2 months ago
Airbus Helicopters Deutschland GmbH
Airbus is a global leader in aeronautics, space and related services. In 2017, it generated revenues of â¬ 67 billion and employed a workforce of around 130,000. Airbus offers the most comprehensive range of passenger airliners from 100 to more than 600 seats. Airbus is also a European leader providing tanker, combat, transport and mission aircraft, as well as Europeâs number one space enterprise and the worldâs second largest space business. In helicopters, Airbus provides the most efficient civil and military rotorcraft solutions worldwide.
Our people work with passion and determination to make the world a more connected, safer and smarter place. Taking pride in our work, we draw on each other's expertise and experience to achieve excellence. Our diversity and teamwork culture propel us to accomplish the extraordinary â on the ground, in the sky and in space.
Description of the job
Airbus Helicopters in Donauwoerth is looking for a IM Security Expert (m/f) within the area SECURITY IM for the department EIIS.
This position will require a security clearance or will require being eligible for clearance by the recognised authorities.
Disabled applicants with equal qualifications will be given special consideration.
Please submit your CV in English and German.
Tasks & accountabilities
Your responsibilities will include:
The IM Security Expert Applications and Data is responsible for defining, regularly evaluating and improving the security level of Airbus Helicopters data and applications. He reports to the Airbus Helicopters IM Security Officer.
He ensures that corporate data, as one of the most important assets in its entire lifecycle, is protected by the appropriate means. In particular, for classified data (Military, National/International Classified, Export Control, Personal Data), he must ensure that the expectations of the regulatory authorities are understood and met.
He will establish and maintain the security standards in business applications and IT infrastructures of Airbus Helicopters and its contractors. Awareness and practice of the Open Web Application Security Project (OWASP) should be further developed within the Airbus Helicopters development communities.
This position is located in Germany and requires a security clearance by the German authorities.
The main tasks and responsibilities are:
* Provide an up-to-date overview of the security risks of our application landscape. The level of risk should be assessed regularly with the appropriate application and data managers regarding the company's risk appetite. On this basis, an annual action plan is defined and implemented:
* Execution by internal and/or external employees.
* Follow-up of results, corrective actions and action plans.
* Existing security methodologies such as NIST and Microsoft Secure Development Lifecycle as well as the implementation of the OWASP principles must be introduced and anchored within the developer communities.
* Conduct regular security audits of development practices. Improvements of the guidelines and development tools are to be drafted from these.
* Bring together the requirements of development teams, technical architects and IT security within the development chain for consistent implementation.
* Define, implement and monitor measurement procedures to achieve a continuous assessment of the security objectives achieved in terms of exposure to evolving cyber threats.
* All improvement plans shall be accompanied by measurable quality indicators and maturity levels, and agreed improvements shall be tracked.
* Provision of an up-to-date overview of safety risks of our Airbus Helicopters data. The risk level should be regularly assessed with the appropriate data officers regarding the company's risk appetite. If business expectations or regulatory requirements are not met, organise consistent corrective and follow-up actions to achieve a satisfactory situation.
* Work with Airbus Helicopters Corporate Security, the relevant national regulatory authorities such as ANSII, BSI, BMWi and DAG, as well as the internal officers for export control, data protection and programme data. It must be ensured that the business requirements are brought into line with the general objectives of the Airbus Helicopters Group, its ethical principles and the legal requirements of the regulatory authorities.
* The requirements of the German Federal Office for Information Security (BSI) apply:
o They define basic security measures for IM systems.
o You act as IM Security Architect for projects and initiatives that require German security approval.
General tasks in IM Security
* You will be involved in the identification and definition of relevant use cases to improve our detection capabilities.
* You will accompany their implementation by the Security Operation Center (SOC), which carries out Security Incident Management
* You will support the Security Operating Center in the event of serious security incidents
* You will be kept up to date on technical developments and changing regulations in the area of cyber security
This job requires an awareness of any potential compliance risks and a commitment to act with integrity, as the foundation for the Companyâs success, reputation and sustainable growth.
We are looking for candidates (m/f) with the following skills:
* Successfully completed studies with focus on information systems or comparable
* Many years of professional experience
* Good knowledge of offensive safety techniques
* Technical understanding and proven experience in the field of Information Management Security
* Knowledge of national security requirements, export controls and the protection of personal data
* Previous experience in an international environment or in teams
* You like to teach others
* You are diplomatic and able to explain findings to non-technicians
* You are a good team player, have excellent communication skills and can work independently
* Fluent in English and German