About the role
Being part of Air Canada is to become part of an iconic Canadian symbol, recently ranked the best Airline in North America. Let your career take flight by joining our diverse and vibrant team at the leading edge of passenger aviation. The Director of Product Security is a strategic leadership role entrusted to safeguard Air Canada’s products and services from a diverse array of cyber threats. This pivotal position requires a dynamic leader who can craft and execute robust security strategies, influence product development teams, and embed security best practices deep within every phase of the product lifecycle. Through proactive risk mitigation and strategic collaboration, the Director of Product Security is instrumental in protecting organizational assets and customer data and fostering a culture of trust.
Responsibilities Strategy and Planning
- Design, develop, and implement comprehensive product security strategies and multi-year roadmaps tailored to the organization’s vision, technology stack, and threat landscape.
- Define security objectives, development standards and key results, ensuring alignment with business goals and regulatory requirements.
- Continuously evaluate and refine product security to address evolving cyber threats, emerging technologies, and business priorities.
Leadership
- Recruit, manage, and mentor a high-performing team of security and product development professionals. Foster a culture of security awareness, accountability, and continuous improvement throughout the organization.
- Set clear performance expectations, provide regular feedback, and support professional development and certification opportunities.
Product Security
- Collaborate with product management, engineering, and DevOps teams, influencing and integrating security considerations and standards from product ideation through to deployment and maintenance.
- Champion the adoption of secure development lifecycle (SDL) practices, including threat modeling, secure coding, code review, security testing, and vulnerability management.
- Implement and manage security oversight in AI development including model security to protect from adversarial attacks, data governance for the secure handling of training data, and access controls for model training environments.
- Implement and manage data, application, and cloud security posture management capabilities to identify and appropriately manage sensitive data, monitor deployments for adherence to secure cloud configuration standards, and prioritize application remediation across product teams.
- Embed security gates and automation into CI/CD pipelines to ensure early and effective detection of vulnerabilities using SAST, DAST and other security testing methodologies.
- Conduct regular risk assessments and product security reviews to identify potential vulnerabilities and threats across all stages of development and deployment.
- Develop, implement, and track mitigation plans for identified risks, collaborating with cross-functional teams to ensure timely remediation.
- Deliver clear and actionable risk reports to executive leadership, articulating the business impact and prioritization of security initiatives.
- Ensure all products and services adhere to relevant security standards (such as NIST CSF, NIST SSDF, SOC2, PCI DSS, GDPR, HIPAA, etc.) and regulatory requirements.
- Stay informed of, and respond to, legal and compliance changes that may affect product security requirements.
- Partner with legal, compliance, and privacy teams to ensure a coordinated approach to data protection and regulatory compliance.
- Develop, maintain, and regularly test comprehensive incident response and crisis management plans focused on product security breaches and vulnerabilities. Ensure Disaster Recovery and Business Continuity are considered.
- Lead or support the response to product security incidents, including investigation, containment, eradication, and post-incident analysis.
- Document and report on incidents, ensuring lessons learned are integrated into future product and security strategies.
- Design and deliver ongoing security awareness and training programs for employees, contractors, and key stakeholders to promote secure behaviors and a shared sense of responsibility.
- Communicate security policies, procedures, and expectations across the organization in a clear, accessible manner.
Stay Current
- Monitor the cyber threat landscape, including new attack techniques, vulnerabilities, and evolving technologies applicable to the organization’s products.
- Participate in industry groups, conferences, and relevant forums to benchmark practices, exchange intelligence, and foster a network of professional relationships.
- Continuously evaluate and recommend new tools, technologies, and methodologies to enhance the organization’s product security posture.
This position is accountable for an annual budget of approximately $5 million. The challenge associated with this role is driving down risk in a product team that has not had to concern itself with security much in the past. It is about changing processes, mindsets and outcomes to ensure Air
Canada is protected in the future.
Qualifications
- Bachelor’s or master’s degree in Computer Science, Information Security,
- Engineering, or a related field, or equivalent practical experience.
- 10+ years of progressive experience in cybersecurity, with at least 5 years in a leadership or management role focused on product security.
- Strong knowledge of secure software development, application security testing, cloud security, product management, and cyber risk management frameworks.
- Experience with regulatory standards and frameworks relevant to the organization’s industry and markets.
- Exceptional leadership, communication, and influence skills, with a proven track record of driving cross-functional initiatives.
- Relevant certifications such as CISSP, CISM, CSSLP, or equivalent are desirable.
- Hands-on experience with security tools, automation, and modern DevSecOps practices is an asset.
- Strategic thinker with the ability to see both the big picture and tactical details.
- Highly collaborative and able to inspire trust and confidence across the organization.
- Resilient, adaptable, and able to thrive in fast-paced, rapidly evolving environments.
- Excellent analytical and problem-solving skills, with an aptitude for translating technical issues into clear business risks and solutions.
- Passionate about continuous learning and professional growth for self and team.
- Demonstrate punctuality and dependability to support overall team success in a fast-paced environment.
Conditions Of Employment
- Candidates must be eligible to work in the country of interest, at the time any offer of employment is made and seeking any required work permits/visas or other authorizations which may be required is the sole responsibility of the candidates applying for this position.
Linguistic Requirements Based on equal qualifications, preference will be given to bilingual candidates.
Diversity and Inclusion Air Canada is strongly committed to Diversity and Inclusion and aims to create a healthy, accessible and rewarding work environment which highlights employees’ unique contributions to our company’s success.
As an equal opportunity employer, we welcome applications from all to help us build a diverse workforce which reflects the diversity of our customers, and communities, in which we live and serve.
Air Canada thanks all candidates for their interest; however only those selected to continue in the process will be contacted.
About Air Canada
Canada's largest airline, the country’s flag carrier and a founding member of Star Alliance, the world's most comprehensive air transportation network celebrating its 25thanniversary in 2022, Air Canada provides scheduled passenger service directly to 51 airports in Canada, 51 in the United States and 86 internationally. It is the only international network carrier in North America to receive a Four-Star ranking from Skytrax, which in 2021 gave Air Canada awards for the Best Airline Staff in North America, Best Airline Staff in Canada, Best Business Class Lounge in North America, and an excellence award for its management of the COVID-19 pandemic.
**
Air Canada est la plus importante société aérienne du Canada, le transporteur national du pays et un membre cofondateur du réseau Star Alliance — le plus vaste regroupement mondial de sociétés aériennes, qui célèbre son 25e anniversaire en 2022. Les lignes passagers régulières d’Air Canada relient sans escale 51 aéroports au Canada, 51 aux États-Unis et 86 sur le reste du globe. En Amérique du Nord, Air Canada constitue le seul transporteur aérien d’envergure internationale offrant une gamme complète de services à détenir la cote quatre étoiles de Skytrax qui, en 2021, lui a décerné les prix Meilleur personnel au sol et à bord en Amérique du Nord, Meilleur personnel au sol et à bord au Canada, Meilleur salon de classe affaires en Amérique du Nord ainsi qu’un Prix d’excellence pour sa gestion de la pandémie de la COVID-19.
About the role
Being part of Air Canada is to become part of an iconic Canadian symbol, recently ranked the best Airline in North America. Let your career take flight by joining our diverse and vibrant team at the leading edge of passenger aviation. The Director of Product Security is a strategic leadership role entrusted to safeguard Air Canada’s products and services from a diverse array of cyber threats. This pivotal position requires a dynamic leader who can craft and execute robust security strategies, influence product development teams, and embed security best practices deep within every phase of the product lifecycle. Through proactive risk mitigation and strategic collaboration, the Director of Product Security is instrumental in protecting organizational assets and customer data and fostering a culture of trust.
Responsibilities Strategy and Planning
- Design, develop, and implement comprehensive product security strategies and multi-year roadmaps tailored to the organization’s vision, technology stack, and threat landscape.
- Define security objectives, development standards and key results, ensuring alignment with business goals and regulatory requirements.
- Continuously evaluate and refine product security to address evolving cyber threats, emerging technologies, and business priorities.
Leadership
- Recruit, manage, and mentor a high-performing team of security and product development professionals. Foster a culture of security awareness, accountability, and continuous improvement throughout the organization.
- Set clear performance expectations, provide regular feedback, and support professional development and certification opportunities.
Product Security
- Collaborate with product management, engineering, and DevOps teams, influencing and integrating security considerations and standards from product ideation through to deployment and maintenance.
- Champion the adoption of secure development lifecycle (SDL) practices, including threat modeling, secure coding, code review, security testing, and vulnerability management.
- Implement and manage security oversight in AI development including model security to protect from adversarial attacks, data governance for the secure handling of training data, and access controls for model training environments.
- Implement and manage data, application, and cloud security posture management capabilities to identify and appropriately manage sensitive data, monitor deployments for adherence to secure cloud configuration standards, and prioritize application remediation across product teams.
- Embed security gates and automation into CI/CD pipelines to ensure early and effective detection of vulnerabilities using SAST, DAST and other security testing methodologies.
- Conduct regular risk assessments and product security reviews to identify potential vulnerabilities and threats across all stages of development and deployment.
- Develop, implement, and track mitigation plans for identified risks, collaborating with cross-functional teams to ensure timely remediation.
- Deliver clear and actionable risk reports to executive leadership, articulating the business impact and prioritization of security initiatives.
- Ensure all products and services adhere to relevant security standards (such as NIST CSF, NIST SSDF, SOC2, PCI DSS, GDPR, HIPAA, etc.) and regulatory requirements.
- Stay informed of, and respond to, legal and compliance changes that may affect product security requirements.
- Partner with legal, compliance, and privacy teams to ensure a coordinated approach to data protection and regulatory compliance.
- Develop, maintain, and regularly test comprehensive incident response and crisis management plans focused on product security breaches and vulnerabilities. Ensure Disaster Recovery and Business Continuity are considered.
- Lead or support the response to product security incidents, including investigation, containment, eradication, and post-incident analysis.
- Document and report on incidents, ensuring lessons learned are integrated into future product and security strategies.
- Design and deliver ongoing security awareness and training programs for employees, contractors, and key stakeholders to promote secure behaviors and a shared sense of responsibility.
- Communicate security policies, procedures, and expectations across the organization in a clear, accessible manner.
Stay Current
- Monitor the cyber threat landscape, including new attack techniques, vulnerabilities, and evolving technologies applicable to the organization’s products.
- Participate in industry groups, conferences, and relevant forums to benchmark practices, exchange intelligence, and foster a network of professional relationships.
- Continuously evaluate and recommend new tools, technologies, and methodologies to enhance the organization’s product security posture.
This position is accountable for an annual budget of approximately $5 million. The challenge associated with this role is driving down risk in a product team that has not had to concern itself with security much in the past. It is about changing processes, mindsets and outcomes to ensure Air
Canada is protected in the future.
Qualifications
- Bachelor’s or master’s degree in Computer Science, Information Security,
- Engineering, or a related field, or equivalent practical experience.
- 10+ years of progressive experience in cybersecurity, with at least 5 years in a leadership or management role focused on product security.
- Strong knowledge of secure software development, application security testing, cloud security, product management, and cyber risk management frameworks.
- Experience with regulatory standards and frameworks relevant to the organization’s industry and markets.
- Exceptional leadership, communication, and influence skills, with a proven track record of driving cross-functional initiatives.
- Relevant certifications such as CISSP, CISM, CSSLP, or equivalent are desirable.
- Hands-on experience with security tools, automation, and modern DevSecOps practices is an asset.
- Strategic thinker with the ability to see both the big picture and tactical details.
- Highly collaborative and able to inspire trust and confidence across the organization.
- Resilient, adaptable, and able to thrive in fast-paced, rapidly evolving environments.
- Excellent analytical and problem-solving skills, with an aptitude for translating technical issues into clear business risks and solutions.
- Passionate about continuous learning and professional growth for self and team.
- Demonstrate punctuality and dependability to support overall team success in a fast-paced environment.
Conditions Of Employment
- Candidates must be eligible to work in the country of interest, at the time any offer of employment is made and seeking any required work permits/visas or other authorizations which may be required is the sole responsibility of the candidates applying for this position.
Linguistic Requirements Based on equal qualifications, preference will be given to bilingual candidates.
Diversity and Inclusion Air Canada is strongly committed to Diversity and Inclusion and aims to create a healthy, accessible and rewarding work environment which highlights employees’ unique contributions to our company’s success.
As an equal opportunity employer, we welcome applications from all to help us build a diverse workforce which reflects the diversity of our customers, and communities, in which we live and serve.
Air Canada thanks all candidates for their interest; however only those selected to continue in the process will be contacted.
About Air Canada
Canada's largest airline, the country’s flag carrier and a founding member of Star Alliance, the world's most comprehensive air transportation network celebrating its 25thanniversary in 2022, Air Canada provides scheduled passenger service directly to 51 airports in Canada, 51 in the United States and 86 internationally. It is the only international network carrier in North America to receive a Four-Star ranking from Skytrax, which in 2021 gave Air Canada awards for the Best Airline Staff in North America, Best Airline Staff in Canada, Best Business Class Lounge in North America, and an excellence award for its management of the COVID-19 pandemic.
**
Air Canada est la plus importante société aérienne du Canada, le transporteur national du pays et un membre cofondateur du réseau Star Alliance — le plus vaste regroupement mondial de sociétés aériennes, qui célèbre son 25e anniversaire en 2022. Les lignes passagers régulières d’Air Canada relient sans escale 51 aéroports au Canada, 51 aux États-Unis et 86 sur le reste du globe. En Amérique du Nord, Air Canada constitue le seul transporteur aérien d’envergure internationale offrant une gamme complète de services à détenir la cote quatre étoiles de Skytrax qui, en 2021, lui a décerné les prix Meilleur personnel au sol et à bord en Amérique du Nord, Meilleur personnel au sol et à bord au Canada, Meilleur salon de classe affaires en Amérique du Nord ainsi qu’un Prix d’excellence pour sa gestion de la pandémie de la COVID-19.