Role purpose
To manage cybersecurity risks, identify potential threats, and respond effectively to incidents to ensure operational continuity and information security.
Key responsibilities
- Develop, implement, and maintain cybersecurity policies, standards, and procedures in accordance with EASA, ECSF, and other applicable regulatory frameworks.
- Support Cybersecurity Postholder in Defining, approving, and maintaining the organization’s information security and cybersecurity strategy in line with business and aviation safety & security objectives.
- Support the Information Security Post Holder in meeting regulatory accountability and oversight obligations related to Part-IS.
- Develop and maintain the organization’s cybersecurity risk management framework.
- Identify, assess, and prioritize cybersecurity risks across systems and operations.
- Implement mitigation strategies and monitor risk reduction measures.
- Ensure coordination with Compliance Monitoring Auditor for compliance matters, audits and regulatory findings related to information security.
- Report information security incidents, risks and findings to the Information Security Post Holder, emphasizing any safety implications.
- Lead the cybersecurity incident response team, coordinating detection, analysis, containment, and recovery activities.
- Conduct post-incident investigations, root cause analysis, and lessons learned documentation.
- Ensure information security considerations are integrated into organisational decision-making and change management processes.
- Collaborate with IT, operations, and management to enhance security controls and reduce vulnerabilities.
- Prepare reports on risk posture, incidents, and remediation measures for senior management and regulatory bodies.
- Support ongoing threat intelligence monitoring and proactive risk mitigation initiatives.
- Promote training and awareness programs that encompass the information security aspects.
Requirements (Mandatory)
Education: Bachelor's Degree in Cybersecurity, IT, or related fieldExperience: Minimum 4 years of experience in cybersecurity or information security roles.Risk Management training / certification is complusory ISO 27001:2018Demonstrated experience in:
Cybersecurity risk assessment and risk treatmentIncident response management and investigationsThreat identification, vulnerability management, and mitigationPrior experience in a regulated environment (aviation, aerospace, critical infrastructure, or similar) is highly preferredSkills/knowledge:
Strong analytical and investigative skills with high attention to detail.Ability to manage multiple cybersecurity risks and incidents simultaneously.Excellent documentation, reporting, and regulatory communication skills.Confident working across departments (IT, operations, compliance, management).
