ROLE DESCRIPTION SUMMARY

The selected candidate will take on the role of Project Security Officer (PSO) for EU/ESA “protected” and “classified” information related to the IRIS2 Programme

In this capacity, they will oversee daily security operations, ensuring compliance with local laws, regulations, and jurisdictional requirements related to the handling of 'protected' and 'classified' information associated with the activity.

The selected candidate will be personally responsible for ensuring the activity’s adherence to EU/ESA regulations governing protection of 'protected' and 'classified' information within the scope of the activity itself.

As a member of an agile project organization, you will be expected to bring a flexible way of working and an adaptive mindset to a dynamic development environment.    

PRIMARY RESPONSIBILITIES / KEY RESULT AREAS

Limited to your relevant area of activityand in coordination with the Local Security Officer:

• Primary Contact for Security: Act as the primary contact for 'protected' and 'classified' securityrelated matters, limited to the activity and ensuring compliance with established National and <EU/ESA/NATO> security protocols.
• Management of Access and Security Requests: Prepares Need-to-Know authorizations and Requests for Visit, liaising with the Security Office for approval. Maintains a clear, auditable record of Need-to-Know access, ensuring proper control and withdrawal as needed, in coordination with the Local Security Officer. Oversee and vouch for Personal Security Clearance (PSC) requirements for this activity, by ensuring coordination with the Local Security Officer solely responsible for the PSC process.
• Team Support and Inquiry Response: Address "protected" and "classified" security-related inquiries from the activity and provide guidance on policies, procedures, and compliance requirements.
• Implementation of Security Framework: Implement the SES security framework for National and <EU/ESA/NATO> “protected” and “classified” information within the activity, ensuring compliance with organizational objectives, national laws, and programme security requirements. In liaison with the Local Security Officer, apply and tailor the Security Management Plan (SMP) to meet the programme needs.
• Policy Execution and Compliance: In alignment with organizational objectives, national laws and regulations, and programme security requirements, implement and enforce security policies, standards, and procedures to safeguard "protected" and "classified" information.
• Regulatory Adherence: Ensure adherence to international, and local regulations governing “protected and “classified” information security, adjusting operational practices as needed to remain compliant.
• Risk Assessment and Mitigation: Perform risk assessments on the security of “protected” and “classified” information and implement mitigation measures within the established risk management framework, as approved by the Local Security Officer.
• Incident Response and Crisis Management: Support the Local Security Officer in implementing and maintaining the incident response plan for security breaches involving “protected” and “classified” information within the activity. Assist in the organization's response to security incidents, ensuring swift action and minimal impact while following the plan established by the LSO.
• Training and Awareness Programs: Deliver security awareness programs for employees, reinforcing the importance of protecting “protected” and “classified” information and following established security policies.
• Operational Coordination with Local Security Officers: Collaborate with Local Security Officers to ensure uniform application of security policies and procedures across all global locations.
• Security Systems and Technology Implementation: Support the deployment and maintenance of security technologies and systems for protecting “protected” and “classified” information, including encryption and access controls.
• Stakeholder Communication and Reporting: Communicate effectively with internal and external stakeholders on security matters, representing the organisation limited to the activity and limited to the activity related customer, partners and subcontractors
• Process Optimization and Continuous Improvement: Monitor and enhance security practices in cooperation with the Local Security Officer to address emerging threats and evolving business requirements.
• Certification and Compliance Support: Assist in the certification and accreditation process of the organization's products, ensuring compliance with security standards and regulatory requirements.
• Secure Configuration and Documentation Management: In the absence of a Project Secure Configuration and Documentation Management expert, support processes, tools, and standardisation for “protected” and “classified” information, including documentation registration and distribution, project reviews and data package coordination, configuration record management, document retrieval and exchange, and liaison with project partners and customers. 

Ensure the quality of documentation and verify that appropriate security protection markings are applied.

Make available key security artifacts such as the Program Security Instruction (PSI), Security Aspect Letter (SAL), Security Classification Guideline (SCG) or Security Marking Guide (SMG), and any relevant security annexes or references specified for the activity. 

• Audit Facilitation and Compliance: Act as the primary point of contact for internal and external security audits of the activity. Ensure readiness, provide necessary documentation, and coordinate responses to audit requirements for “protected” and “classified” information. Perform the audit and compliance checking of SES and the Industrial partners compliance to the PSI, SMP etc

COMPETENCIES

• Knowledge of national and international protocols, standards, and regulations for EU/ESA/NATO and military “protected” and “classified” information.
• Awareness of laws governing “protected” and “classified” information to ensure adherence to security requirements.
• Ability to apply security strategies and policies effectively.
• Competence in assessing risks and implementing measures to protect “classified” information.
• Capability to support incident response plans and assist in managing security incidents.
• Strong ability to coordinate with internal and external stakeholders on security matters.
• Willingness to stay updated on evolving security threats and best practices.
• Commitment to integrity and confidentiality in handling sensitive information.
• Knowledge of security, and information protection practices, encryption and secure communications.

QUALIFICATIONS & EXPERIENCE

• Master's degree in Security Management, Information Security or a related field, ensuring a solid academic foundation in security principles and practices. 
• A minimum of 2 to 5 years of experience in a position, with specific experience in managing “protected” and “classified” information.
• Comprehensive understanding of national and international protocols, standards, and regulations governing ESA or EU or NATO> "protected" and "classified" information, ensuring full compliance within the scope of the project, proposal, or service.
• Proven track record in the accreditation and certification of systems and information within the ESA or EU or NATO, or similar regulatory frameworks, demonstrating specific expertise in navigating complex accreditation processes and achieving certification for sensitive and “classified” systems. 
• Proven ability to develop, implement, and oversee security strategies, policies, and governance frameworks to maintain the operational security integrity of the activity.
• Demonstrated experience in leading and coordinating teams across multiple jurisdictions, ensuring cohesive implementation of security measures for the given activity.
• Strong ability to articulate security needs, collaborate with internal and external stakeholders, and represent security interests at the project, national, and international levels.
• Demonstrated ability to manage crises and respond effectively to security incidents, highlighting resilience and adeptness in handling emergency situations.
• Willingness to travel internationally as required, indicating flexibility and readiness to address security matters on the global activity scale.
• Proficiency in English and the official language(s) of the country where the business unit is registered.

OTHER KEY REQUIREMENTS / COMMENTS

• The candidate must have a valid “SECRET” security clearance, in accordance with the “loi modifiée du 15 juin 2004 relative à la classification des pièces et aux habilitations de sécurité”, as well as EU equivalents
• Willing to work at least 60% onsite from office
• Travel as required for project realization purposes