Your responsibilities

• Security Program Leadership: Develop and execute enterprise-wide information security strategies, policies, and procedures aligned with business objectives and aviation industry requirements
• ISO 27001 Implementation: Lead the organization through ISO 27001 compliance certification, including gap analysis, control implementation, risk management, and ongoing maintenance of the Information Security Management System (ISMS)
• EASA Part-IS Certification: Guide the company through EASA Part-IS (Information Security) certification process, ensuring compliance with aviation-specific cybersecurity regulations and standards
• Risk Management: Conduct comprehensive information security risk assessments, develop risk mitigation strategies, and maintain enterprise risk registers for both technical and operational security threats
• Security Architecture: Design and implement security architectures for Azure cloud environments and hybrid infrastructures, ensuring protection of helicopter operations data, maintenance systems, and customer information throughout the cloud migration journey
• Azure Security Implementation: Lead the security aspects of the Azure cloud transformation, including Microsoft Defender for Cloud (MDC) configuration, identity and access management (Azure AD / Entra ID), Key Vault implementation, and network security groups optimization
• Security Monitoring and Management: Manage existing and potential new cybersecurity tools and technologies to ensure 24/7 monitoring and protection of company assets using Microsoft Defender XDR, Microsoft Sentinel and ProofPoint
• Incident Response Management: Establish and lead incident response capabilities, including security operations center (SOC) oversight, threat hunting, and digital forensics coordination
• Compliance & Audit Management: Oversee internal and external security audits, manage regulatory compliance requirements, and ensure adherence to aviation industry standards and frameworks
• Third-Party Risk Management: Develop vendor security assessment programs, manage supply chain cybersecurity risks, and oversee security due diligence for partnerships and acquisitions
• Security Awareness & Training: Implement comprehensive security awareness programs for all employees, including specialized training for aviation operations and maintenance personnel
• Governance & Reporting: Provide regular security metrics and reporting to executive leadership and board of directors, including risk dashboards and compliance status updates
• Business Continuity: Develop and maintain business continuity and disaster recovery plans with specific focus on maintaining helicopter operations during security incidents
• Technology Innovation: Evaluate and implement emerging security technologies including AI-powered threat detection, zero trust architectures, and cloud security solutions

Employer requirements

• CISSP Certification: Current Certified Information Systems Security Professional (CISSP) certification is mandatory
• ISO 27001 Experience: Proven track record of successfully leading organizations through ISO 27001 compliance and certification processes
• EASA Part-IS Knowledge: Experience with EASA Part-IS certification or equivalent aviation cybersecurity regulations (training provided if needed)
• 8+ years of progressive information security leadership experience in enterprise environments
• 5+ years of management experience leading cybersecurity teams and programs
• Security Frameworks: Deep knowledge of NIST Cybersecurity Framework, ISO 27001/27002, COBIT, and aviation-specific security standards
• Cloud Security: Expert-level knowledge of Azure security services including Security Center/Defender for Cloud, Sentinel SIEM, Azure AD/Entra ID, Key Vault, and Azure Policy. Experience with cloud security posture management and zero trust architectures in Azure environments
• Risk Management: Advanced skills in quantitative and qualitative risk assessment methodologies, threat modeling, and business impact analysis
• Incident Response: Experience designing and leading incident response programs, forensics investigations, and crisis management
• Security Technologies: Knowledge of SIEM/SOAR platforms, endpoint protection, network security, identity and access management, and emerging security tools
• Governance & Compliance: Understanding of regulatory compliance frameworks including GDPR, SOX, and industry-specific aviation regulations
• Aviation Security: Understanding of aviation industry cybersecurity challenges, operational technology security, and helicopter operations (preferred)
• Regulatory Environment: Familiarity with EASA regulations, CAA/NAA cybersecurity guidelines, and international aviation security standards
• Risk Assessment: Knowledge of aviation-specific risk assessment methodologies and safety management systems
• Certified Information Security Manager (CISM)
• Certified in Risk and Information Systems Control (CRISC)
• ISO 27001 Lead Auditor/Implementer certification
• Cloud security certifications (Azure Security Engineer, AWS Security)
• SANS leadership certifications (SANS Management 414, 512)
• Strategic Leadership: Proven ability to align security initiatives with business objectives and drive organizational change
• Communication Excellence: Outstanding verbal and written communication skills to engage with executives, board members, and technical teams
• Analytical Mindset: Strong problem-solving abilities with experience making data-driven security decisions
• Project Management: Demonstrated success managing complex compliance projects and security transformations
• Adaptability: Ability to thrive in dynamic environments and navigate the complexities of digital transformation
• Integrity: Uncompromising ethical standards and commitment to protecting organizational assets and stakeholder trust
• Industry Passion: Interest in aviation industry and understanding of the unique security challenges in helicopter operations
• Global Perspective: Experience working with international teams and managing security across multiple geographic regions
• Continuous Learning: Commitment to staying current with evolving threat landscape and emerging security technologies
• Crisis Management: Calm under pressure with experience managing security incidents and crisis communications
• This is remote work position based anywhere in Poland working Monday through Friday
• Eligible to work in Poland (citizenship, permanent residency, or valid work visa)
• Available for after-hours support and emergency response as needed
• Willing to travel within Poland and internationally for remote site visits (typically 15-20% travel)