Information Security Integration and Governance Specialist

Job Description:

Who we are:

Within Airbus Defence and Space SAU, Corporate Security operates under a holistic approach, protecting our people, our industrial assets, our products and services and our information. 

Given the frame where we operate, the team is characterized by a culture of proactive risk management and rigorous regulatory compliance. Given the constant evolution of threats and regulatory frameworks, the role we seek to fill is essential for bridging the gap between corporate security requirements and the technical execution by the Digital team. 

What you will do with us:

We are looking for a professional with an integral vision to join our team as an Information Security Integration and Governance  Specialist. This role is the strategic nexus between the corporation´s security guidelines and the technical implementation by Digital, ensuring that protection standards are effectively translated into the daily technological architecture and operations.

This position is crucial for keeping our risk posture under control and ensuring strict adherence to local and international regulations, directly contributing to the organizatións resilience and compliance. 

Key Functions of the Role:

The Specialist will be responsible for managing the complete lifecycle of information security, from the initial assessment to continuous improvement:

Strategic Interconnection: Act as the interface and point of contact between the Corporate Security area and the Digital area, translating security requirements into applicable technical solutions

Risk Management and Analysis: Lead the analysis, assessment, and treatment of security risks, identifying vulnerabilities and proposing countermeasures to mitigate the potential impact on company assets. 

Regulatory and Legal Compliance: Ensure strict knowledge and compliance with Spanish and international applicable regulations (eg  ENS, CCN-STIC, NIS2, CRA, ISO 27001, NATO, EU, PART-IS, CMMI, NIST), as well as actively participating in accreditation processes and system certification.

Audit and Accreditation: Coordinate security audits (internal and external) and manage the necessary documentation and evidence for system accreditation processes

National networks: provide technical expertise and support to the Spanish NISO (National Information Security Officer) in evaluating and defining the security conditions required to answer the demands for different areas regarding interconnections and geographical extensions of our national network

Security Project Management: lead or participate in the management of key projects aimed at implementing, updating, or reinforcing security controls and tools

Deviation Management: administer and document the security deviation management process, evaluating its associated risk and establishing mitigation plans

Support the Spanish NISO in the implementation of the company digital security strategy within the framework of the national laws and regulations and in the implementation of technical and organization measures to identify, resort and manage cyber security risks

 

⁠The skills we are looking for:

Formal Qualification

• University degree in  Computer Science, Engineering, Telecommunications, Information Systems, or a related field

• Relevant industry certifications are highly valued (e.g. CISSP, CISM, CISA, ISO/IEC 27001 Lead Implementer/Auditor)

Technical and Governance Expertise

• Deep understanding of risk analysis: proven experience leading and documenting comprehensive Information Security Risk Assessments (RAR) and defining effective mitigation strategies. Knowledge of MAGERIT and EBIOS methodologies and tools (Pilar / Fence).

• Regulatory Compliance Mastery (ENS, CCN-STIC…)

• Accreditation and Audit Management: extensive hands-on experience in managing security audits and supporting system accreditation/certification processes (eg. ISO 27001, ENS compliance)

• Penetration Test Coordination: experience coordinating penetration testing (overseeing the scope, evaluating technical results, and tracking remediation plans)

• Security Architecture/Controls: solid understanding of technical security controls across network, system, and application layers, and the ability to interface with IT/DevOps teams

Project and Process management: 

• Security Project Management: Demonstrated ability to manage and deliver security implementation projects on time and within budget, translating high-level policy into actionable tasks

• Deviation Management: experience defining, managing, and tracking security exceptions or deviations, including risk acceptance and compensating control documentation

• Stakeholder communication: excellent written and verbal communication skills to effectively bridge the gap between Corporate Security management and IT operation teams

Tools such as: Jira, Confluence, ITIL, Ebios

Desirable Skills

These qualifications are a strong plus and will differentiate candidates:

• Policy Development: Experience drafting, implementing, and enforcing corporate information security policies, standards, and procedures

Fluency in Spanish and English: given the specific Spanish compliance requirements and the international nature of Cybersecurity, full professional proficiency in both Spanish and English is strongly preferred

This job requires an awareness of any potential compliance risks and a commitment to act with integrity, as the foundation for the Company’s success, reputation and sustainable growth.

Company:

Airbus Defence and Space SAU

Employment Type:

Permanent

-------

Experience Level:

Professional

Job Family:

Cyber Security

By submitting your CV or application you are consenting to Airbus using and storing information about you for monitoring purposes relating to your application or future employment. This information will only be used by Airbus.
Airbus is committed to achieving workforce diversity and creating an inclusive working environment. We welcome all applications irrespective of social and cultural background, age, gender, disability, sexual orientation or religious belief.

Airbus is, and always has been, committed to equal opportunities for all. As such, we will never ask for any type of monetary exchange in the frame of a recruitment process. Any impersonation of Airbus to do so should be reported to emsom@airbus.com.

At Airbus, we support you to work, connect and collaborate more easily and flexibly. Wherever possible, we foster flexible working arrangements to stimulate innovative thinking.