Contrôleur Interne

Contrôleur interne

KEY EXPECTED RESULTS

PERFORMANCE MEASUREMENT
1 The organization and projects meet the requirements of security and personal data protection (GDPR Act.)

NB of vulnerabilities observed, security problems encountered, relevance of security solutions implemented

2 The scope is controlled and under control, Webb(website invenotry) is up to date, the middleware implemented is compliant and the systems are well referenced, The necessary KPIs are implemented and monitored on a very regular basis

3 Internal control process is applied by operationals (ISO Standards) Rate of self-assessments performed by operationals

4 Internal control testing is performed on ISO27K Standards

• Rate of test activity
• Rate of coverage of noncompliant points by corrective action plans.
• Number of External auditors' deficiencies not covered by Internal controls

5 Non conformities are followed-up until closure

Rate of corrective action plans resolved during the year.

MAIN ACTIVITIES
By following the internal control process and the guidelines of the DSSI for digital activities

• Identifies evolution of critical assets and local points of contacts.
• Contributes to Internal Control Plan and evolutions of Internal Control methods.
• Select controls, facilitates selfassessments, have evidences gathered
• Lead internal control tests and action plans elaboration, in particular those related to Information Systems cybersecurity
• Is the interface of auditors (internal, external).
• Work with the business to promote a culture of Risk awareness and control and to ensure consistency of practice and approach.
• Ensure the implementation of good security practices by dev/indus/test/operation teams, including in devops mode.
• Ensure regular reviews of user accounts on the scope of consolidation to ensure a good level of security
• Ensure regular reviews to ensure that the observed scope is compliant and that there is no shadow IT, identify the possible shadow IT.
• Verifies project security architectures in conjunction with the DSSI and group security teams.
• Controls the security level of dev/indus/test/prod environments and compliance with security rules for multitenant cloud environments and outsourcing actions.
• Follows up progress of corrective action plans until closure.

Investigate non-conformities with the Webopteam Security Policy, procedures and rules and propose a preventive or corrective action plan

Strong Competencies/ Knowledge of following areas:

• Mastery of global enterprise level information systems with a cross-functional view
• Mastery of IT project management in Agile and devops mode (including CI/CD tools and DevSecOps approach)
• Knowledge in the industrialization of cloud environments ( IaaS / PaaS / SaaS)
• Knowledge of web architectures and security of multitenant cloud infrastructures
• Knowledge of the means and methods for securing accounts and access, particularly in a multitenant cloud environment
• Good communication skills
• Good adaptability (people, culture, technology)
• Ability to work in a multidisciplinary team with a transversal vision
• Riskbased approach
• Knowledge of some audit/certification requirements/processes (e.g. IS027000, ISAE3402, CEH, CHFI, CISA) English

---