NeverHard

IT & Information Security Manager (AOC Operator Part-IS) FILLED at Air Vitosha Ltd — NeverHard

IT & Information Security Manager (AOC Operator Part-IS) FILLED at Air Vitosha Ltd in Canada. Skills: ACARS, CAMO, CPDLC, Crew Scheduling, Cybersecurity. Apply on NeverHard.

Company
Air Vitosha Ltd
Location
Canada
Type
full_time

Required skills:

Overview IT & Information Security Manager (AOC Operator Part-IS) – Malta (on-site). Department: Technology, Flight Operations Support & Compliance. Reports to: Accountable Manager (dotted line to Safety Manager & Compliance Monitoring). Type: Full-time, permanent. Role purpose Lead all IT operations and cybersecurity for the airline and build/own an Information Security Management System (ISMS) compliant with EASA Part-IS for an AOC environment. Ensure secure, resilient technology for the OCC , Flight Operations , Ground Operations , and Continuing Airworthiness interfaces , maintain the Information Security Management Manual (ISMM) , and manage internal/external reporting and authority oversight with TM-CAD . Key Responsibilities Airline IT operations (AOC focus) Own availability, performance, and security of ops-critical systems: flight planning & dispatch, crew rostering, OCC tools, EFB/EFF, PSS/DCS, weight & balance, load control, slots/NOTAMs, movement control, MRO/CAMO interfaces, ACARS/CPDLC gateways, and network/connectivity (incl. aircraft connectivity & satcom where applicable). Ensure robust identity/access, endpoint management, and secure collaboration for crew and ground staff (incl. BYOD/EFB if applicable). Manage vendors, SLAs, budgets; negotiate and govern SaaS/PSS/DCS providers and ground handler/MRO integrations. Coordinate tightly with Nominated Persons (Flight Ops, Ground Ops, Continuing Airworthiness) to align tools, data flows, and change windows with operational realities. Part-IS leadership & compliance Design, implement, and run an ISMS tailored to an AOC operator; maintain the ISMM and keep scope/roles/controls current with fleet, routes, and supplier landscape. Establish and run internal information-security occurrence reporting linked to the SMS; manage external reporting to the authority for events with potential aviation-safety impact. Prepare for and host authority oversight; track findings, implement corrective actions, and maintain evidence for present/suitable/operating/effective stages. Embed Part-IS requirements into Ops Manuals references (e.g., OM-A governance touchpoints, EFB program), change management, and safety-risk processes. Risk management, resilience & assurance Run security risk assessments focused on operational impact (flight safety, dispatch continuity, passenger service disruption); integrate with the SMS and management system. Implement and test controls: vulnerability and patch management, logging/monitoring/SIEM, privileged access, backup/restore, DR/BCP for OCC/flight-critical systems, and phishing/awareness. Plan and execute internal audits and exercises (table-top and technical), including EFB compromise drills, OCC loss-of-service scenarios, and third-party compromise simulations. EFB & operational data protection Govern the EFB program security (device hardening, content management, revision control, secure distribution, offline integrity, incident response). Safeguard operational datasets (flight plans, MEL/defects, crew data, movement & turnaround data, weight & balance, PNR/APIS/PNLG if handled) with appropriate classification and controls. Third-party & supply-chain security Build and enforce supplier due diligence and contractual security clauses for PSS/DCS, ground handlers, MRO/CAMO partners, catering/PRM providers, and airport/IT MSPs. Monitor interfaces and data exchange (APIs, SFTP, AIDX/EDIFACT, message brokers) and ensure secure onboarding/off-boarding. Governance, training & culture Chair the ISMS steering forum; provide clear risk dashboards and briefings to the Accountable Manager, Safety Board, and EXCO. Define responsibilities (e.g., Information Security Manager role, EFB Admin, Local Security Coordinators in OCC/Stations) and deliver role-based training and recurrent awareness. Required Profile Degree in IT/Computer Science/Engineering (Master’s a plus). 2+ years in IT operations/cybersecurity with experience in a regulated or safety-critical setting (airline/airport/ANSP/MRO preferred). Demonstrable experience building or running an ISO 27001-aligned ISMS; policy, risk, audit, and incident-response depth. Hands-on with Microsoft 365/Azure/AAD, networks, identity, endpoint management, and cloud security; practical familiarity with airline stacks (EFB/EFF, PSS/DCS, W&B, crew/rostering, flight planning). Clear understanding of EASA Part-IS obligations (ISMS, ISMM, occurrence reporting, oversight) and how they integrate with AOC Management System & SMS in Malta (TM-CAD). Certifications (nice to have): ISO/IEC 27001 Lead Implementer/Lead Auditor, CISM/CISSP, ITIL 4; cloud security certs. Strong stakeholder skills across Accountable Manager, Nominated Persons (FO/GO/CA), Safety, Compliance Monitoring, OCC, Stations, and external providers. Success measures (first 12 months) ISMM approved and ISMS operating effectively; authority oversight results with timely closure of any findings. EFB security fully implemented (device baseline, signed content, rapid revocation) and proven in exercises. OCC/flight-critical BCP tested with agreed RTO/RPO; restoration drills completed and documented. Supplier security baselined for 100% of PSS/DCS, ground handling, and MRO/CAMO interfaces; remediation plans tracked. Training & culture: >95% completion for assigned roles; phishing and response metrics show measurable improvement. What We Offer Competitive salary & bonus; private health cover; training budget (incl. ISO 27001/Part-IS). Travel benefits per policy; modern tooling; opportunity to shape airline-grade resilience and safety. #J-18808-Ljbffr