Security and Governance Analyst

April 25 2019
Industries Airspace, Aviation, National Defence
Categories Information Technology, Security - Continuity - Risk, Executive, Aerospace, Aviation, Airport, IT - Systems - Software - Telecom, Professional and Administration Positions
Calgary, AB

Life at Swoop.

When you work for Swoop, you’re a part of an entrepreneurial startup where nimble, bold, collaborative and digitally-focused are just a few of the words we use to summarize how we roll. Swoop is a wholly owned subsidiary of the WestJet Group (TSX: WJA) but make no mistake, we march to the beat of our own drum. At Swoop, our day-to-day operations are vastly different and deliberately separate, but carefully aligned to complement the big picture strategy of the group.

Swoop is seeking a Security and Governance Analyst, reporting to the Leader, Technical Services. In true entrepreneurial startup fashion, this multi-faceted individual will be responsible for advising and supporting Swoop across the board, by implementing and continuously reviewing processes, policies, and controls. They will have extensive expertise and experience with information security technologies, analyzing and mitigating risks through processes and controls, in accordance with regulatory requirements and standards. This individual will enjoy a challenge, be results driven, and be known for their ability to work in an agile environment.


  • Research and advise leadership on the impacts of current and future mandated controls in relation to the operational and organization model
  • Develop cross-functional and cross-domain knowledge to enable support of multiple business areas
  • Lead functional teams in the development, implementation, reporting and measurement of controls objectives and activities
  • Consult in the implementation of policies and procedures to ensure that applied controls are effective
  • Provide professional assistance for compliance audits conducted by internal and external audit teams
  • Perform process maturity assessments and gap analysis. Develop road maps for overall process improvements and integration to support continual improvements in IT process
  • Provide technical expertise and direction to effectively support and maintain information security systems in production and non-production environments
  • Evaluate, design and oversee the build, test and implementation of new security solutions
  • Contribute to the development of corporate wide information security policies; ensure that standards and procedures effectively support the policies; assist Technology and business partners with the interpretation and application of information security policies
  • Provide technical expertise and direction to build and maintain a robust vulnerability and compliance management program; ensure that processes and tool sets provide accurate assessments, ensure the analysis of assessments are complete; ensure remediation activities meet security and compliance requirements
  • Perform formal security audits on complex information systems and provide recommendations to address deficiencies and collaborate with IT and business partners to throughout the remediation process
  • Provide expertise and direction in conducting infosec investigations and the application of forensic methodologies and tools
  • Mentor team members and foster best practices, methodologies and behaviors

Education and Qualifications

  • University degree, preferably in management information systems, computer science or related fields
  • Industry-recognized security designations (e.g. CISA, CISSP, or CISM)
  • Knowledge of standards and frameworks such as COBIT, COSO, NIST, PCI-DSS, ITIL and IEC 27001/27002
  • Certifications in Information Security disciplines a definite asset (Microsoft, SANS, CISSP etc.)
  • 5+ years of experience in auditing security and operational technology risks and/or assessing ERP configuration controls, including Segregation of Duties (SoD)
  • Excellent business writing, documentation and oral communication skills, including the ability to explain complex IT operational and security risks to technical and non-technical audiences
  • Knowledge or curiosity with the current and evolving landscapes in security, privacy and emerging technologies
  • Proven ability to develop and present new approaches to assessing risks and coming up with creative IT solutions
  • Experience with cybersecurity solutions, security analytics and/or scripting languages would be an asset
  • Knowledge and applied experience with Networking (TCP/IP, DNS, load balancing, packet tracing), Azure Cloud Services, Office 365 Security and Compliance, Firewalls, IDS/IPS,Mail and web filtering technologies
  • Knowledge and applied experience with Securing (hardening) operating systems and applications, incident Response, investigative methodologies and forensics, wireless security and network access controls and structured SDLC process
  • Proven ability to thrive in a rapidly changing, technically complex environment

What about the Benjamin’s?

At Swoop, we’re committed to offering a fair and competitive total compensation package that starts with a solid base salary, and complemented by perks like performance based profit sharing, a company-matched share purchase plan, flexible group benefits and of course, flight privileges.

We celebrate differences and diversity.

Swoop is an equal-opportunity employer, and our workplace culture is one where diversity and differences are embraced, appreciated and celebrated. We do not discriminate based upon race, religion, colour, national or ethnic origin, sex, sexual orientation, gender, gender identity, gender expressions, transgender status, marital or family status, disability, age or convictions for which a pardon has been granted.

Apply now! network