Responsable cybersécurité et conformité (CCL) | Cybersecurity & Compliance Leader (CCL)

RTX•Longueuil, QC

43d

About The Position

Pratt & Whitney Canada (P&WC) is a global leader in aerospace innovation, proudly headquartered in Longueuil, Quebec, since 1928. We design and manufacture next-generation aircraft engines that power the world’s largest fleet of business, general aviation, and regional aircraft and helicopters. For nearly 100 years, our teams have been at the forefront of propulsion technology, pushing boundaries to make flight more efficient and reliable. Our engines support missions that truly matter, from transporting people and essential goods, to enabling emergency medical services, humanitarian operations, and wildfire suppression around the world. The RTX Pratt & Whitney Cybersecurity organization is seeking a highly motivated and experienced Cybersecurity & Compliance Leader (CCL) to serve as a strategic partner to assigned business domains. This role sits at the intersection of cyber risk, compliance, and business operations, ensuring that enterprise cybersecurity priorities are understood, adopted, and executed within the business while providing leadership visibility into local risk posture. The CCL is a trusted advisor, risk translator, and business-facing liaison, responsible for aligning cyber and compliance requirements with business objectives, driving risk governance, and ensuring readiness for internal and external regulatory expectations. The role is a key contributor to Pratt & Whitney’s Cyber Mission Assurance and overall enterprise cyber posture. CCLs are not operators—they drive risk ownership, clarity, and business action, ensuring cyber enables mission success, operational continuity, and customer trust This CCL will also be responsible for establishing a DT Controls program, in partnership with Enterprise Services, to ensure we’re validating the work done at the 1st line of defense independently of the other lines

Requirements

Bachelor’s Degree from an accredited college or university in Computer Science, Computer Engineering, Cybersecurity or a related discipline with 12+ years of prior relevant experience OR Advanced Degree in a related field and 10+ years of experience.
Strong comprehension of information security practices/frameworks including identifying risks, emerging cyber security threats, and risk mitigation processes.
Demonstrated experience across more than one cybersecurity discipline (e.g., security architecture, compliance, vulnerability management, incident response, application security).
Demonstrated experience in team leadership and ability to lead through influence to drive creation and execution of operational plans and service delivery.
Ability to write succinct briefings, presentations, and reports to convey analysis, trends, strategies and then use effective communication skills to present analytical data and tailor the message to a variety of technical and non-technical audiences.
Strong deductive reasoning, critical thinking, prioritization and follow through with attention to detail while seeking opportunities to innovate and excel.

Nice To Haves

Ability to effectively lead and inspire cross-functional teams by leveraging influence, fostering collaboration and building consensus to drive cybersecurity initiatives and enhance security posture.
Adept at understanding business strategy, planning, processes, ability to inject cybersecurity into the business through teamwork and influence.
Able to attain and preserve credibility with the team through sustained cyber, digital and/or aerospace & defense industry knowledge.
Adaptive to change and comfortable with navigating complex, evolving organization structures.
Passion in working with customers and functional partners, building strong trust relationships, and championing an inclusive environment that encourages different viewpoints and ideas.
Knowledgeable in Agile development, related concepts, and execution.
Certified security expert CISSP, CEH, GEVA, or similar.

Responsibilities

Serve as the single, business-facing point of accountability for cyber & compliance risk posture within assigned domains.
Provide an integrated view of risks spanning IT, OT, cloud, engineering, suppliers, and regulatory environments.
Ensure risk decisions are owned, resourced, and prioritized by the business.
Embed cybersecurity considerations into business strategies, programs, and major initiatives (e.g., modernization, engineering systems, manufacturing operations).
Represent business needs to the cybersecurity, compliance, and Digital Technology organizations to ensure alignment and prioritization.
Translate enterprise cyber strategy, standards, and roadmaps into actionable, business-relevant plans.
Lead business-facing cyber and compliance governance forums, including risk reviews, program touchpoints, and compliance readiness discussions.
Ensure traceability and follow-through on mitigation actions, funding decisions, and risk acceptance.
Provide leaders with clear, concise, and actionable insights on posture, gaps, and progress.
Partner with internal and external stakeholders to maintain audit readiness across relevant regulatory frameworks (e.g., CMMC, government customer requirements, RTX policies).
Identify control gaps, coordinate business remediation, and ensure evidence and documentation are complete and accurate.
Communicate cyber risks, policies, and changes in a clear, tailored, business-friendly manner.
Influence leaders and teams through relationship-building and strong cross-functional partnerships.
Drive awareness and cultural adoption of secure behaviors and compliance obligations.
Define and socialize KPIs, metrics, and indicators of cyber posture aligned with enterprise models.
Identify systemic trends and improvement opportunities; partner with technical teams to shape solutions.
Promote optimization, innovation, and CORE principles in support of operational excellence.