manager, it & cyber grc policy and regulatory.

Description

Being part of Air Canada is to become part of an iconic Canadian symbol, recently ranked the best Airline in North America. Let your career take flight by joining our diverse and vibrant team at the leading edge of passenger aviation.

The Manager, IT & Cyber GRC Policy and Regulatory, plays a crucial role in ensuring that Air Canada’s IT & Cyber operations comply with relevant laws, regulations, and internal policies.  This role will be responsible for liaising with relevant internal and external parties to proactively identify, assess and analyze the regulatory and legislative environment to identify emerging issues and upcoming changes that will impact organizational operational and compliance processes within Air Canada.   

The Manager, IT & Cyber GRC Policy and Regulatory, will work closely with key teams across the organization to develop an appropriate policy portfolio that provides guidance, consistency, accountability, efficiency, and clarity on how the organization will operate. This role will work closely with process owners across the organization to ensure that internal processes designs meet policy requirements to mitigate risks and ensure compliance. 

The Manager, IT & Cyber GRC Policy and Regulatory, will establish and operationalize an appropriate governance framework to ensure that the policy portfolio meets internal and external requirements, required changes have been implemented into impacted processes and that effective training and awareness programs are in place to drive adoption and support the organizational risk landscape and compliance posture.  This role will effectively manage and develop a team to support the external regulations and policy portfolio function to further optimize risk and improve compliance for the organization.

Responsibilities:

Regulatory Conformity:

• Liaise with relevant internal and external parties to identify, assess, analyze and monitor legal and regulatory requirements relevant to IT & Cyber organizations within Air Canada.
• Facilitate and document interpretation decisions. Work with Legal and Privacy teams to evaluate external requirements. Obtain independent counsel, where appropriate, on changes to applicable laws, regulations and standards. 
• Identify emerging issues and upcoming changes that will impact operational and compliance processes within Air Canada, map the impacts on IT & Cyber policies, directives and processes, and develop plans with appropriate stakeholders to ensure timely compliance.  
• Assess the impact of IT & Cyber-related legal and regulatory requirements on third-party contracts related to IT & Cyber operations service providers and business trading partners.  Ensure appropriate controls and quality processes are in place and conduct regular audits of all major vendor partners.  
• Collaborate with internal stakeholders and recommend operational process and system changes required to implement and monitor new or existing regulation or legal requirements within IT & Cyber.
• Work closely with other departments to communicate, implement and change processes to mitigate risks and drive integrated compliance efforts.
• Liaise with regulatory agencies and internal or external auditors as required.

Policy Portfolio Management:

• Leverage a risk-based approach to develop and operationalize a proactive policy management framework (create, update, retire, implement) to ensure policies meet organization needs, address IT & Cyber greatest risks, and respond to changing business, technology, and compliance requirements.  Work closely with risk and compliance teams to identify critical risk areas, evaluate existing policies relative to their coverage of risk events, and to map policies to risk scenarios.     
• Work closely with key teams across IT & Cyber to develop an appropriate policy portfolio that provides guidance, consistency, accountability, efficiency, and clarity on how the organization will operate. Ensure document ownership is clearly defined, and clear and concise roles and responsibilities are identified to drive consistent behavior across all document owners.
• Regularly review the policy portfolio to validate that it enables critical processes and procedures and reflects applicable changes in laws and regulations.  Identify policy update requirements, and work with appropriate teams to review and adjust policies, principles, standards, procedures and methodologies to ensure necessary compliance and address enterprise risk. Use internal and external experts, as required.  Address compliance with gaps in policies, standards and procedures on a timely basis.  

Compliance, Training & Awareness:

• Develop and operationalize a compliance governance framework to ensure the organization adheres to legal and regulatory requirements.  This includes the development of appropriate policies and directives, identifying and mitigating compliance risks, monitoring and reporting on compliance status, training and awareness and driving assurance initiatives.
• Lead the production of tactical implementation plans to operationalize policy decisions and developments and oversee quality assurance.
• Support operational compliance teams in achieving organizational compliance objectives by developing and operationalizing plans to mature the external compliance practices within IT & Cyber considering people, processes and technology.
• Develop and execute a plan to improve the culture of compliance across the organization by promoting open dialog, ensuring all levels of management are leading by example, integrating compliance into daily operations, and ensuring effective training and awareness programs are in place to drive adoption.

Communication, Documentation and Reporting:

• Develop and drive an effective communication framework to clearly convey new and changed requirements to all relevant stakeholders.  Ensure new or changed requirements are incorporated into processes and roles as needed and track appropriate implementation and operationalization of the plans. 
• Clearly define and proactively communicate the consequences of noncompliance to appropriate stakeholders and leadership.  Ensuring complex compliance materials are presented appropriately to non-technical stakeholders and leadership. 
• Promote the use of policies as a mechanism for how IT & Cyber works to balance operational and risk needs.    
• Maintain an up-to-date log of all relevant legal, regulatory and contractual requirements; their impact and required actions.
• Develop and maintain KPI’s to track the effectiveness and efficiency of the IT & Cyber external compliance processes in supporting AC’s compliance requirements 
• Report on compliance status to senior management and regulatory bodies.

Qualifications

• Bachelor degree or equivalent relevant experience, legal degree preferred
• 5+ years’ experience in IT & Cyber 
• 10+ years’ experience related to external compliance
• Expertise in interpreting legislation and regulations: demonstrated ability to analyze complex data and legal texts to understand their implications on the organization.
• Knowledge and understanding of regulatory frameworks and process related to the Aviation sector and relevant provincial and federal policies and programs
• Experience in leading compliance programs within the Aviation industry 
• Understanding of business technologies and their impact on control practices
• Demonstrated knowledge of internal and external audit processes/practices/controls.
• Completion of relevant professional certification(s) is preferred
• Good understanding of IT & Cyber processes, COBIT, ITIL, NIST certification preferred 
• Ability to build relationships and bring together others with different perspectives and opinions toward a common goal.
• Excellent verbal and written communication skills with the ability to influence the actions of internal stakeholders and manage relationships with external stakeholders.
• Strong teamwork skills, embodies Air Canada’s philosophies, vision and values
• Proven ability to work cross-functionally, communicate succinctly and efficiently

Conditions of Employment:

• Candidates must be eligible to work in the country of interest, at the time any offer of employment is made and seeking any required work permits/visas or other authorizations which may be required is the sole responsibility of the candidates applying for this position.

Linguistic Requirements

Based on equal qualifications, preference will be given to bilingual candidates.

Diversity and Inclusion

Air Canada is strongly committed to Diversity and Inclusion and aims to create a healthy, accessible and rewarding work environment which highlights employees’ unique contributions to our company’s success.

As an equal opportunity employer, we welcome applications from all to help us build a diverse workforce which reflects the diversity of our customers, and communities, in which we live and serve.

Air Canada thanks all candidates for their interest; however only those selected to continue in the process will be contacted.