At SITA, we keep airports moving, airlines flying smoothly, and borders open. Our technology and communication innovations power the success of the global air travel industry.

You’ll find us in 95 of international airports, working closely with over 2,500 transportation and government clients. Each partnership brings unique challenges, and we thrive on delivering fresh solutions and cutting-edge tech to keep operations running like clockwork. We don’t just move the world forward—we’re proud to be recognized as a Great Place to Work® by our employees and certified in most of our growing locations. Here, we feel empowered, supported, and inspired to grow.

Are you ready to love your job?

The adventure begins right here, with you, at SITA.

The CSIRT Director is a cybersecurity leader responsible for the complete ownership, strategy, and operational execution of the organizations enterprise Computer Security Incident Response Team (CSIRT).

The CSIRT Director operates at the strategic, operational, and tactical levels simultaneously, serving as the single point of accountability for all related cybersecurity response functions. This leader directs a globally distributed team across three operations center locations in Montreal (Canada), Cairo (Egypt), and Singapore, ensuring continuous, follow-the-sun security operations coverage.

This role reports directly to the Chief Information Security Officer (CISO) and serves as a key member of the cybersecurity leadership team, providing executive-level guidance on threat posture, incident trends, and operational risk.

• Continuous Threat Exposure Management (CTEM) - Directs the organizations proactive exposure reduction program. This includes attack surface management, vulnerability prioritization, red team / purple team program oversight, penetration testing governance, and the coordination of remediation workflows with IT and engineering stakeholders.

• Cyber Threat Intelligence (CTI) - Commands the intelligence function responsible for producing finished, operationalized threat intelligence. This includes strategic intelligence briefings to CISO and Board, tactical intelligence feeds into detection platforms, threat actor tracking, sector-specific threat analysis (transportation/aviation/border security), and third-party intelligence partnerships.

• Incident Response (IR) - Owns the full incident response lifecycle. Accountable for IR planning and playbook governance, crisis management and executive communication during significant incidents, forensic capability oversight, tabletop exercise program, regulatory breach notification coordination, and post-incident reviews (PIRs).

• Security Operations (SecOps) Collaboration - Direct and optimize resources across global SOC locations (Montreal, Cairo, Singapore), ensuring consistent standards, 24/7/365 coverage through a follow‑the‑sun operating model, and resilient business continuity with defined failover capabilities. Drive collaboration and intelligence sharing across sites while managing MSSP and third‑party partners to ensure performance, accountability, and unified global operations.

• Strategic Leadership & Governance - Define and lead a multi‑year global CSIRT strategy, serving as the single point of accountability for threat exposure, intelligence, and incident response while aligning capabilities to business risk and industry frameworks. Own executive reporting, budget planning, and the establishment of clear SLAs and KPIs to ensure a mature, scalable, and effective cybersecurity operations program.

• People Leadership & Talent Development - Lead, develop, and retain a high‑performing global cybersecurity operations team across CTEM, CTI, and Incident Response, fostering an inclusive, high‑accountability culture that enables collaboration across regions and time zones. Establish clear career pathways, performance management, and succession planning while overseeing staffing models, shift coverage, and on‑call operations across all SOC locations.

• Executive & Stakeholder Engagement - Act as the primary liaison to the CISO, delivering executive‑ and board‑level insights on security operations, threat posture, and incident response effectiveness. Partner cross‑functionally with architecture, engineering, GRC, legal, and IT teams, and represent CSIRT in audits, regulatory reviews, and customer security engagements.

• 15+ years of progressive experience in cybersecurity, with at least 7+ years in a senior leadership role with direct accountability for security operations.
• 5+ years of direct experience managing large, geographically distributed Security Operations Centers (SOCs) — including multi-site, multi-shift, 24/7/365 operations.

• Bachelors degree in computer science, Information Systems, Information Security, or a related discipline; or equivalent professional experience.
• Active professional certification in at least one of the following: CISSP, CISM, CISA, GIAC GSOM, GIAC GCIH, or equivalent.
• Proven experience managing global teams across multiple time zones and cultures, with a track record of building cohesive, high-performing distributed teams. With demonstrated ownership of an Incident Response Function and Team.
• Demonstrated ownership of two or more of the following functions: SOC, CTEM / Vulnerability Management, Cyber Threat Intelligence,
• Strong command of the MITRE ATT&CK framework, NIST CSF, and incident response methodologies (SANS PICERL, NIST 800-61).
• Executive-level communication skills — ability to translate complex technical threats into business risk language for CISO, C-suite, and Board audiences.

• Experience in the aviation, transportation, border security, or critical national infrastructure sectors.
• Hands-on background in threat hunting, malware analysis, digital forensics, or red team operations.
• Experience leading or overseeing a CTEM/BAS (Breach and Attack Simulation) program.
• Familiarity with security platforms including Elastic/Splunk SIEM, CrowdStrike/SentinelOne EDR, ServiceNow SecOps, Recorded Future or Mandiant Advantage CTI platforms.
• Proficiency in DevSecOps and cloud security principles (AWS, Azure, GCP) in the context of SOC monitoring.
• Experience with NIST 800-53, ISO 27001, PCI DSS, and SOC 2 compliance environments.
• Masters degree or Executive Education in Cybersecurity, Business Administration, or Risk Management.

We’re all about diversity. We operate in 200 countries and speak 60 different languages and cultures. We’re really proud of our inclusive environment. Our offices are comfortable and fun places to work, and we make sure you get to work from home too. Find out what its like to join our team and take a step closer to your best life ever.

🏡 Flex Week: Work from home up to 2 days/week (depending on your team’s needs)

⏰ Flex Day: Make your workday suit your life and plans.

🌎 Flex Location: Take up to 30 days a year to work from any location in the world.

🌿Employee Wellbeing: We’ve got you covered with our Employee Assistance Program (EAP), for you and your dependents 24/7, 365 days/year. We also offer Champion Health – a personalized platform that supports a range of wellbeing needs.

🚀 Professional Development: At SITA, we believe growth fuels innovation. Our learning ecosystem offers access to world-class platforms and programs designed to help you thrive. From LinkedIn Learning, Microsofts Enterprise Skills Initiative, and Airport Council International -available to all employees-to specialized solutions like Pluralsight for technology upskilling, Harvard Business Publishing for people leadership, Stanford for strategic development and many others, we align learning opportunities with your Development Plan and our business priorities. Your development journey is supported every step of the way.

🙌🏽 Competitive Benefits: Competitive benefits that make sense with both your local spanet and employment status.

SITA is an Equal Opportunity Employer and values a diverse workforce. In support of our Employment Equity Program, women, aboriginal people, members of visible minorities, and/or persons with disabilities are encouraged to apply and self-identify in the application process.