Digital Security&Information Security Officer

Job Description:

Mission:
Plays a crucial role in safeguarding the company’s data and technology infrastructure against unauthorized access, cyberattacks, and various security threats. His primary responsibility is to develop, implement, and enforce security policies that ensure the confidentiality, integrity, and availability of sensitive information across the organization. By doing so, he protects the company’s digital assets from internal and external risks, contributing to overall operational stability in accordance to the international standards such as ISO 27001, NIS an ENS. Defines the strategy for accredited systems in compliance with the applicable regulations such as CCN and NATO.In addition to protecting data, the Information Security Officer is tasked with managing cybersecurity risks. This includes assessing potential threats, evaluating vulnerabilities, and ensuring that the company's security strategies align with both organizational goals and industry regulations.
Another key responsibility is overseeing product security, to ensure that all products developed by the company, from design to maintenance, are secure against cyber threats and vulnerabilities. This involves collaborating with engineering and production teams to implement security measures throughout the product lifecycle and ensuring compliance with applicable security regulations.
Responsible for incident response and continuous monitoring. He/she coordinates the company’s efforts in responding to security breaches. Additionally, he/she will perform regular audits of systems and processes to assess security measures and ensure that the company remains compliant with cybersecurity regulations, thus maintaining the integrity and confidentiality of all systems and data.
Main activities:
Accredited systems strategy and management

• Achievement new accredited systems and maintain the current accreditations.
• Dealing with the CCN (Spanish Cryptologic Centre) on accreditation processes and regulations, as well as with the ONS (National Security Organisation) to keep up to date on applicable policy and regulations.
• Participate in the Group and National strategies for accredited systems required in AHE.
• Define the architecture and prepare the required documentation for all AHE accredited systems.
• Attend accreditations audits and respond to the requirements of our Authorities

Risk Management and Incident Response

• Ensure that security improvement actions are evaluated, validated, and implemented as needed.
• Perform Incident Response for major cyber incidents.
• Continuously monitor and manage cybersecurity risks, escalating major risks to the Crisis Management Department.
• Coordinate with the Crisis Management Department during major cybersecurity incidents and in critical situations, particularly with the Computer Emergency Response Team (CERT).
• Collate and manage cybersecurity-related risks in line with Enterprise Risk Management (ERM) processes. Cybersecurity Strategy and Management
• Participate in the Group strategy for the Security Operations Center (SOC), ensuring alignment with technical requirements and regulatory guidelines.
• Manage and maintaining the cybersecurity risk platforms in accordance with the Cyber security risk framework and threat taxonomy.
• Drive company-wide security risk profiling and identify trends through proactive analysis.
• Deploy a security risk-based approach in collaboration with company management, advising stakeholders, and anticipating threats that could impact the business.

Collaboration and Coordination

• Collaborate with Corporate Security Departments across mother company to ensure consistent deployment of the company’s security strategy and policy.
• Ensure proper coordination for cybersecurity risk matters across Airbus and with relevant authorities.
• Ensure relations with CERT, especially in a crisis situation, to coordinate operational security teams.
• Provide end-to-end support to projects regarding cybersecurity requirements.
• Work with IT and security architects to analyse and manage security aspects related to infrastructure resilience, objectives, and criticality.

Security Policy and Governance

• Ensure the deployment of the security policy by establishing and managing security governance processes in all the AHE footprint
• Manage the understanding of the security policy by Airbus employees through awareness, upskilling, and communication efforts.
• Document and maintain safety standards and procedures for implementing and operating security components, ensuring proper maintenance conditions are met.
• Ensure compliance with the Regulations and standards relating to Product and Services, Industrial Security and Supply chain and the general ones.

Project and Task Management

• Manage end-to-end projects, tasks, and deliverables according to Airbus Business Processes.
• Support and advise business teams on cybersecurity-related matters throughout project lifecycles.

Outputs
Security is a priority for Airbus Helicopters, and so it is important to obtain the following key deliverables:

• Support and advise business teams on cybersecurity-related matters throughout project lifecycles
• Cyber security risk framework
• Security audits.
• Part IS audits.
• Derive Cyber security risk framework and threat taxonomy into data models and share them with relevant stakeholders.
• Awareness campaign aimed at employees
• Collate, analyse, coordinate and track vulnerabilities in a centralized platform closely linked to the security risk.
• Information security procedures, policies and directives
• Accreditation dossiers and other related documentation

Key competencies

• Autonomy, discretion and rigor to apply and follow standards and regulations.
• Communication skills.
• Able to assess situations quickly and decide on the best course of action.
• Ability to work under pressure and in flexible time, if required. Full availability to travel.
• Manage Authorities & Customer relations.
• Capacity to anticipate risks and difficulties.
• Initiative and proactivity.
• Solution oriented / Welcome problems.
• Flexible to travel on short notice when required
• At least 10 years of experience in Security Governance, with proven experience with security policies and processes design and implementation
• IM Engineering or similar

Mandatory Skills:

• CCN, ENS, ISO 27001, NIST Knowledge
• Civil Aviation Security knowledge ISO 27005/Ebios RM, EASA PART-IS, EUROCAE ED-2XX
• Mandatory certification one out: CISSP, CISM, CISA
• Appreciated certification: ISO 27005, Ebios RM, ISO 27001 Implementer, ISO 27001 Auditor
• Languages: English and Spanish mandatory, French is a plus

This job requires an awareness of any potential compliance risks and a commitment to act with integrity, as the foundation for the Company’s success, reputation and sustainable growth.

Company:

Airbus Helicopters España, SA

Employment Type:

Permanent

-------

Experience Level:

Professional

Job Family:

General Security

By submitting your CV or application you are consenting to Airbus using and storing information about you for monitoring purposes relating to your application or future employment. This information will only be used by Airbus.
Airbus is committed to achieving workforce diversity and creating an inclusive working environment. We welcome all applications irrespective of social and cultural background, age, gender, disability, sexual orientation or religious belief.

Airbus is, and always has been, committed to equal opportunities for all. As such, we will never ask for any type of monetary exchange in the frame of a recruitment process. Any impersonation of Airbus to do so should be reported to emsom@airbus.com.

At Airbus, we support you to work, connect and collaborate more easily and flexibly. Wherever possible, we foster flexible working arrangements to stimulate innovative thinking.