Accountabilities 

The role is directly reporting to the Airbus China Region Head of Security, and is primarily accountable for maintaining the cyber security risk down to an acceptable level for assets under his area of responsibility. 

In addition to the direct reporting, the China Chief Information Security Officer (China CISO) has a dotted reporting line to the Corporate Chief Information Security Officer (Corporate CISO).

Is accountable on Digital Security related topics across IT, Industrial, Product & Services and People & Workplace for all Airbus Divisions and their controlled or joint controlled affiliates in China Region. 

The China CISO acts on behalf of the respective Division CISOs for Division specific topics.

Digital Security Strategy, Operating Model, and Risk ( 60%)

• Adapt and execute locally the Digital Security strategy, in line with the worldwide Corporate and Divisional Digital Security strategies
• Translate the Digital Security strategy into operational priorities in CHINA
• Ensure the operational strategy implementation (activities, projects, initiatives, etc.)
• Arbitrate and prioritize Digital Security operations and hot topics
• Drive a consistent overall planning, adherence and operating model of the China Digital Security operations, derived from a transparent and shared business risk-based framework and priorities in collaboration with local IM, Industrial, Products & Services and People & Workplace representatives, where relevant
• Collect, monitor, manage and report Digital Security risks to Corporate and to the relevant Divisions
• Represent respective Division CISO and coordinate accordingly for Divisional specific digital security topics in CHINA.

Legal & Compliance (20%)

• Ensure compliance with Airbus internal policies and Directives
• Represent Airbus and interact with regional digital security authorities and local Joint Venture partners
• Ensure compliance with Regional Digital Security laws and regulations

Financial resources (10%)

• Define Airbus China digital security budgets and liaise with relevant local and Corporate stakeholders (incl. Corporate CISO)
• Consolidate and coordinate local operational Digital Security budgets, and arbitrate on priorities

Human resources, talents & competences ( 10%)

• Coordinate and animate the local Digital Security team
• Be part of the nomination process for relevant Digital Security stakeholders in China

Responsibilities 

Digital Security Strategy, Operating Model, and Risk

• Ensure compliance with Digital Security Corporate and Divisional requirements / standards
• Enable business and transformation on Digital Security matters
• Ensure timely deployment of Corporate Digital Security initiatives
• Ensure business projects undergo the appropriate Digital Security validation processes
• Coordinate and facilitate China Digital Security initiatives and programmes
• Identify and consolidate Digital Security risks and their related response plan in CHINA

Financial resources

• Manage and monitor Digital Security budgets in CHINA.
• Define and implement a local Digital Security Make or Buy strategy, derived from and aligned with the Corporate and Airbus China Make or Buy strategies
• Provide regular updates on budget consumption and/or changes per security assets to Corporate and relevant stakeholders

Internal & external collaboration

• On an operational perspective, coordinate with the relevant Division CISOs when necessary
• Engage in the Airbus CISO worldwide community
• Collaborate with Corporate and Divisional Digital Security stakeholders & communities to identify and strengthen worldwide synergies, in terms of Digital Security capabilities, including:
• 
  
• Enterprise security architecture ;
• Detection and response (incl. SOC and CERT) ; 
• Digital security evaluation and tests ; 
• Risk, vulnerability and critical asset management ; 
• Cybersecurity innovation and scouting ;
• Digital security office (project management & competencies development)
• Collaborate with local IM, Industrial, Products & Services and People & Workplace representatives, where relevant on the following topics:
• Share local Digital Security constraints, challenges, opportunities, best practices and needs with peers
• 
  
• Manage external communication and engage with internal Airbus teams and employees on Digital Security topics in CHINA
• Enhance Airbus Digital Security footprint by the means of publications, presentations, external engagements, etc… in CHINA
• Influence lobbies and contribute to drafting new national regulations and standards which can have an impact on Airbus Digital Security matters
• Collaborate with relevant Airbus Regions & Countries on Digital Security topics
• Collaborate with the Corporate Security Awareness team to provide support for Security Awareness activities and communications in CHINA, as required

Human resources, talents & competences

• Facilitate the recruitment of Digital Security profiles, in line with the local, affiliate and corporate recruitment plans, and inform relevant stakeholders on the headcount and recruitment status
• Report on Corporate security objectives achievements to Corporate CISO during annual review meeting
• Report to Corporate and relevant stakeholders on local attractiveness & retention, competence & development, diversity & inclusion issues and recommendations
• Adapt, tailor and execute locally the Corporate attractiveness & retention plan, the competence & development plan and the diversity & inclusion plan and provide feedback on local specificities

Knowledge

• Master's Degree in Information Security or equivalent experience
• English: Excellent communication
• French, German and/or Spanish is a plus

Experience

• +10 year of experience in management role
• +10 year of experience in cybersecurity
• Aerospace and Defense background is a plus

Leadership skills

• Stakeholder Management
• Planning and Strategic Management
• Organization, Resources (headcounts and budget)  Management
• Communication and presentation skills

Technical skills

Solid background is required in : 

• Cybersecurity Risk management (assessment methods, risk treatment options)
• Project Management, Processes, Method and tools
• Security awareness & communication
• Cybersecurity audit 
• Cybersecurity standards and applicable regulations

National accreditations (or eligibility) are a plus.