✓ Maintain the client Application/Systems Perimeter at an adequate level in compliance with the Group standards on Information Security
✓ Provide Security guidance (technical architecture review, security risk analysis, DPIA etc.) and assist the Business, the DPO and IT correspondents throughout projects
✓ Ensure the Business adheres to security recommendations when contracting external providers and establishing Service Level Agreements
✓ Ensure the Business’ current and future applications adhere to the Group standards risk-oriented approach.
Ensure the client and all internal suppliers properly implement follow-up actions to perpetually improve Network Security
✓ Integrate security into projects’ development and life cycle to improve and optimize the Security Policy
✓ Contribute to furthering a vision and formalizing a policy to address Cloud Security.
✓ Ensure project, infrastructure, application, and 3rd party risks are systematically & appropriately tested
✓ Ensure Operational Security by implementing IT processes, upgrading existing processes and documenting both
✓ Ensure the client Security Policy (technical and 3rd parties) fully complies with the Group Security Requirements
✓ Foster security as an inherent element to all Group initiatives and other OPCOs’ activities.
✓ Provide ongoing expertise and insights to the CSO to further the Security Strategy
✓ Contribute to enhancing and optimizing the efficiency of control activities by working hand-in-hand with all concerned stakeholders
✓ Assess, challenge and review vulnerabilities criticality to deliver risk-based insights useable by business stakeholders (DPO, workplace)
✓ Ensure implementation of follow-up of remediation actions post assessment
✓ Provide support to project and business stakeholders on deficiencies found and remediation to implement
✓ Bachelor’s degree in Computer Science, Engineering, or related field.
✓ Experience in information security > 5 years
✓ Information risk approach and risks analysis experience mandatory.
✓ Experience in advisory role on IT security for Business projects a plus.
✓ Experience in managing complex stakeholder relationships mandatory.
Technical and professional skills:
✓ Information Security and /or Information Technology industry certification (CISSP-ISSAP, CISM, ISO 27001 Lead Auditor, GIAC or equivalent) strongly preferred
Soft skills and competencies:
✓ Cross-cultural sensitivity, flexibility
✓ Organized with a proven ability to prioritize workload, meet deadlines, and use time effectively
✓ Strong interpersonal and communication skills; able to deal effectively with diverse skill sets and personalities, work effectively as a team player
✓ Able to explain security challenges and recommendations to non-IT stakeholders
✓ Ability to function effectively in a matrix structure
✓ Proven facilitation, negotiation and conflict resolution skills
✓ Strong analytical skills
✓ Applying analytical rigor to understanding complex business scenarios
✓ Fluent in English
Assistance Technique (Facturation avec un taux journalier)