Air Canada
Being part of Air Canada is to become part of an iconic Canadian symbol, recently ranked the best Airline in North America. Let your career take flight by joining our diverse and vibrant team at the leading edge of passenger aviation.
The Director of Product Security is a strategic leadership role entrusted to safeguard Air Canada’s products and services from a diverse array of cyber threats. This pivotal position requires a dynamic leader who can craft and execute robust security strategies, influence product development teams, and embed security best practices deep within every phase of the product lifecycle. Through proactive risk mitigation and strategic collaboration, the Director of Product Security is instrumental in protecting organizational assets and customer data and fostering a culture of trust.
Responsibilities:
Strategy and Planning
Design, develop, and implement comprehensive product security strategies
and multi-year roadmaps tailored to the organization’s vision, technology stack, and threat landscape.
Define security objectives, development standards and key results, ensuring alignment with business goals and regulatory requirements.
Continuously evaluate and refine product security to address evolving cyber threats, emerging technologies, and business priorities.
Leadership
Recruit, manage, and mentor a high-performing team of security and product development professionals. Foster a culture of security awareness, accountability, and continuous improvement throughout the organization.
Set clear performance expectations, provide regular feedback, and support professional development and certification opportunities.
Product Security
Collaborate with product management, engineering, and DevOps teams, influencing and integrating security considerations and standards from product ideation through to deployment and maintenance.
Champion the adoption of secure development lifecycle (SDL) practices, including threat modeling, secure coding, code review, security testing, and vulnerability management.
Implement and manage security oversight in AI development including model security to protect from adversarial attacks, data governance for the secure handling of training data, and access controls for model training environments.
Implement and manage data, application, and cloud security posture management capabilities to identify and appropriately manage sensitive data, monitor deployments for adherence to secure cloud configuration standards, and prioritize application remediation across product teams.
Embed security gates and automation into CI/CD pipelines to ensure early and effective detection of vulnerabilities using SAST, DAST and other security testing methodologies.
Conduct regular risk assessments and product security reviews to identify potential vulnerabilities and threats across all stages of development and deployment.
Develop, implement, and track mitigation plans for identified risks, collaborating with cross-functional teams to ensure timely remediation.
Deliver clear and actionable risk reports to executive leadership, articulating the business impact and prioritization of security initiatives.
Ensure all products and services adhere to relevant security standards (such as NIST CSF, NIST SSDF, SOC2, PCI DSS, GDPR, HIPAA, etc.) and regulatory requirements.
Stay informed of, and respond to, legal and compliance changes that may affect product security requirements.
Partner with legal, compliance, and privacy teams to ensure a coordinated approach to data protection and regulatory compliance.
Develop, maintain, and regularly test comprehensive incident response and crisis management plans focused on product security breaches and vulnerabilities.
Ensure Disaster Recovery and Business Continuity are considered. Lead or support the response to product security incidents, including investigation, containment, eradication, and post-incident analysis. Document and report on incidents, ensuring lessons learned are integrated into future product and security strategies. Design and deliver ongoing security awareness and training programs for employees, contractors, and key stakeholders to promote secure behaviors and a shared sense of responsibility. Communicate security policies, procedures, and expectations across the organization in a clear, accessible manner. Stay Current Monitor the cyber threat landscape, including new attack techniques, vulnerabilities, and evolving technologies applicable to the organization’s products. Participate in industry groups, conferences, and relevant forums to benchmark practices, exchange intelligence, and foster a network of professional relationships. Continuously evaluate and recommend new tools, technologies, and methodologies to enhance the organization’s product security posture. This position is accountable for an annual budget of approximately $5 million.
The challenge associated with this role is driving down risk in a product team that has not had to concern itself with security much in the past.
It is about changing processes, mindsets and outcomes to ensure Air Canada is protected in the future.
Ensure Disaster Recovery and Business Continuity are considered. Lead or support the response to product security incidents, including investigation, containment, eradication, and post-incident analysis. Document and report on incidents, ensuring lessons learned are integrated into future product and security strategies. Design and deliver ongoing security awareness and training programs for employees, contractors, and key stakeholders to promote secure behaviors and a shared sense of responsibility. Communicate security policies, procedures, and expectations across the organization in a clear, accessible manner. Stay Current Monitor the cyber threat landscape, including new attack techniques, vulnerabilities, and evolving technologies applicable to the organization’s products. Participate in industry groups, conferences, and relevant forums to benchmark practices, exchange intelligence, and foster a network of professional relationships. Continuously evaluate and recommend new tools, technologies, and methodologies to enhance the organization’s product security posture. This position is accountable for an annual budget of approximately $5 million.
The challenge associated with this role is driving down risk in a product team that has not had to concern itself with security much in the past.
It is about changing processes, mindsets and outcomes to ensure Air Canada is protected in the future.