General Manager, Cybersecurity

Number of positions available: 1
Status: Permanent Full-Time
Salary: Excluded
Closing Date: August 16, 2019

We are more than planes and tarmacs. Our purpose travels beyond building and managing world-class facilities and runways, and into the communities we serve. The Calgary Airport Authority is made up of nearly 300 employees who are driven by creating memorable and effortless experiences that reflect the beautiful city and region we serve. Motivated by our vision, we strive to turn the airport experience at YYC into one that air travelers are excited to be a part of.

As a primary driver of our city’s economy and growth, we have an opportunity to help make Calgary a global economic powerhouse. We believe our focus on the future will fuel our city’s next generation of prosperity. And we are ready, willing and able to step up to the challenge. At one of Canada’s busiest airports, our team is working hard to create the best possible experiences for the guests and visitors that arrive, depart and connect through our airport, and we need the help of the best people to help get us there.

As the General Manager, Cybersecurity, you will expand  and mature the Cybersecurity Program for the Calgary International Airport and help ensure the safe operation of the Calgary Airport Authority’s systems. Reporting to the VP, Infrastructure & CIO, you will provide leadership and direction to internal and external resources engaged to deliver the necessary services for a successful Cybersecurity Program.  You will be working closely with all levels of the organization, assisting with compliance requirements, education and training, and providing technical security expertise.

Key accountabilities include:

• Determine the required services and contributions for Cybersecurity and ensure there is a resource plan in place to meet these demands.
• Build relationships and alignment between other partners and groups within the airport community, such as Airport Security, Operations, Communications, Risk & Compliance, among others.
• Assist the CIO with the development of the annual Cybersecurity Group budget and manage capital and operational costs.

Governance & Compliance
• Oversee the development, delivery, and maintenance of Cybersecurity policies, standards, procedures, and guidelines.
• Assist other IT groups and business units in the development of their own policies, standards, procedures, and guidelines, as they relate to security of systems and data.
• Lead the development of an IT Audit and Compliance framework and maintain the Cybersecurity Compliance Program and update it as additional requirements are raised or issued via new standards or regulations (eg. NIST-CSF, ISO 27000-series, governmental requirements).
• Work with all levels of management to develop YYC"s Cybersecurity reporting and awareness program, Cybersecurity training and tabletop exercises for airport employees and provide guidance as the subject matter expert.
• Act as point of contact for all Cybersecurity compliance and enforcement related matters. 

Risk Management & Incident Response
• Expand on the ongoing risk assessment program focused on Cybersecurity, and aligned with the Authority Enterprise Risk Management strategy.
• Maintain a Testing and Assessment Methodology and oversee regular testing and assessment (i.e. vulnerability assessments, phishing testing, etc.)
• Continuously improve the IT Incident Response Plan, with a specific focus on Cybersecurity events or incidents, alleged policy violations, or complaints from external parties.
• Assist all business units with the prevention of Cybersecurity-related incidents, including providing recommendations and proposing improvements to technologies and the data they hold.

Ideally, YYC’s next General Manager of Cybersecurity would possess the following:
• Bachelor of Computer Science or equivalent degree or experience, combined with a minimum of 10 plus years progressive IT experience within a complex business environment.
• A minimum of four (4) years of direct Cybersecurity experience and leading a team of Cybersecurity professionals or a similar function.
• A minimum of six (6) years of combined relevant experience in various IT areas (e.g., physical systems, implementation, server/ network infrastructure, data management; business continuity; IT operations).
• An industry certification or designation in Cyber Security, such as CISSP, is preferred.
• Strong knowledge of various security products such as firewalls, IPS (network and host-based), and incident response tools.

• Knowledge of prevalent industry standards (NIST-CSF, ISO 27000-series, etc.) and the management and operation of an Enterprise Risk Management system is preferred.
• Knowledge of cybersecurity best practices including application and operating system hardening, vulnerability assessments, security audits, public key infrastructure, and computer forensics.
• Experience working in incident response and with the incident masnagement lifecycle.
• Experience working with various business groups in a complex and unionized environment.
• Experience running and contributing to IT audit process.
• General IT Management experience including managing budgets. 
• Experience developing and documenting policies, protocols, and procedures.
• Solid understanding of concepts in networking, applications, and operating system functionality.
• Ability to translate technical information to non-technical audiences and vice versa.
• Ability to interpret regulatory and legal requirements.
• Experience analyzing and assessing threat vectors and root causes of issues.
• Organized and methodical, with strong attention to detail and ability to analyze and interpret information.

Are you looking for the journey of a lifetime? One that’s focused on creating effortless and memorable experiences for millions of guests and travelers each year. Click the apply button for your chance to learn how you can be a part of one of Alberta"s Top Employers.

Sign up for job alerts