Security Compliance Expert – F/M
Created in 2009, ESSP is a young and dynamic company, a pan European service provider, certified by EASA (the European Union Aviation Safety Agency) to deliver safety-critical services. Our mission is to operate and provide Communication, Navigation and Surveillance(CNS) services, among which, the main one is, the EGNOS service (the European Geostationary Navigation Overlay Service), on behalf of the EUSPA (the European Agency for Space).
ESSP Corporate Video: https://www.youtube.com/watch?v=u_FKtcaN8YE
ESSP Website career: https://www.essp-sas.eu/human-resources/careers/
By joining us, you will be responsible for maintaining ESSP's compliance with security requirements, whether relating to the company management system, standards (ISO 27001) or evolutions in the legal or regulatory framework (Ministries, EASA or other).
You will actively contribute to the definition, the deployment and the control of the security strategy of the company and manage its information security management system(s).
Reporting to the Chief Security Officer your main responsibilities will be:
With respect to the Information Security:
- Actively contributing to the maintenance of the ISO 27001 certification of the company; to that purpose you will contribute to security compliance actions,
- Identifying security requirements applicable to ESSP taking into consideration its activities and their evolutions. Those requirements may be internal or external,
- Contributing to the ISMS integration within the ESSP’s Management System (process and audits)
- Contributing to the definition and the adaptation of policies, processes and solutions in support of Information Security Management Systems,
- Contributing to operational management of the ISMS taking into consideration improvement actions
- Contribute to compliance action plans to take into consideration changes, evolutions, lessons learnt,
- Contributing to organization, execution and follow-up of security audits in accordance with strategy,
- Contributing to definition and implementation of security monitoring, ( action management, etc.).
- Providing support to the CSO for the interface with third parties (Customers, Suppliers, Authorities, etc.), particularly for reporting and assessing the security services compliance (Security Assurance Plans).
With respect to the General Data Protection Regulation (GDPR) and the legal framework “Informatique et Libertés” (CNIL), you will provide your security expertise to the concerned managers.
With respect to Classified Information management you will identify and manage the actions required to ensure ESSP compliance (facilities, personnel, protection measures, accreditation processes, etc.),
- Define, implement and verify the management of Classified Information,
- Ensure the security of Toulouse ESSP premises is maintained (physical security, security of the premises, etc.),
- Support the ESSP Security Officer and promote a security culture
With respect to the physical security:
- Maintain the ESSP Facilities Security Policy for both Toulouse and Madrid Sites;
- Ensure accreditations are at the required level;
- Maintain the ESP Facilities Security Policy and requirements for ESP operational Sites,
- Adjust requirements to specific site constraints in collaboration with Site Engineers;
- Approve subcontractors compliance level to security requirements;
- Very Good working knowledge of ISO 2700x standards (ISO27001 LI)
- Good knowledge of security audits and project management
- Good knowledge of IT security and security technologies
- Knowledge of French and European laws and regulations applicable to the protection of Classified Information (IGI 1300, IGI 2012, etc.)
- Knowledge of information security standards (NIST, OWASP, ANSSI, ENISA, etc.)
- Knowledge of one structured method for security risk analysis (ISO27005, EBIOS RM, Attack Tree, etc.)
- Knowledge of critical systems and their specific constraints (Safety, Continuity)
- Autonomy, pragmatism, rigor and precision
- Excellent communication and negotiation skills
- Ability to take responsibilities and to defend his/her point of view
- Ability to lead technical and managerial meetings on behalf of the Security Department,
- Strong ability to work in teams
- Working knowledge of MS Office (Word, Excel, PowerPoint, Project, Visio)
Language: English (B2) – CEFR
Engineering degree or equivalent
Available for travels in Europe.
Human Resources information:
Element of package of remuneration:
Please send your application file only by e-mail to the following address: email@example.com
Job Location: Toulouse (France)
Type of Contract: Full time - Permanent Contract
ESSP is committed to cultural diversity, gender equality and the employment of disabled workers.