Security Compliance Officer – F/M
ESSP, a dynamic French company open to the world, is looking for a Security Compliance Officer for a Permanent Full-time Contract in Toulouse.
We work with highly skilled teams and our employees come from different backgrounds and disciplines, from aeronautics to aerospace, engineering to telecommunications. This diversity allows the company great flexibility to adapt to new needs and challenges.
We are eager to provide the best quality services through safe and efficient operations and management systems. We are expanding and always looking for new talents.
To find out more about us, we invite you to visit our website: https://www.essp-sas.eu/human-resources/careers/
Some videos are also available on YouTube for you to discover our activities:
And a lot more videos are available.
We are looking for a Security Compliance Officer to be responsible for maintaining ESSP's compliance with security requirements, whether relating to the company management system, standards (notably ISO 27001) or evolutions in the legal or regulatory framework (Ministries, EASA or other). You will actively contribute to the definition, deployment and control of the security strategy of the company and manage its information security management system(s).
If you have at least 5 years’ of experience in the field of security ideally in the Space/Aeronautical or Air Traffic Management critical systems with a good level of English, then this position is for you!
Under the responsibility of the CSO, you will perform the following activities:
With respect to the Information Security:
- Maintenance of ISO 27001 certification of ESSP; you will manage security compliance actions,
- Identify applicable security requirements taking into consideration its activities and their evolutions, especially by means of a proactive watch activity ; those requirements may be internal (ESSP own security requirements, requirements originated by services delivered to the Customers) or external (regulatory and legal requirements),
- ISMS integration within the ESSP’s Management System, in terms of processes and audits,
- Definition and adaptation of policies, process and solutions in support of Information Security Management Systems (ISMS),
- Operational management of the ISMS taking into account improvement actions (risk treatment, lessons learnt, etc.),
- Managing compliance action plans to take into account changes, evolutions and lessons learnt,
- Organization, the execution and the follow-up of security audits with the company’s audit strategy,
- Definition and implementation of security monitoring, (e.g.: dashboards, action management, etc.).
- Providing support to the Chief Security Officer for the interface with third parties (Customers, Suppliers, Authorities, etc.), particularly for reporting and assessing the compliance of security services (Security Assurance Plans).
With respect to the General Data Protection Regulation (GDPR) and the legal framework “Informatique et Libertés” (CNIL), you will provide your security expertise to the concerned people in ESSP.
With respect to Classified Information management, under the control of the ESSP Security Officer, you will endorse the functions of Local Security Officer (LSO) for ESSP Toulouse facilities:
- Identify and manage required actions to ensure ESSP compliance (facilities, personnel, protection measures, accreditation processes, etc.),
- Define, implement and verify the management of Classified Information within Toulouse facilities,
- Ensure security of Toulouse ESSP premises (physical security, security of the premises, etc.),
- Support the ESSP Security Officer,
- Promote security culture within ESSP, especially for protection of sensible and classified information.
With respect to the physical security:
- Maintain the ESSP Facilities Security Policy for both Toulouse and Madrid Sites;
- Ensure accreditations are at the required level;
- Maintain Facilities Security Policy and requirements for ESP (EGNOS Service Provision) operational Sites: MCCs (Mission Control Centre), the CPFs (Central Processing Facility), NLES (Navigation Land Earth Station) and RIMS (Ranging and Integrity Monitoring Station);
- Adjust requirements to specific site constraints in collaboration with Site Engineers;
- Approve subcontractors compliance level to security requirements;
In general terms, contributing to the fulfilment of the objectives set for the Service including:
- To ESSP projects within your area of expertise and competencies
- To the services delivered to Customers, for ex. by making security reviews or specific analysis,
- Provide expertise to the benefit of ESSP, for example by participating to call for tenders.
Very good working knowledge of;
- ISO 2700x standards (ISO27001 LI)
Good knowledge of:
- security audits
- project management
- IT security and security technologies
- French and European regulations on protection of Classified Information (IGI 1300, IGI 2012, etc.)
- Information security standards (NIST, OWASP, ANSSI, ENISA, etc.)
- At least one structured method for security risk analysis (ISO27005, EBIOS RM, Attack Tree, etc.)
- critical systems and their specific constraints (Safety, Continuity)
You are able to:
- Autonomy, pragmatism, rigor and precision
- Excellent communication and negotiation skills
- Ability to take responsibilities and to defend your point of view
- Ability to lead technical and managerial meetings on behalf of the Security Department,
- Strong ability to work in teams
The knowledge of the following domains would be considered an advantage:
- EGNOS, GNSS and CNS technologies
- Common Criteria (ISO/IEC 15408)
- NATO AC/35-D/xx guide and standards (SSRS, accreditation of systems, etc.)
- Communication technologies for space segments and LAN/WAN
Available for punctual travels in Europe.
Access to this position requires an “EU-Confidential” Personal Security Clearance (PSC).
You can send your application file by e-mail to the following address: email@example.com
Job Location: Toulouse (France)
Type of Contract: Full time - Permanent Contract
ESSP is committed to cultural diversity, gender equality and the employment of disabled workers.