification such as GSEC, GICSP, CISSP.
- Strong interpersonal and stakeholder management skills.
- Strong understanding of cybersecurity frameworks for ICS/OT environments - NIST-SP800-82, IEC62443 / ISA99.
- Strong understanding of OT network communication protocols, industrial networking topologies, as well as L2/L3 networking and architecture.
- Familiarity with aviation specific cybersecurity standards.
Conditions of Employment:
Based on equal qualifications, preference will be given to bilingual candidates.
Diversity and Inclusion
Air Canada is strongly committed to Diversity and Inclusion and aims to create a healthy, accessible and rewarding work environment which highlights employees’ unique contributions to our company’s success.
As an equal opportunity employer, we welcome applications from all to help us build a diverse workforce which reflects the diversity of our customers, and communities, in which we live and serve.
Air Canada thanks all candidates for their interest; however only those selected to continue in the process will be contacted.