ESSP, a private company with 7 major European Air Navigation Service Providers as shareholders, manages the operation and supports the adoption of the European Satellite Based Augmentation System to GPS: EGNOS.

ESSP Corporate Video: https://www.youtube.com/watch?v=ojO8TAitQoc

The adoption of this service is rapidly growing given it allows correcting the GPS signal and offers enhanced features with accurate positioning and integrity within safety-of-life services context such as public transportation.

ESSP Website: https://www.essp-sas.eu/human-resources/careers/

By joining us, you will be in charge of defining, implementing and ensuring the application of the ESSP security policies and managing its Security Management System in compliance with applicable legal, regulatory and contractual requirements, in particular EASA (European Union Aviation Safety Agency) Regulations for the service provision of CNS Services (Communication, Navigation, Surveillance), like EGNOS and IRIS. If you have 10 years of experience in information systems security, ideally in the sectors of space and/or aeronautical and/or air traffic management critical systems, then this position is for you!

Main responsibilities/activities:

- Identifying and monitoring security needs, vulnerabilities and risks and proposing mitigation strategies,
- Managing Classified Information (this as ESSP’s Central Security Officer),
- Promoting a security culture within the company,
- Providing technical expertise to ESSP Units and business development activities,
- Managing the Security team (people, budget, contracts) around 15 people.

Your area of responsibility includes the security of information and information systems, the security of goods and facilities.

Your activities are:

- Propose strategic security orientations/objectives for ESSP, and ensure that its activities fulfil its objectives,
- Define and enforce ESSP security policies on behalf of the Company,
- Manage ESSP’s ISMS in compliance with applicable contractual and regulatory requirements,
- Ensure the proper identification and the management of security risks and their mitigation at acceptable levels, in accordance with the ESSP risk management process,
- Ensure the compliance of ESSP activities with contractual/regulatory requirements, notably with those link to EGNOS and IRIS contracts and to EASA Regulation for EGNOS service provision and IRIS future services,
- Deliver security activities as per contractual requirements: security assurance, security risk analyses, security reviews, security assessments, security surveys or audits, etc.,
- Monitor threats, vulnerabilities and operational security risks (scans, pentests, security risk analyses); propose, implement and monitor security responses (solutions, procedures, services),
- Manage security incidents and ensure the continuity of security in contingency situations,
- Monitor the compliance to ESSP security policies and external security requirements,
- Participate to the governance of contracts’ execution, representing ESSP in security governance bodies,
- Provide support to ESSP Units, and promote security culture in ESSP (security awareness and trainings),
- Contribute to internal and external audits,
- Maintain relationships with authorities and third parties,
- Manage classified Information and associated personnel clearances and systems/sites accreditations, endorsing the role of ESSP’s Central Security Officer,
- Ensure a technological watch and a regulatory and legal surveillance,
- Ensure the management of security KPI and metrics,

Profile:

- Security and cybersecurity (defensive/ offensive: technologies, solutions, monitoring…)
- Good working knowledge of classified information management regulations (EU, FR, possibly SP)
- Good working knowledge and experience of ISO27K international standards
- Network or knowledge in security authority
- Good knowledge of security vulnerabilities and risks management (EBIOS, ISO27005)
- Good working knowledge and experience of information processing services (ITIL, ISO20K, etc.)
- Experience in by-design security and security in frame of projects
- Autonomy, rigor, integrity and self-control
- Good capacity of organization able to prioritize
- Proactivity, reactivity, leadership and team management
- Good communication and negotiation skills,
- Stakeholders management
- Able to endorse responsibilities
- High level of English (C1 – C2) – CEFR

The knowledge or experience in one or more of the following domains is an asset:

- Practical knowledge of ISO22301 (Business Continuity Management)
- Knowledge of critical systems « operations » and associated constraints
- CNS/ATM and/or GNSS services and technologies,
- Single European Sky and EASA regulations,
- European Commission security framework and policies,
- Experience in Quality Management System

Job specifications:

Language: English (C1 – minimum) – CEFR
Engineering degree or equivalent
Available for punctual travels in Europe

Please send your application file only by e-mail to the following address: recrut@essp-sas.eu

Job Location: Toulouse (France)

Type of Contract: Full time/Permanent

PDF: Download

ESSP is committed to cultural diversity, gender equality and the employment of disabled workers.