Job Description:

‍

NAVBLUE, an Airbus Company, is currently seeking a Security Governance Analyst to join our team. The Security Governance Analyst  is responsible for maintaining and monitoring the NAVBLUE Information Security Management System. Ensuring that NAVBLUE processes comply with the NAVBLUE security standard by being responsible for security audits activities.  Ensure that all NAVBLUE processes and products maintain compliance with security standards including ISO 27001. They will propose amendments and improvements to existing Security structures and policies, based on changes in the industry and best practices. They will support the assessment of security in NAVBLUE’s supply chain and will ensure security communication towards our customers. This includes supporting and implementing Security initiatives across the organization, and helping to develop the organization’s knowledge.  

‍

‍

Main Responsibilities:

‍

• Maintain Security OKR and KPI’s
• Assist with performance of Internal and 3rd party security audits and ensure security findings follow up until closure.
• Ensure Process owners perform RCAs of audit findings and close any actions arising from audits in a timely manner
• Define the yearly company security audits and penetration testing strategy
• Assist in the deployment of NAVBLUE’s security policy with the goal of Maintaining ISO 27001/2 certification using the policies, standards and procedures that have already been developed.
• Contribute to the preparation and dissemination of a Security Awareness Program to NAVBLUE staff
• Maintain documentation at a level that meets the audit requirements  ISO 27001/2
• Help to develop and improve the IT Business Continuity procedures and processes and other applicable security regulations.
• Ensure the implementation and assessment of the security in NAVBLUE’s supply chain, and support the risk identification if needed
• Be the security focal point  and support the other functions with regards to customers request on security

‍

‍

Qualified Experience/Skills/Training

Education:

‍

• Successful completion of an Academic degree in Information Technology, Information Security Management System or equivalent

‍

Experience:

• Solid experience in Security.
• 1 to 3 years experience in Governance, Risk and Compliance

• Must be a reliable, responsible self-starter with a demonstrated ability to work independently and prioritize effectively.

‍

‍

Licensure/Certifications:

• Holder of security certifications (SSCP, ISO 27005 Risk Manager, ISO 27001 Auditor etc.) would be an asset
• Knowledge of security regulations would be an asset
• Knowledge of physical security would be an asset

‍

‍

Communication Skills (Spoken, Written, Influencing, Proficiency in Other Languages):

‍

• Communication skills appropriate for interfacing at all levels of the organization including senior management and technical staff including documentation (top level policies, technical standards, etc.)
• Must work effectively with others in a team environment with strong skills in stakeholder management

• Project management skills and highly organized, capable of delivering projects on-time and on-budget
• Ability to work in an international environment spanning different jurisdictions with potentially different impacts on security

‍

‍

Technical Systems Proficiency:

• Working experience with Information Security Management System
• Understanding of security audit programs
• Understanding of advanced security protocols and standards
• Experience with software and security architectures
• Understanding of supply chain contractual framework
• Understanding of security regulations
• Risk and vulnerability analysis.
• Knowledge of security impact on safety
• Experience with monitoring tools
• Knowledge of project management methodologies (LBIP, Agile, etc).

‍

‍

Travel Required:

• 5% Domestic and International

‍