{"id":248,"date":"2025-10-17T12:19:57","date_gmt":"2025-10-17T10:19:57","guid":{"rendered":"https:\/\/www.airvitosha.com\/?page_id=248"},"modified":"2025-10-17T12:20:16","modified_gmt":"2025-10-17T10:20:16","slug":"it-manager-part-is","status":"publish","type":"page","link":"https:\/\/www.airvitosha.com\/index.php\/careers\/it-manager-part-is\/","title":{"rendered":"IT Manager &#8211; Part IS"},"content":{"rendered":"\n<h1 class=\"wp-block-heading\"><strong>IT &amp; Information Security Manager (AOC Operator  Part-IS)<\/strong><\/h1>\n\n\n\n<p><strong>Location:<\/strong>&nbsp;Malta (on-site hybrid)<\/p>\n\n\n\n<p><strong>Department:<\/strong>&nbsp;Technology, Flight Operations Support &amp; Compliance<\/p>\n\n\n\n<p><strong>Reports to:<\/strong>&nbsp;Accountable Manager (dotted line to Safety Manager &amp; Compliance Monitoring)<\/p>\n\n\n\n<p><strong>Type:<\/strong>&nbsp;Full-time, permanent<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Role purpose<\/strong><\/h2>\n\n\n\n<p>Lead all IT operations and cybersecurity for the airline and build\/own an Information Security Management System (ISMS) compliant with&nbsp;<strong>EASA Part-IS<\/strong>&nbsp;for an AOC environment. You\u2019ll ensure secure, resilient technology for the&nbsp;<strong>OCC<\/strong>,&nbsp;<strong>Flight Operations<\/strong>,&nbsp;<strong>Ground Operations<\/strong>, and&nbsp;<strong>Continuing Airworthiness interfaces<\/strong>, maintain the&nbsp;<strong>Information Security Management Manual (ISMM)<\/strong>, and manage internal\/external reporting and authority oversight with&nbsp;<strong>TM-CAD<\/strong>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Key responsibilities<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>1) Airline IT operations (AOC focus)<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Own availability, performance, and security of ops-critical systems: flight planning &amp; dispatch, crew rostering, OCC tools,\u00a0<strong>EFB\/EFF<\/strong>,\u00a0<strong>PSS\/DCS<\/strong>, weight &amp; balance, load control, slots\/NOTAMs, movement control, MRO\/CAMO interfaces, ACARS\/CPDLC gateways, and network\/connectivity (incl. aircraft connectivity &amp; satcom where applicable).<\/li>\n\n\n\n<li>Ensure robust identity\/access, endpoint management, and secure collaboration for crew and ground staff (incl. BYOD\/EFB if applicable).<\/li>\n\n\n\n<li>Manage vendors, SLAs, budgets; negotiate and govern\u00a0<strong>SaaS\/PSS\/DCS<\/strong>\u00a0providers and ground handler\/MRO integrations.<\/li>\n\n\n\n<li>Coordinate tightly with Nominated Persons (Flight Ops, Ground Ops, Continuing Airworthiness) to align tools, data flows, and change windows with operational realities.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>2) Part-IS leadership &amp; compliance<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Design, implement, and run an\u00a0<strong>ISMS<\/strong>\u00a0tailored to an AOC operator; maintain the\u00a0<strong>ISMM<\/strong>\u00a0and keep scope\/roles\/controls current with fleet, routes, and supplier landscape.<\/li>\n\n\n\n<li>Establish and run internal\u00a0<strong>information-security occurrence reporting<\/strong>\u00a0linked to the SMS; manage external reporting to the authority for events with potential aviation-safety impact.<\/li>\n\n\n\n<li>Prepare for and host authority oversight; track findings, implement corrective actions, and maintain evidence for present\/suitable\/operating\/effective stages.<\/li>\n\n\n\n<li>Embed Part-IS requirements into Ops Manuals references (e.g., OM-A governance touchpoints, EFB program), change management, and safety-risk processes.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>3) Risk management, resilience &amp; assurance<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Run security risk assessments focused on\u00a0<strong>operational impact<\/strong>\u00a0(flight safety, dispatch continuity, passenger service disruption); integrate with the\u00a0<strong>SMS<\/strong>\u00a0and management system.<\/li>\n\n\n\n<li>Implement and test controls: vulnerability and patch management, logging\/monitoring\/SIEM, privileged access, backup\/restore, DR\/BCP for OCC\/flight-critical systems, and phishing\/awareness.<\/li>\n\n\n\n<li>Plan and execute internal audits and exercises (table-top and technical), including EFB compromise drills, OCC loss-of-service scenarios, and third-party compromise simulations.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>4) EFB &amp; operational data protection<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Govern the\u00a0<strong>EFB<\/strong>\u00a0program security (device hardening, content management, revision control, secure distribution, offline integrity, incident response).<\/li>\n\n\n\n<li>Safeguard operational datasets (flight plans, MEL\/defects, crew data, movement &amp; turnaround data, weight &amp; balance, PNR\/APIS\/PNLG if handled) with appropriate classification and controls.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>5) Third-party &amp; supply-chain security<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Build and enforce supplier due diligence and contractual security clauses for PSS\/DCS, ground handlers, MRO\/CAMO partners, catering\/PRM providers, and airport\/IT MSPs.<\/li>\n\n\n\n<li>Monitor interfaces and data exchange (APIs, SFTP, AIDX\/EDIFACT, message brokers) and ensure secure onboarding\/off-boarding.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>6) Governance, training &amp; culture<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Chair the ISMS steering forum; provide clear risk dashboards and briefings to the Accountable Manager, Safety Board, and EXCO.<\/li>\n\n\n\n<li>Define responsibilities (e.g., Information Security Manager role, EFB Admin, Local Security Coordinators in OCC\/Stations) and deliver role-based training and recurrent awareness.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Required profile<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Degree in IT\/Computer Science\/Engineering (Master\u2019s a plus).<\/li>\n\n\n\n<li><strong>2+ years<\/strong>\u00a0in IT operations\/cybersecurity with\u00a0experience in a regulated or safety-critical setting (airline\/airport\/ANSP\/MRO preferred).<\/li>\n\n\n\n<li>Demonstrable experience\u00a0<strong>building or running an ISO 27001-aligned ISMS<\/strong>; policy, risk, audit, and incident-response depth.<\/li>\n\n\n\n<li>Hands-on with Microsoft 365\/Azure\/AAD, networks, identity, endpoint management, and cloud security; practical familiarity with airline stacks (EFB\/EFF, PSS\/DCS, W&amp;B, crew\/rostering, flight planning).<\/li>\n\n\n\n<li>Clear understanding of\u00a0<strong>EASA Part-IS<\/strong>\u00a0obligations (ISMS, ISMM, occurrence reporting, oversight) and how they integrate with\u00a0<strong>AOC Management System &amp; SMS<\/strong>\u00a0in Malta (TM-CAD).<\/li>\n\n\n\n<li>Certifications (nice to have): ISO\/IEC 27001 Lead Implementer\/Lead Auditor, CISM\/CISSP, ITIL 4; cloud security certs.<\/li>\n\n\n\n<li>Strong stakeholder skills across Accountable Manager, Nominated Persons (FO\/GO\/CA), Safety, Compliance Monitoring, OCC, Stations, and external providers.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Success measures (first 12 months)<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>ISMM approved<\/strong>\u00a0and ISMS operating effectively; authority oversight results with timely closure of any findings.<\/li>\n\n\n\n<li><strong>EFB security<\/strong>\u00a0fully implemented (device baseline, signed content, rapid revocation) and proven in exercises.<\/li>\n\n\n\n<li><strong>OCC\/flight-critical BCP<\/strong>\u00a0tested with agreed RTO\/RPO; restoration drills completed and documented.<\/li>\n\n\n\n<li><strong>Supplier security<\/strong>\u00a0baselined for 100% of PSS\/DCS, ground handling, and MRO\/CAMO interfaces; remediation plans tracked.<\/li>\n\n\n\n<li><strong>Training &amp; culture:<\/strong>\u00a0>95% completion for assigned roles; phishing and response metrics show measurable improvement.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>What we offer <\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Competitive salary &amp; bonus; private health cover; training budget (incl. ISO 27001\/Part-IS).<\/li>\n\n\n\n<li>Travel benefits per policy; modern tooling; opportunity to shape airline-grade resilience and safety.<\/li>\n<\/ul>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>IT &amp; Information Security Manager (AOC Operator Part-IS) Location:&nbsp;Malta (on-site hybrid) Department:&nbsp;Technology, Flight Operations Support &amp; Compliance Reports to:&nbsp;Accountable Manager (dotted line to Safety Manager &amp; Compliance Monitoring) Type:&nbsp;Full-time, permanent Role purpose Lead all IT operations and cybersecurity for the airline and build\/own an Information Security Management System (ISMS) compliant with&nbsp;EASA Part-IS&nbsp;for an AOC environment. &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/www.airvitosha.com\/index.php\/careers\/it-manager-part-is\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;IT Manager &#8211; Part IS&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"parent":181,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-248","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/www.airvitosha.com\/index.php\/wp-json\/wp\/v2\/pages\/248","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.airvitosha.com\/index.php\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.airvitosha.com\/index.php\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.airvitosha.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.airvitosha.com\/index.php\/wp-json\/wp\/v2\/comments?post=248"}],"version-history":[{"count":1,"href":"https:\/\/www.airvitosha.com\/index.php\/wp-json\/wp\/v2\/pages\/248\/revisions"}],"predecessor-version":[{"id":251,"href":"https:\/\/www.airvitosha.com\/index.php\/wp-json\/wp\/v2\/pages\/248\/revisions\/251"}],"up":[{"embeddable":true,"href":"https:\/\/www.airvitosha.com\/index.php\/wp-json\/wp\/v2\/pages\/181"}],"wp:attachment":[{"href":"https:\/\/www.airvitosha.com\/index.php\/wp-json\/wp\/v2\/media?parent=248"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}