Senior Manager Cyber Security Risk Management

Overview

WELCOME TO SITA

is the leading specialist in air transport communications and information technology. We dont just connect the global aviation industry, we apply decades of experience and expertise to address almost every core business, operational, baggage, and passenger process in air transport.

As an organization, we cover 95% of all international air travel destinations and work with over 2,800 air transport and government customers in every corner of the globe.

Immerse yourself in the dynamic world of technology while embracing our collaborative, and inclusive culture.

Ready to redefine air travel? The journey starts here, with you at SITA.

ABOUT THE ROLE & TEAM :

The world isnt standing still, and neither is our organization. Were moving quickly, looking across our businesses, portfolios and geographies and taking bold steps to better serve customers evolving security and privacy needs.

Thats why now is an exciting time to join our team. Youll have opportunities to take risks, challenge the status quo and shape the future for the greater good.

This opportunity is with one of the largest and leading multinational and global technology providers to the commercial aviation industry.

We support and secure some of the most complex government, borders, airports and airlines across the globe.

You make it your own by bringing your ideas and unique perspective to our culture. By owning your opportunity, you are helping us ensure today is safe and tomorrow is safer for air travel.

Our work depends on effectively managing cyber risks and vulnerabilities and we are looking for a risk manager to join our team to support, extend and reinvent operational risk management (ORM) based in Montreal, QC

Joining the Risk Management team at SITA means contributing to a transformation and having a direct impact on enterprise risk.

In your role as Manager Cybersecurity Risk Management, youll help improve the risk management strategy. Youll also oversee the deployment, prioritization and monitoring of the technology and cyber risk strategy and roadmap.

This involves developing, implementing and continuously improving reporting metrics, frameworks and models, in particular operational risk reports and reports to the CISO and Information Security steering functions.

WHAT YOU WILL DO :

This role reports directly to the organizations CISO, keeping clear lines of communication including but not limited to :

• Transparency on current enterprise risks and risk / cyber debt levels
• Reporting of exceptions to the CISO and appropriate committees
• Provide input into business processs related to information security incident response process, identifying impact to the business and to customers, helping to shape remediation, and developing external and internal message points.
• Effectively manage a team of risk analyst professionals and foster a stimulating work environment that reflects your strong leadership skills while driving structure and rigor into the operational aspects of risk management.
• Maximize employee contribution by setting performance objectives based on the business plan while encouraging innovation.
• Manage a team that is responsible for training and raising awareness of risk management governance and process to risk owners and stakeholders.
• Support the evolution of internal tools and dashboards for qualitative and quantitative risk assessment to drive risk reduction.
• Influencing IT budget definition and prioritization

Key Responsibilities

• Your team will be the primary single point of contact for timely and accurate tracking, reporting, managing and escalating cybersecurity risks and risk exceptions with risk owners for mitigation or remediation.
• Identify opportunities for enhanced data enrichment, alert creation & tuning, or automation.
• Partner with our Governance, Architecture, and Engineering and Operations organizations to develop process enhancements.
• Hold the team accountable for responsiveness, ensuring queries to ORM are handled effectively.
• Ability to manage conflicting priorities, identifying and executing on critical paths to drive forward progress.
• Enjoy a fast-paced environment that will accelerate career growth in Cybersecurity and Risk Management.
• Maintain a staffing to provide business hour coverage from 6 : 00am - 4 : 00pm EST, providing overlap to support European and Middle East business operations.
• Document and track metrics and analyze trends to implement measures that prevent recurring problems and improve customer experience.
• Provide a weekly status report on risk database changes / risk register impact changes.

Qualifications

EXPERIENCE :

Combining business acumen with technical knowledge and risk management experience, the candidate owns the responsibilities related to ORM to ensure the cyber security risks of the organization are handled appropriately.

• University degree.
• Advanced knowledge and expertise of technology risk, certified as either / both CISA, CRISC.
• 10+ years of experience in Risk Management and security governance at a large organization.
• 5+ years of direct staff management as a cyber and technology risk manager.
• 5+ years of experience in Information Security related role (architecture, technology, operations).
• 5+ years of direct personnel management (motivating and fostering creativity).
• Cyber security certification(s) (CISSP, ISSMP, CCSP) an asset.
• Knowledge of PCI DSS, ISO 27000, SOC2, NIST, CIS and other compliance regulations is critical.
• Knowledge of laws, regulations, policies as they relate to the cyber security area of expertise an asset.
• In-depth understanding of cyber security architectures, technical platforms, threat management standards and industry best practices.
• Subject matter expertise on enterprise risk management and ability to apply these to the organization's overall risk strategy.
• Knowledge of cyber threats and vulnerabilities as they relate to the cyber security area of expertise.
• Knowledge of specific operational impacts of cyber security lapses as they relate to the cyber security area of expertise.
• Ability to interpret and apply policies and regulations across a large, complex business.
• Analytical aptitude with an emphasis on investigative, methodical critical questioning and logical thinking; a data-driven decision maker.
• High level of interpersonal skills to interact with leaders at multiple levels and facilitate team interactions.
• Strong ability to work well with a diverse staff base.
• Demonstrated experience in making processes more efficient.
• Excellent English written, oral and presentation skills.

Preferred Qualifications

• Knowledge of operations testing and evaluation methods as they relate to the Cyber Security area of expertise.
• Experience managing a technical team in an operational environment considered a plus.
• Experience in network and cyber security design, engineering and operations.
• Understanding of DevOps / Agile concepts and processes.
• Experience in the Aviation or transportation sectors preferred.

WHAT WE OFFER :

SITAs workplace is all about diversity, many different countries and cultures are represented in our workforce. We collaborate in our impressive offices, embracing a hybrid work format.

As part of our global benefits, we offer :

Flex-week : Work from home up to 2 days / week (depending on your Team's needs).

Flex-day : You may wish to flex your arrival time at the office, to beat the rush hours or you may want to leave the office earlier to pick up your kids from school or to go to your favorite game : We support you in being open about your needs and routine with you manager.

Flex-location : Benefit for 30 working days from anywhere around the world each year!

Competitive benefits according to the local market

SITA is an Employment Equity Employer and values a diverse workforce. In support of our Employment Equity Program, women, Aboriginal people, members of visible minorities, and / or persons with disabilities are encouraged to apply and self-identify in the application process.