Cyber Security Advisor

**Role and Responsibilities** Working within the Cybersecurity team, the Global Cybersecurity Advisor will engage with stakeholders across Civil and D&S (Germany & Canada) lines of business to represent the collective cybersecurity interests of the team during project engagements through various primary activities listed below. - Developing and maintaining an in-depth understanding of the business unit, technologies, customers, partners, alliances, systems, processes, consumers, data, and customers. - Acting as a partner with the legal, compliance, and IT resources to establish an effective working relationship that enhances the security program effectiveness for D&S (Germany and Canada). - Acting as liaison for implementation of the information security policies and procedures, bids and proposals and risk management assessments and mitigation. - Identifying and acting on all non-compliance areas for improvement and facilitates the development and deployment of the solutions. - Coordinating Service Level Management for cybersecurity and assurance. Key Areas of Responsibilities: - ** Cybersecurity Strategy**: Develop, implement, and continually refine Civil and D&S (Germany & Canada) Cyber Security AdvisorCystrategy and policies to align with business objectives and emerging threats. Gather insights for Cybersecurity from business lines to influence CISO strategy and facilitate development of security tools/services to enable business objectives. - ** Risk Assessment**: Coordinate & conduct regular risk assessments and vulnerability analysis to identify potential security threats and vulnerabilities within systems and data. - ** Security Governance**: Establish and advocate effective security governance practices to ensure that security measures and controls are consistent with business goals and industry best practices. - ** Compliance and Regulations**: Stay up to date with cybersecurity laws and regulations, ensuring compliance with relevant standards (e.g., NIST, ISO 27001, GDPR) and industry-specific requirements. - ** Incident Response Planning**: Serve as the line of business point of contact in the event of cyber incidents and coordinate a response by bringing business, cyber and other teams together as necessary. - ** Security Audits and Assessments**: Coordinate and oversee internal and external security audits, vulnerability assessments, and penetration testing for the Civil and D&S (Germany & Canada) lines of business. - ** Vendor Risk Management**: Evaluate the security practices of third-party vendors, ensuring they meet security standards and contractual requirements. - ** Security Technology Selection**: Evaluate and recommend technologies, tools, and solutions to protect the information assets. - ** Security Research and Analysis**: Stay current with emerging cybersecurity threats, trends, and technologies to proactively adapt security measures to new challenges. - ** Security Awareness and Culture**: Promote a strong security culture throughout the Civil and D&S (Germany & Canada) lines of business and engage with employees at all levels to foster a security-conscious environment. - ** Cybersecurity Incident Tabletop Exercises**: Organize tabletop exercises to test incident response and recovery procedures. - ** Collaboration**: Work closely with stakeholders to ensure that security measures align with business objectives and provide guidance on security-related decisions. - ** Continuous Improvement**: Continually assess and improve the organization's cybersecurity posture by adopting industry best practices and innovative solutions. Additional Accountabilities: - Participate in region related conferences, client facing engagements, industry forums to represent CAE’s Cybersecurity program. - Participate in innovation projects and other unplanned activities. - Act as a mentor by providing advice, guidance, and education to members of the team. Desired Skills and Experience - 5 Years in a Cybersecurity role, preferably within a GRC or Cybersecurity PM context - Knowledge of industry compliance standards and frameworks such as NIST, CMMC - Ability to juggle multiple priorities with a wide variety of stakeholders, both technical and business focused - Excellent communication and presentation skills - Industry certifications such as CISSP, CISM, PMP, CRISC - Past IT experience an asset - Past Defence and Security experience an asset **Position Type** Regular CAE thanks all applicants for their interest. However, only those whose background and experience match the requirements of the role will be contacted. **Equal Employment Opportunity** At CAE, everyone is welcome to contribute to our success. With no exception. As captured in our overarching value "One CAE", we’re proud to work as one passionate, boundaryless and inclusive team. At CAE, all employees are welcome regardless of race, nationality, colour, religion, sex, gender identity or expression, sexual orientation, disabi