IT & Information Security Manager (AOC Operator Part-IS) FILLED at Air Vitosha Ltd — NeverHard
IT & Information Security Manager (AOC Operator Part-IS) FILLED at Air Vitosha Ltd in Canada. Skills: ACARS, CAMO, CPDLC, Crew Scheduling, Cybersecurity. Apply on NeverHard.
Company
Air Vitosha Ltd
Location
Canada
Type
full_time
Required skills:
ACARS
CAMO
CPDLC
Crew Scheduling
Cybersecurity
DCC Tools
DCS
EASA Standards
EFNO
Flight Planning
Overview
IT & Information Security Manager (AOC Operator Part-IS)
– Malta (on-site). Department: Technology, Flight Operations Support & Compliance. Reports to: Accountable Manager (dotted line to Safety Manager & Compliance Monitoring). Type: Full-time, permanent.
Role purpose
Lead all IT operations and cybersecurity for the airline and build/own an Information Security Management System (ISMS) compliant with
EASA Part-IS
for an AOC environment. Ensure secure, resilient technology for the
OCC
,
Flight Operations
,
Ground Operations
, and
Continuing Airworthiness interfaces
, maintain the
Information Security Management Manual (ISMM)
, and manage internal/external reporting and authority oversight with
TM-CAD
.
Key Responsibilities
Airline IT operations (AOC focus)
Own availability, performance, and security of ops-critical systems: flight planning & dispatch, crew rostering, OCC tools, EFB/EFF, PSS/DCS, weight & balance, load control, slots/NOTAMs, movement control, MRO/CAMO interfaces, ACARS/CPDLC gateways, and network/connectivity (incl. aircraft connectivity & satcom where applicable).
Ensure robust identity/access, endpoint management, and secure collaboration for crew and ground staff (incl. BYOD/EFB if applicable).
Manage vendors, SLAs, budgets; negotiate and govern SaaS/PSS/DCS providers and ground handler/MRO integrations.
Coordinate tightly with Nominated Persons (Flight Ops, Ground Ops, Continuing Airworthiness) to align tools, data flows, and change windows with operational realities.
Part-IS leadership & compliance
Design, implement, and run an ISMS tailored to an AOC operator; maintain the ISMM and keep scope/roles/controls current with fleet, routes, and supplier landscape.
Establish and run internal information-security occurrence reporting linked to the SMS; manage external reporting to the authority for events with potential aviation-safety impact.
Prepare for and host authority oversight; track findings, implement corrective actions, and maintain evidence for present/suitable/operating/effective stages.
Embed Part-IS requirements into Ops Manuals references (e.g., OM-A governance touchpoints, EFB program), change management, and safety-risk processes.
Risk management, resilience & assurance
Run security risk assessments focused on operational impact (flight safety, dispatch continuity, passenger service disruption); integrate with the SMS and management system.
Implement and test controls: vulnerability and patch management, logging/monitoring/SIEM, privileged access, backup/restore, DR/BCP for OCC/flight-critical systems, and phishing/awareness.
Plan and execute internal audits and exercises (table-top and technical), including EFB compromise drills, OCC loss-of-service scenarios, and third-party compromise simulations.
EFB & operational data protection
Govern the EFB program security (device hardening, content management, revision control, secure distribution, offline integrity, incident response).
Safeguard operational datasets (flight plans, MEL/defects, crew data, movement & turnaround data, weight & balance, PNR/APIS/PNLG if handled) with appropriate classification and controls.
Third-party & supply-chain security
Build and enforce supplier due diligence and contractual security clauses for PSS/DCS, ground handlers, MRO/CAMO partners, catering/PRM providers, and airport/IT MSPs.
Monitor interfaces and data exchange (APIs, SFTP, AIDX/EDIFACT, message brokers) and ensure secure onboarding/off-boarding.
Governance, training & culture
Chair the ISMS steering forum; provide clear risk dashboards and briefings to the Accountable Manager, Safety Board, and EXCO.
Define responsibilities (e.g., Information Security Manager role, EFB Admin, Local Security Coordinators in OCC/Stations) and deliver role-based training and recurrent awareness.
Required Profile
Degree in IT/Computer Science/Engineering (Master’s a plus).
2+ years in IT operations/cybersecurity with experience in a regulated or safety-critical setting (airline/airport/ANSP/MRO preferred).
Demonstrable experience building or running an ISO 27001-aligned ISMS; policy, risk, audit, and incident-response depth.
Hands-on with Microsoft 365/Azure/AAD, networks, identity, endpoint management, and cloud security; practical familiarity with airline stacks (EFB/EFF, PSS/DCS, W&B, crew/rostering, flight planning).
Clear understanding of EASA Part-IS obligations (ISMS, ISMM, occurrence reporting, oversight) and how they integrate with AOC Management System & SMS in Malta (TM-CAD).
Certifications (nice to have): ISO/IEC 27001 Lead Implementer/Lead Auditor, CISM/CISSP, ITIL 4; cloud security certs.
Strong stakeholder skills across Accountable Manager, Nominated Persons (FO/GO/CA), Safety, Compliance Monitoring, OCC, Stations, and external providers.
Success measures (first 12 months)
ISMM approved and ISMS operating effectively; authority oversight results with timely closure of any findings.
EFB security fully implemented (device baseline, signed content, rapid revocation) and proven in exercises.
OCC/flight-critical BCP tested with agreed RTO/RPO; restoration drills completed and documented.
Supplier security baselined for 100% of PSS/DCS, ground handling, and MRO/CAMO interfaces; remediation plans tracked.
Training & culture: >95% completion for assigned roles; phishing and response metrics show measurable improvement.
What We Offer
Competitive salary & bonus; private health cover; training budget (incl. ISO 27001/Part-IS).
Travel benefits per policy; modern tooling; opportunity to shape airline-grade resilience and safety.
#J-18808-Ljbffr