MAGROUP - Magnaghi Aerospace is an international company with plants in Italy, the United States, Brazil, the United Kingdom, and Canada. The Group has over 80 years of experience in the sector, having produced more than 20,000 landing gear assemblies and over 40,000 aerostructures for more than 10,000 aircraft.

In compliance with EASA Part-IS Regulations, the organization intends to strengthen its Information Security governance, with a particular focus on the impact of cyber risks on safety, airworthiness, and regulatory compliance. Therefore, we are looking for an Information Security Manager (ISM) to join our Group in a growing and stimulating environment.

The Information Security Manager (ISM) will be responsible for defining, implementing, and maintaining the organization's information security management system (ISMS), ensuring that cyber risks are identified, assessed, and mitigated, taking into account their potential direct or indirect impact on safety.

Education

Technical/scientific degree (Engineering, Computer Science, or similar)

CISM, CISSP, ISO/IEC 27001 Lead Implementer, or Lead Auditor certifications are preferred

Technical Skills

Solid experience in Information Security/Cybersecurity.

Knowledge of information security management systems (ISMS).

Ability to assess risk beyond the IT dimension alone.

Regulatory and safety skills

Understanding of the concepts of:.

• Safety
• Airworthiness
• Aviation compliance.
• Ability to communicate with:
• Quality Manager
• Safety Manager
• Accountable Manager.

Managerial skills

Cross-functional leadership.

Ability to influence strategic decisions.

Excellent communication and reporting skills to management.

Experience

At least 7 years of experience in cybersecurity.

At least 3 years in roles involving responsibility or coordination.

Experience in the following environments:

• Regulated
• Industrial
• Safety-critical

Key Responsibilities

Governance and strategy

Define and maintain the company's Information Security strategy.

Ensure alignment between Information Security, Safety, Quality, and Compliance.

Develop policies, procedures, and standards in accordance with Part-IS.

Management system (ISMS)

Design, implement, and maintain an ISMS proportionate to the complexity of the organization.

Ensure the integration of the ISMS with:

• QMS
• SMS
• Aviation compliance systems.

Risk management and safety

·Lead the cyber risk assessment process in accordance with Parte-IS.

·Explicitly assess the link between cyber risk and impact on safety.

·Support management in risk acceptance and any exemptions pursuant to IS.D/I.OR.200(e).

Incident management and resilience

Define and supervise:

• incident response
• business continuity
• disaster recovery

Assess cyber incidents also for their impact on safety.

Coordinate reporting to top management and, if required, to the authorities.

Relationship with Authorities and Audits

• Act as a point of contact with ENAC/EASA for Information Security issues.
• Support audits, inspections, and surveillance activities.
• Ensure the traceability of decisions in the cyber field.

Responsibility for operational area

Production (Part-21)

Data protection for:

• design and configuration
• production processes
• work instructions.

System security:

• PLM
• MES
• CAD/CAM.

Prevention of the use of unapproved or obsolete data.

Maintenance (Part-145)

Guarantee of integrity and authenticity of:

• maintenance records
• inspection data
• release certificates.

Security of MRO systems and traceability of activities.

Note to candidates

This role is not an operational IT role.

It is a governance position with direct responsibility for information security as an enabler of aviation safety and compliance.

The search is open to candidates of all genders (Law 903/77).

MAGROUP is committed to promoting diversity, equity, and inclusion.

The Group takes measures to ensure equal opportunities for all candidates.

At MAGROUP Magnaghi Aerospace, everyone is invited to contribute to the success of our Group