Security Audit Expert – F/M
ESSP, a dynamic French company open to the world, is looking for a Security Audit Expert for a Permanent Full-time Contract in Toulouse.
We work with highly skilled teams and our employees come from different backgrounds and disciplines, from aeronautics to aerospace, engineering to telecommunications. This diversity allows the company great flexibility to adapt to new needs and challenges.
We are eager to provide the best quality services through safe and efficient operations and management systems. We are expanding and always looking for new talents.
To find out more about us, we invite you to visit our website: https://www.essp-sas.eu/humanresources/careers/
Some videos are also available on YouTube for you to discover our activities:
And a lot more videos are available.
By joining us, you will be in charge of security audits on ESSP and its suppliers in the frame to its activities delivered to its clients. If you have 5 years’ of experience in IT security or in information systems and networks, preferably in a critical or complex systems (space, aviation, industry sectors) with a good level of English, then this position is for you!
Under the authority of the CSO, you will perform the following activities:
- Measure and evaluate the level of compliance by leading audits and verifications;
- Lead required accreditations of products and facilities across different sites in Europe;
- Conduct organizational audits, propose remediation plan and follow it up until implementation;
- Lead technical audits, pentests and vulnerabilities assessments, propose remediation plan and follow it up until implementation;
- Evaluate and monitor the implementation of security requirements across different sites in Europe;
- Proposing and carrying out the required assessments or verifications (security-related processes, security countermeasures, security practices, etc.);
- Propose security functions and solutions, contribute to security projects;
- Provide your expertise for example by participating to call for tenders;
- Provide technical expertise for company’s operational units;
- Participate in the analysis of security events and lead the implementation of mitigation actions;
- Contribute to the company's and clients' security dashboards;
- Manage potential subcontractors for the accomplishment of the activities.
You will contribute to the continuous improvement of ESSP security policies, specifically in the context of the ESSP ISO 27001 certified ISMS (Information Security Management System) and Security Management System (Sec-MS) supporting the ESSP ANSP (Air Navigation Service Provider) Certificate.
Consequently you will contribute to:
- promoting good security practices to the personnel,
- ensuring a security watch, both technological and regulatory,
- improving enterprise processes and tools for security management,
- developing fully integrated auditing services to be widely use across the company.
Very good working knowledge of:
- Organisational audits (Certification ISO27001 LA or CISA),
- Technical audits (Vulnerabilities Assessment, Pentests, CVE Database, CVSS classification),
- Project management,
- Information security standards (ISO27001, NIST, OWASP, ANSSI, ENISA, etc.),
Good practical knowledge:
- Enterprise IT and security organization aspects (ISMS, etc.),
- Technical security (information systems, networks, physical security, crypto, etc.) and of cybersecurity (threats, exploits, vulnerabilities, etc.),
- Familiar with critical systems and associated constraints (space, aviation, industry, etc.).
You are able to:
- Understand, analyse and reformulate users/customers/projects’ needs and requirements;
- Define and write technical documentation; have editorial capabilities;
- Act as consultant and facilitate the decision making process;
- Evaluate the impacts of technologies and solutions on information systems and operations.
- Team work,
- Rigorous, pragmatic and discreet,
- High English Level (B2-C1) – CECRL,
The knowledge of the following domains would be considered an advantage:
- Knowledge of EGNOS, GNSS and CNS technologies,
- European regulation applicable to Information System Security and to GNSS in particular.
Available for travels in Europe.
Access to this position requires a “EU-Confidential” Personal Security Clearance (PSC).
You can send your application file by e-mail to the following address: firstname.lastname@example.org
Job Location: Toulouse (France)
Type of Contract: Full time - Permanent Contract
ESSP is committed to cultural diversity, gender equality and the employment of disabled workers.