Information Security Integration and Governance Specialist
Information Security Integration and Governance Specialist at Airbus Defence and Space SAU.
Within Airbus Defence and Space SAU, Corporate Security operates under a holistic approach, protecting our people, our industrial assets, our products and services and our information.
Given the frame where we operate, the team is characterized by a culture of proactive risk management and rigorous regulatory compliance. Given the constant evolution of threats and regulatory frameworks, the role we seek to fill is essential for bridging the gap between corporate security requirements and the technical execution by the Digital team.
What you will do with us
We are looking for a professional with an integral vision to join our team as an Information Security Integration and Governance Specialist. This role is the strategic nexus between the corporation's security guidelines and the technical implementation by Digital, ensuring that protection standards are effectively translated into the daily technological architecture and operations.
This position is crucial for keeping our risk posture under control and ensuring strict adherence to local and international regulations, directly contributing to the organization's resilience and compliance.
Key Functions of the Role
Strategic Interconnection: Act as the interface and point of contact between the Corporate Security area and the Digital area, translating security requirements into applicable technical solutions.
Risk Management and Analysis: Lead the analysis, assessment, and treatment of security risks, identifying vulnerabilities and proposing countermeasures to mitigate the potential impact on company assets.
Regulatory and Legal Compliance: Ensure strict knowledge and compliance with Spanish and international applicable regulations (e.g. ENS, CCN-STIC, NIS2, CRA, ISO 27001, NATO, EU, PART-IS, CMMI, NIST), and actively participate in accreditation processes and system certification.
Audit and Accreditation: Coordinate security audits (internal and external) and manage the necessary documentation and evidence for system accreditation processes.
National Networks: Provide technical expertise and support to the Spanish NISO (National Information Security Officer) in evaluating and defining the security conditions required to answer the demands for different areas regarding interconnections and geographical extensions of our national network.
Security Project Management: Lead or participate in the management of key projects aimed at implementing, updating, or reinforcing security controls and tools.
Deviation Management: Administer and document the security deviation management process, evaluating its associated risk and establishing mitigation plans.
Support the Spanish NISO in the implementation of the company digital security strategy within the framework of national laws and regulations, and in the implementation of technical and organizational measures to identify, resort and manage cyber security risks.
The skills we are looking for
Formal Qualification
University degree in Computer Science, Engineering, Telecommunications, Information Systems, or a related field.
Relevant industry certifications are highly valued (e.g. CISSP, CISM, CISA, ISO/IEC 27001 Lead Implementer/Auditor).
Technical and Governance Expertise
Deep understanding of risk analysis: proven experience leading and documenting comprehensive Information Security Risk Assessments (RAR) and defining effective mitigation strategies. Knowledge of MAGERIT and EBIOS methodologies and tools (Pilar / Fence).
Regulatory Compliance Mastery (ENS, CCN-STIC, etc.).
Accreditation and Audit Management: extensive hands‐on experience in managing security audits and supporting system accreditation/certification processes (e.g. ISO 27001, ENS compliance).
Penetration Test Coordination: experience coordinating penetration testing, overseeing scope, evaluating technical results, and tracking remediation plans.
Security Architecture/Controls: solid understanding of technical security controls across network, system, and application layers, and the ability to interface with IT/DevOps teams.
Project and Process Management
Security Project Management: demonstrated ability to manage and deliver security implementation projects on time and within budget, translating high-level policy into actionable tasks.
Deviation Management: experience defining, managing, and tracking security exceptions or deviations, including risk acceptance and compensating control documentation.
Stakeholder communication: excellent written and verbal communication skills to effectively bridge the gap between Corporate Security management and IT operation teams.
Tools such as: Jira, Confluence, ITIL, Ebios.
Desirable Skills
Policy Development: experience drafting, implementing, and enforcing corporate information security policies, standards, and procedures.
Fluency in Spanish and English: given the specific Spanish compliance requirements and the international nature of Cybersecurity, full professional proficiency in both Spanish and English is strongly preferred.
This job requires an awareness of any potential compliance risks and a commitment to act with integrity, as the foundation for the Company's success, reputation and sustainable growth.
Company
Airbus Defence and Space SAU
Employment Type
Permanent
Experience Level
Professional
Job Family
Cyber Security
EEO Statement
Airbus is committed to achieving workforce diversity and creating an inclusive working environment. We welcome all applications irrespective of social and cultural background, age, gender, disability, sexual orientation or religious belief. Airbus is, and always has been, committed to equal opportunities for all. As such, we will never ask for any type of monetary exchange in the frame of a recruitment process. Any impersonation of Airbus to do so should be reported to emsom@airbus.com.
#J-18808-Ljbffr