Airbus is a global pioneer in the aerospace industry, specializing in the design, manufacture, and delivery of commercial aircraft, military transports, helicopters, and space systems. As one of the world's largest aerospace companies, it employs over 130,000 people globally and operates as a cornerstone of European industrial collaboration and technological innovation. Spain plays a vital role in Airbus's global operations, hosting major production and engineering centers in Getafe, Seville, and Cádiz. The company is a major employer for international talent in Spain, offering a multicultural work environment where English is the primary language for technical and management roles, alongside comprehensive relocation support for specialized engineering positions.

Airbus was established in 1970 as a European consortium to challenge the dominance of American aerospace manufacturers. It grew through the integration of major national aerospace companies from France, Germany, the UK, and Spain, including the merger with Spain's CASA in 1999.

Digital Security Compliance Manager

Airbus Spain

Original Advert

Job Description:

WHY JOIN US?

📍 LIFE IN ALBACETE: QUALITY & CONVENIENCE - Forget long commutes. Albacete offers you the great advantage of a "15-minute city": safe, accessible, comfortable and perfectly connected. Enjoy a premium standard of living at a
competitive cost, ensuring you have the perfect balance between your career and your personal life.
🚁 AIRBUS HELICOPTERS: GROW WITH US - We offer more than a job; we offer a community. Immerse yourself in a young, collaborative environment that feels like family. As a strategic Center of Excellence, we are a global leader in
helicopter production, offering you endless potential to grow alongside our major projects. Bring your ideas to a dynamic, modern ecosystem and help us build the next generation of aerospace solutions.

DESCRIPTION

Digital Security Compliance Manager is responsible to ensure that AHE Information Security Management System (ISMS) compliance checklists for national and international regulations are established and maintained in conformity with AHE/AH global policies and directives, and that these ones, together with the associated processes, methods and tools, demonstrate compliance with the applicable Information Security regulations.
Main activities and responsibilities:

Lead the implementation, maintenance, and continuous improvement of the Information Security Management System (ISMS) and the National and International Security Frameworks (ENS, NIS2, PART-IS,...).
Develop, review, and maintain key compliance documentation (Statement of Applicability, Security Policies, Compliance Plans, Security Risk Assessments) and other control frameworks.
Conduct maturity diagnostics, asset identification, gap analyses, and compliance assessments using CCN-STIC and Airbus Group methodologies.
Define, configure and review technical security controls, including hardening, network security, business continuity and recovery plans.
Internal audit the security controls and measures.
Collaborate with the suppliers and vendor assessment and supervision.
Ensure Product Security.
Actively participate in the management of certification and conformity audits (internal and external)
Lead technical and organizational risk analysis and management, using methodologies such as Magerit, EBIOS RM or ISO 31000, for the selection and prioritization of controls.
Advise on the life cycle of business and transformation projects, ensuring that solutions, platforms, and services are designed under the principles of "secure by design" and "zero trust".
Develop proofs of concept and/or pilots of cybersecurity tools on classified environments or environments configured under CCN-CERT regulations, evaluating their suitability.
IT Systems and networks administration and hardening.
Work cross-functionally with business areas, IT, security, and compliance, translating regulatory requirements into effective technical actions.
Advice and Business Support: Provide expert advice to different business areas on the application of security regulations and the secure design of new IT services and projects, in addition to providing support in cross-functional cybersecurity tasks required by the Security department.
Manage and coordinate security projects autonomously, ensuring alignment with corporate policies.
Prepare periodic reporting to the executive layer on the evolution, regulatory compliance, and status of security risks.
Training, Awareness, and Physical Security: Develop and execute training and awareness plans on cybersecurity and physical security for personnel. Collaborate in the definition and implementation of physical security measures applicable to the systems.

Key competencies

Autonomy, discretion and rigor to apply and follow standards and regulations.
High Communication skills and a team player able to work in an intercultural environment.
Able to assess situations quickly and decide on the best course of action.
Ability to work under pressure and in flexible time, if required.
Manage Authorities & Customer relations.
Capacity to anticipate risks and difficulties.
Initiative and proactivity.
Solution oriented / Welcome problems.
Flexible to travel on short notice when required

Skills:

Education in telecommunications or computer engineering, or a related scientific-technical field.
At least 10 years of experience (at least 4 years in Cybersecurity), with proven experience with security policies and processes design and implementation.
Implementation and maintenance of security controls based (at least 1 desired): ENS, NIS2, ISO/IEC 27001, CCN-STIC. 3
Security risk management (at least 1 desired) (Magerit, EBIOS RM, ISO 31000).
Project management skills to develop security plans, manage security projects, coordinate suppliers and collaborate with other departments.
High Communication skills and a team player able to work in an intercultural environment.
Skills in IT Systems Administration, Networks, AI and digitalization is a plus.
Certifications in information security (CISSP, CISM, CRISC, Lead Auditor ISO 27001) is a plus.
Knowledge of Airworthiness regulation is a plus.
Experience in auditing is a plus.
Technical knowledge of information security management and cybersecurity risks is a plus.
Knowledge of ISO 27001, ISO27005, EBIOS RM is a plus.
Languages: English and Spanish mandatory, French is a plus.

This job requires an awareness of any potential compliance risks and a commitment to act with integrity, as the foundation for the Company's success, reputation and sustainable growth.

Company:

Airbus Helicopters España, SA

Employment Type:

Permanent

-------

Experience Level:

Professional

Job Family:

Cyber Security

By submitting your CV or application you are consenting to Airbus using and storing information about you for monitoring purposes relating to your application or future employment. This information will only be used by Airbus.
Airbus is committed to achieving workforce diversity and creating an inclusive working environment. We welcome all applications irrespective of social and cultural background, age, gender, disability, sexual orientation or religious belief.

Airbus is, and always has been, committed to equal opportunities for all. As such, we will never ask for any type of monetary exchange in the frame of a recruitment process. Any impersonation of Airbus to do so should be reported to emsom@airbus.com.