Key Responsibilities:

• Embed cybersecurity best practices throughout the product development lifecycle, from design to verification, for our cutting-edge IFEC products and services.
• Conduct in-depth security testing, including vulnerability assessments, penetration testing, and evaluations mandated by OEMs like Airbus and Boeing.
• Dive into testing reports, validate findings, and partner with engineering teams to devise secure, budget-friendly fixes.
• Craft and maintain essential OEM-required security documentation, supporting audits and submissions with precision.
• Build and refine internal governance materials, such as policies, procedures, and security frameworks, to foster a culture of compliance.
• Break down regulatory, OEM, and industry standards into clear engineering tasks, collaborating with software, hardware, systems, and test teams for seamless implementation.
• Lead cross-functional initiatives with product management, engineering, compliance, and operational security to integrate security consistently.
• Stay vigilant on evolving cybersecurity standards, assessing impacts on our IFEC offerings and spearheading necessary adaptations.
• Contribute to security reviews, risk assessments, audits, and certifications, both internally and externally.
• Drive ongoing improvements in product security, including enhancements in logging, anomaly detection, cryptography, and secure development practices.
• Act as the key point of contact with OEM security teams, handling reviews, audits, and technical dialogues.
• Monitor OEM requirement shifts, evaluate implications, and implement strategies for sustained compliance.
• Champion process improvements to streamline compliance and governance in product security.

What We're Looking For:

• A strong foundation in product security principles, including threat modeling, risk management, and secure development lifecycles.
• Expertise in risk assessment and governance methodologies like EBIOS, ISO 27001, ISO 31000, NIST CSF, and STRIDE.
• Familiarity with OEM cybersecurity standards (e.g., Airbus, Boeing) in the aviation or IFEC space.
• Proven track record leading compliance projects from requirement interpretation to technical rollout.
• Exceptional technical writing skills for creating auditable governance documentation.
• Solid organizational and project management abilities to handle recurring cycles and processes.
• Outstanding communication and leadership to collaborate with diverse teams and stakeholders.
• Analytical prowess to interpret and integrate OEM requirements into compliance and governance frameworks.

Qualifications:

• Bachelor's degree in Computer Science, Cybersecurity, Information Security, Engineering, or a related field.
• 5+ years in cybersecurity, product security, or compliance roles—aviation or regulated industries a big plus.
• Hands-on experience with risk assessments, threat modeling, and governance documentation.
• Background in compliance frameworks and technical security docs.
• Exposure to OEM requirements (Airbus, Boeing) highly preferred.
• Certifications like CISSP, CSA, ISO 27001 Lead Implementer/Auditor, GIAC GSEC, or equivalents are advantageous.