Information Security Compliance Responsible – (F/M)
ESSP, a private company with 7 major European Air Navigation Service Providers as shareholders, manages the operation and supports the adoption of the European Satellite Based Augmentation System to GPS: EGNOS.
ESSP Corporate Video: https://www.youtube.com/watch?v=ojO8TAitQoc
The adoption of this service is rapidly growing given it allows correcting the GPS signal and offers enhanced features with accurate positioning and integrity within safety-of-life services context such as public transportation. With around one hundred employees (including 1/3 in Madrid), ESSP works on international issues involving major stakeholders (some institutional) on complex contractual schemes.
ESSP Website: https://www.essp-sas.eu/human-resources/careers/
ESSP recruits an:
Information Security Compliance Responsible – (F/M)
The Information Security Compliance Responsible is responsible for maintaining ESSP's compliance with information security requirements, whether relating to the company management system, standards (notably ISO 27001) or evolutions in the legal or regulatory framework (Ministries, EASA or other).
He/she actively contributes to the definition, the deployment and the control of the security strategy of the company and manages its information security management system(s).
Your main activities are:
- Identifying security requirements applicable to ESSP taking into consideration its activities and their evolutions, especially by means of a proactive watch activity ; those requirements may be internal and external (regulatory and legal requirements),
- Participating to the assessment, the treatment and the management of risks related to information security.
- Participating to the definition and the adaptation of Security Management Systems (e.g. ISMS) allowing to integrate and continuously manage requirements and risks,
- Participating to the definition and the adaptation of policies
- Proposing and managing compliance action plans
- Proposing and/or carrying out the required assessments or verifications
- Contributing to the organization, the execution and the follow-up of security audits in accordance with the company’s audit strategy,
- Maintaining the information required to manage the security compliance
- In general terms, contributing to the fulfilment of the objectives set for the Service including:
o The implementation of actions (incidents, problems, improvements, awareness, etc.),
o Your contribution to the projects of the company
o Your contribution to the services delivered to the Customers (ex: security reviews or specific analysis,
o The provision of your expertise for the company (Ex: contribution to call for tenders)
With respect to the General Data Protection Regulation (GDPR) and the legal framework “Informatique et Libertés” (CNIL), you would make your security expertise available to the concerned responsibles.
With respect to information security, you will be in charge of:
- Actively contributing to the maintenance of the ISO 27001 certification of the company; to that purpose you will manage and/or produce security compliance actions,
- Contributing to the ISMS integration within the ESSP’s Management System (process & audits)
- Contributing to the operational management of the ISMS taking into consideration improvement actions,
- Contributing to the definition and the implementation of security monitoring,
- Providing support for the interface with third parties particularly for reporting and assessing the compliance of security services (Security Assurance Plans).
With respect to Classified Information management, you will endorse the functions of Local Security Officer (LSO) for ESSP Toulouse facilities. As Toulouse LSO and Security Compliance Responsible, you will be in charge of:
- Identifying and managing the actions required to ensure ESSP compliance (facilities, personnel, protection measures, accreditation processes, etc.),
- Defining, implementing and controlling the management of Classified Information
- Ensuring the security of Toulouse ESSP premises is maintained (physical and building)
- Promoting a security culture within ESSP, especially for the protection of sensible and/or classified information.
- Autonomy, practicality, rigor and precision
- Excellent communication and negotiation capabilities
- Ability to take responsibilities and to defend his/her views
- Strong ability to work in teams
- High level of English (B2-C1) – CEFR
- Working knowledge of MS Office (Word, Excel, PowerPoint, Project, Visio)
- Good knowledge of IT security and security technologies
- Knowledge of French and European laws and regulations applicable to the protection of Classified Information (IGI 1300, IGI 2012, etc.)
- Good working knowledge of project management
- Good working knowledge of ISO 2700x standards
- Knowledge of at least one structured method for security risk analysis (EBIOS, Attack Tree, etc.)
- Knowledge of security audits
- Knowledge of critical systems and their specific constraints (Safety, Continuity)
The following knowledge is a plus:
- GNSS in general and GNSS security
- Common Criteria (ISO/IEC 15408)
- NATO AC/35-D/xx guide and standards (SSRS, accreditation of systems, etc.)
- Communication technologies for space segments and LAN/WAN
Available for occasional travels in Europe.
This position is subordinated to a positive personnel screening process vetting level “EU Confidential”.
Engineer or equivalent
5 to 10 years of professional experience in the field of security, ideally in the environment of space and/or aeronautical and/or air traffic management critical systems.
Experience of projects in European and/or international contexts.
Please send your application file only by e-mail to the following address: firstname.lastname@example.org
Job Location: Toulouse, (France)
Type of Contract: Full time/ Permanent contract
ESSP is committed to cultural diversity, gender equality and the employment of disabled workers.