IT Manager – Part IS

IT & Information Security Manager (AOC Operator Part-IS)

Location: Malta (on-site hybrid)

Department: Technology, Flight Operations Support & Compliance

Reports to: Accountable Manager (dotted line to Safety Manager & Compliance Monitoring)

Type: Full-time, permanent

Role purpose

Lead all IT operations and cybersecurity for the airline and build/own an Information Security Management System (ISMS) compliant with EASA Part-IS for an AOC environment. You’ll ensure secure, resilient technology for the OCCFlight OperationsGround Operations, and Continuing Airworthiness interfaces, maintain the Information Security Management Manual (ISMM), and manage internal/external reporting and authority oversight with TM-CAD.

Key responsibilities

1) Airline IT operations (AOC focus)

  • Own availability, performance, and security of ops-critical systems: flight planning & dispatch, crew rostering, OCC tools, EFB/EFFPSS/DCS, weight & balance, load control, slots/NOTAMs, movement control, MRO/CAMO interfaces, ACARS/CPDLC gateways, and network/connectivity (incl. aircraft connectivity & satcom where applicable).
  • Ensure robust identity/access, endpoint management, and secure collaboration for crew and ground staff (incl. BYOD/EFB if applicable).
  • Manage vendors, SLAs, budgets; negotiate and govern SaaS/PSS/DCS providers and ground handler/MRO integrations.
  • Coordinate tightly with Nominated Persons (Flight Ops, Ground Ops, Continuing Airworthiness) to align tools, data flows, and change windows with operational realities.

2) Part-IS leadership & compliance

  • Design, implement, and run an ISMS tailored to an AOC operator; maintain the ISMM and keep scope/roles/controls current with fleet, routes, and supplier landscape.
  • Establish and run internal information-security occurrence reporting linked to the SMS; manage external reporting to the authority for events with potential aviation-safety impact.
  • Prepare for and host authority oversight; track findings, implement corrective actions, and maintain evidence for present/suitable/operating/effective stages.
  • Embed Part-IS requirements into Ops Manuals references (e.g., OM-A governance touchpoints, EFB program), change management, and safety-risk processes.

3) Risk management, resilience & assurance

  • Run security risk assessments focused on operational impact (flight safety, dispatch continuity, passenger service disruption); integrate with the SMS and management system.
  • Implement and test controls: vulnerability and patch management, logging/monitoring/SIEM, privileged access, backup/restore, DR/BCP for OCC/flight-critical systems, and phishing/awareness.
  • Plan and execute internal audits and exercises (table-top and technical), including EFB compromise drills, OCC loss-of-service scenarios, and third-party compromise simulations.

4) EFB & operational data protection

  • Govern the EFB program security (device hardening, content management, revision control, secure distribution, offline integrity, incident response).
  • Safeguard operational datasets (flight plans, MEL/defects, crew data, movement & turnaround data, weight & balance, PNR/APIS/PNLG if handled) with appropriate classification and controls.

5) Third-party & supply-chain security

  • Build and enforce supplier due diligence and contractual security clauses for PSS/DCS, ground handlers, MRO/CAMO partners, catering/PRM providers, and airport/IT MSPs.
  • Monitor interfaces and data exchange (APIs, SFTP, AIDX/EDIFACT, message brokers) and ensure secure onboarding/off-boarding.

6) Governance, training & culture

  • Chair the ISMS steering forum; provide clear risk dashboards and briefings to the Accountable Manager, Safety Board, and EXCO.
  • Define responsibilities (e.g., Information Security Manager role, EFB Admin, Local Security Coordinators in OCC/Stations) and deliver role-based training and recurrent awareness.

Required profile

  • Degree in IT/Computer Science/Engineering (Master’s a plus).
  • 2+ years in IT operations/cybersecurity with experience in a regulated or safety-critical setting (airline/airport/ANSP/MRO preferred).
  • Demonstrable experience building or running an ISO 27001-aligned ISMS; policy, risk, audit, and incident-response depth.
  • Hands-on with Microsoft 365/Azure/AAD, networks, identity, endpoint management, and cloud security; practical familiarity with airline stacks (EFB/EFF, PSS/DCS, W&B, crew/rostering, flight planning).
  • Clear understanding of EASA Part-IS obligations (ISMS, ISMM, occurrence reporting, oversight) and how they integrate with AOC Management System & SMS in Malta (TM-CAD).
  • Certifications (nice to have): ISO/IEC 27001 Lead Implementer/Lead Auditor, CISM/CISSP, ITIL 4; cloud security certs.
  • Strong stakeholder skills across Accountable Manager, Nominated Persons (FO/GO/CA), Safety, Compliance Monitoring, OCC, Stations, and external providers.

Success measures (first 12 months)

  • ISMM approved and ISMS operating effectively; authority oversight results with timely closure of any findings.
  • EFB security fully implemented (device baseline, signed content, rapid revocation) and proven in exercises.
  • OCC/flight-critical BCP tested with agreed RTO/RPO; restoration drills completed and documented.
  • Supplier security baselined for 100% of PSS/DCS, ground handling, and MRO/CAMO interfaces; remediation plans tracked.
  • Training & culture: >95% completion for assigned roles; phishing and response metrics show measurable improvement.

What we offer

  • Competitive salary & bonus; private health cover; training budget (incl. ISO 27001/Part-IS).
  • Travel benefits per policy; modern tooling; opportunity to shape airline-grade resilience and safety.