Manager, IT

Unlock your career potential at Air Canada, a leading Canadian symbol and ranked the best airline in North America.

The Manager, IT Cyber GRC Policy and Regulatory plays a vital role in ensuring Air Canada's IT Cyber operations comply with relevant laws, regulations, and internal policies. This individual will be responsible for liaising with internal and external parties to identify, assess, and analyze regulatory and legislative environments, emerging issues, and upcoming changes impacting organizational operational and compliance processes.

This role will work closely with key teams across the organization to develop an appropriate policy portfolio providing guidance, consistency, accountability, efficiency, and clarity on how the organization operates. The Manager will collaborate with process owners to ensure internal processes meet policy requirements, mitigating risks, and ensuring compliance.

The Manager, IT Cyber GRC Policy and Regulatory, will establish and operationalize a governance framework ensuring the policy portfolio meets internal and external requirements. They will manage and develop a team to support external regulations and policy portfolio functions, optimizing risk and improving compliance.

Responsibilities:
Liaise with internal and external parties to identify, assess, analyze, and monitor legal and regulatory requirements relevant to IT Cyber organizations within Air Canada.
Facilitate and document interpretation decisions, working with Legal and Privacy teams to evaluate external requirements and obtain independent counsel as necessary.
Identify emerging issues and upcoming changes impacting operational and compliance processes, mapping impacts on IT Cyber policies, directives, and processes, and developing plans with stakeholders to ensure timely compliance.
Assess the impact of IT Cyber-related legal and regulatory requirements on third-party contracts related to IT Cyber operations service providers and business trading partners, ensuring appropriate controls and quality processes are in place.
Collaborate with internal stakeholders and recommend operational process and system changes required to implement and monitor new or existing regulation or legal requirements within IT Cyber.
Work closely with other departments to communicate, implement, and change processes to mitigate risks and drive integrated compliance efforts.
Liaise with regulatory agencies and internal or external auditors as required.
Policy Portfolio Management:
Develop and operationalize a proactive policy management framework (create, update, retire, implement) to ensure policies meet organizational needs, address IT Cyber greatest risks, and respond to changing business, technology, and compliance requirements.
Work closely with key teams across IT Cyber to develop an appropriate policy portfolio providing guidance, consistency, accountability, efficiency, and clarity on how the organization operates. Ensure document ownership is clearly defined, and clear and concise roles and responsibilities are identified.
Regularly review the policy portfolio to validate that it enables critical processes and procedures and reflects applicable changes in laws and regulations. Identify policy update requirements and work with appropriate teams to review and adjust policies, principles, standards, procedures, and methodologies to ensure necessary compliance and address enterprise risk.
Compliance, Training Awareness:
Develop and operationalize a compliance governance framework to ensure the organization adheres to legal and regulatory requirements, including developing policies and directives, identifying and mitigating compliance risks, monitoring and reporting on compliance status, training and awareness, and driving assurance initiatives.
Lead the production of tactical implementation plans to operationalize policy decisions and developments and oversee quality assurance.
Support operational compliance teams in achieving organizational compliance objectives by developing and operationalizing plans to mature the external compliance practices within IT Cyber considering people, processes, and technology.
Develop and execute a plan to improve the culture of compliance across the organization by promoting open dialog, ensuring all levels of management are leading by example, integrating compliance into daily operations, and ensuring effective training and awareness programs are in place to drive adoption.
Communication, Documentation, and Reporting:
Develop and drive an effective communication framework to clearly convey new and changed requirements to all relevant stakeholders, ensuring new or changed requirements are incorporated into processes and roles as needed.
Clearly define and proactively communicate the consequences of noncompliance to appropriate stakeholders and leadership, ensuring complex compliance materials are presented appropriately to non-technical stakeholders and leadership.
Promote the use of policies as a mechanism for how IT Cyber works to balance operational and risk needs.
Maintain an up-to-date log of all relevant legal, regulatory, and contractual requirements, their impact, and required actions.
Develop and maintain KPIs to track the effectiveness and efficiency of the IT Cyber external compliance processes in supporting AC's compliance requirements.
Report on compliance status to senior management and regulatory bodies.
Qualifications:
Bachelor degree or equivalent relevant experience, legal degree preferred.
5+ years' experience in IT Cyber.
10+ years' experience related to external compliance.
Expertise in interpreting legislation and regulations: demonstrated ability to analyze complex data and legal texts to understand their implications on the organization.
Knowledge and understanding of regulatory frameworks and processes related to the Aviation sector and relevant provincial and federal policies and programs.
Experience in leading compliance programs within the Aviation industry.
Understanding of business technologies and their impact on control practices.
Demonstrated knowledge of internal and external audit processes/practices/controls.
Completion of relevant professional certification(s) is preferred.
Good understanding of IT Cyber processes, COBIT, ITIL, NIST certification preferred.
Ability to build relationships and bring together others with different perspectives and opinions toward a common goal.
Excellent verbal and written communication skills with the ability to influence the actions of internal stakeholders and manage relationships with external stakeholders.
Strong teamwork skills, embodying Air Canada's philosophies, vision, and values.
Proven ability to work cross-functionally, communicate succinctly, and efficiently.
Conditions of Employment:
Candidates must be eligible to work in the country of interest, at the time any offer of employment is made, and seeking any required work permits/visas or other authorizations which may be required is the sole responsibility of the candidates applying for this position.
Linguistic Requirements:
Based on equal qualifications, preference will be given to bilingual candidates.

Diversity and Inclusion:
Air Canada is strongly committed to Diversity and Inclusion and aims to create a healthy, accessible, and rewarding work environment that highlights employees' unique contributions to our company's success.

As an equal opportunity employer, we welcome applications from all to help us build a diverse workforce that reflects the diversity of our customers and communities. Read more