ESA

Project / System Security Officer (PSSO)

Paris, France

Full Time

3 hours ago

Back to jobs

Job description

Location
ESRIN, Frascati, Italy

Description

Project/System Security Officer (PSSO) in the Space Transportation Security and Compliance Office, Infrastructure and Value Chain, Directorate of Space Transportation.
The ESA Space Transportation (STS) mission is to provide and implement a space transportation strategy that gives institutional and commercial actors in ESA’s Member States an autonomous gateway to space.
The STS programmes managed at ESA/ESRIN and at ESA/HQ-Daumesnil require the support of a PSSO who is responsible for the daily management of all IT and cyber-related security aspects. This position is currently based at ESA/ESRIN (Frascati), but could also be located at ESA/HQ (Paris), and is under the responsibility of the Head of the Space Transportation Security and Compliance Office.

Duties

Your tasks and responsibilities will include:

Supervising and ensuring the security of the Directorate’s communication and information systems (CIS) at corporate and space project level;
Implementing the security of the CIS in accordance with an information security management system based on a security risk assessment conducted throughout the project’s or programme’s lifetime, either directly by you or under your supervision and verification;
Following up security risk management for programmes and projects;
Defining, maintaining and ensuring the implementation of the system-specific security requirements statements (SSRS/SISRS) of the CIS and any interconnections with external CIS, at corporate and space project level, for endorsement by the ESA Security Accreditation Authority;
Ensuring the acceptance tests for implemented CIS security measures are performed, and certifying the CIS installation and deployment;
Specifying and documenting the system security operations procedures for approval by the ESA Security Accreditation Authority;
Defining and proposing the Cyber Security Implementation Policy and supporting the implementation plan;
Implementing, or verifying the correct implementation of, the relevant security operations procedures;
Advising the relevant Configuration Control and Management Boards on the security implications of proposed changes to CIS software, hardware, firmware and/or operating procedures;
Providing reports and recommendations for security improvements and lessons learned;
Preparing the relevant data protection notification records in coordination with the ESA Data Protection Officer Service and following up the correct implementation of the recommendations provided;
Reporting any security breaches, vulnerabilities or anomalies in accordance with the Security Directives and policy on security management;
Taking any necessary action to contain security breaches in the event of a security incident concerning the CIS for which you are responsible;
Participating in the Agency-wide network of PSSOs coordinated by the ESA INFOSEC Policy Officer;
Participating as auditor or inspector in the ESA Security Office’s audits or inspections of CIS for which you are not responsible (only when requested);
Acting as STS sub-registry registrar (or deputy registrar) for ESRIN Zone 5;
Providing operational security support, as relevant, to the activities linked to the agreement regarding ESA’s assistance to Italy concerning space transportation and in-orbit servicing (known as the PNRR programme).

Technical competencies

You must have at least 10 years of professional experience in the field.

Knowledge of ESA Security Directives, ECSS standards, export control laws (ITAR and EAR) and GDPR would be an asset.

Experience of security accreditation processes, compliance audits and certification frameworks for space programmes.

In-depth knowledge of ESA space programmes such as Space Rider, Vega and Ariane (with proven experience of having supported space programmes in security-related matters).

Professional qualifications/certification such as ISO 27001/22301/31000 Auditor, CISSP, CISM, CRISC or TOGAF would be highly beneficial.

Behavioural competencies

Result Orientation
Operational Efficiency
Fostering Cooperation
Relationship Management
Continuous Improvement
Forward Thinking

For more information, please refer to ESA Core Behavioural Competencies guidebook

Education

A master’s degree preferably in the IT engineering/cyber security domain.

Additional requirements

You will have to undergo a security procedure/investigation from your parent national security authority in order to obtain personnel security clearance.
Once selected, you will have to follow ESA internal training based on the ESA Security Directives and pass the related tests organised by the ESA Security Office in order to be confirmed in the position.
Full professional proficiency in English (both spoken and written) is indispensable. Good knowledge of French would be an additional asset.

Diversity, Equity and Inclusiveness
ESA is an equal opportunity employer, committed to achieving diversity within the workforce and creating an inclusive working environment. We therefore welcome applications from all qualified candidates irrespective of gender, sexual orientation, ethnicity, beliefs, age, disability or other characteristics. Applications from women are encouraged. At the Agency we value diversity, and we welcome people with disabilities. Whenever possible, we seek to accommodate individuals with disabilities by providing the necessary support at the workplace. The Human Resources Department can also provide assistance during the recruitment process. If you would like to discuss this further, please contact us via email at contact.human.resources@esa.int.

Important Information and Disclaimer
In principle, recruitment will be within the advertised grade band (A2-A4). However, if the selected candidate has less than four years of relevant professional experience following the completion of the master’s degree, the position may be filled at A1 level.

Applicants must be eligible to access information, technology, and hardware which is subject to European or US export control and sanctions regulations & eligible to acquire the security clearance by their national security administrations.

During the recruitment process, the Agency may request applicants to undergo selection tests. Additionally, successful candidates will need to undergo basic screening before appointment, which will be conducted by an external background screening service, in compliance with the European Space Agency's security procedures.

Note that ESA is in the process of transitioning to a Matrix setup, which could lead to organisational changes affecting this position.

The information published on ESA’s careers website regarding working conditions is correct at the time of publication. It is not intended to be exhaustive and may not address all questions you would have.

Nationality and Languages
Please note that applications are only considered from nationals of one of the following States: Austria, Belgium, Czechia, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Luxembourg, the Netherlands, Norway, Poland, Portugal, Romania, Slovenia, Spain, Sweden, Switzerland, the United Kingdom and Canada, Latvia, Lithuania and Slovakia.

When short-listing for an interview, priority will first be given to internal candidates.

Knowledge of another Member State language would be an asset.