Regional Cybersecurity Officer

Mission

In charge of Cybersecurity of one or several countries or one subsidiary ('Region'):

➔ Act as the Cybersecurity point of contact for the 'Region'

➔ Functionally manage the Sites Cybersecurity Officers

➔ Deploy the Valeo ISSP (Information Systems Security Policy) within the 'Region', assess and improve

the level of Cybersecurity of the different sites

➔ Coordinate the Cybersecurity incidents in the 'Region'

➔ Provide reporting of the 'Region'

➔ Contribute to the evolution of the Valeo ISSP (Information Systems Security Policy) and some Group

Cybersecurity programs.

➔ Upon request, act as Group CISO (Chief Information Security Officer) delegate to perform some specific

Responsibilities :

Accountability

● Act as the Cybersecurity point of contact for the 'Region'

○ For the Group CISO (Chief Information Security Officer) and the Cybersecurity organization

○ For the legal representatives

○ For the customers

○ For the partners and suppliers

● Functionally manage the Sites Cybersecurity Officers

○ Organize and lead the regular Cybersecurity meetings with the Sites Cybersecurity Officers of

the 'Region'

○ Relay the Cybersecurity communications and actions to the Sites Cybersecurity Officers of the

'Region'

○ Coordinate the translations performed by the Sites Cybersecurity Officers regarding the

Cybersecurity communications, eLearning, TIPs...

● Deploy the Valeo ISSP (Information Systems Security Policy) within the 'Region', assess and improve

the level of Cybersecurity of the different sites

○ Disseminate Group standards, rules and best practices to the Sites Cybersecurity Officers

○ Control and validate the Valeo ISSP compliance for all the sites of the 'Region'. If mandated by

the Group CISO, act as delegate to provide exemptions. Alert Sites Cybersecurity

Officers/Group CISO in case of deviation

○ Manage the Cybersecurity action plans of the 'Region'

● Coordinate the Cybersecurity incidents in the 'Region'

○ Ensure capitalization within the 'Region' following Cybersecurity events and incidents

● Provide reporting of the 'Region'

○ Provide regular and on-demand reporting to the Group

○ Follow and report the OEMs Cybersecurity requirements of the 'Region'

● Contribute to the evolution of the Valeo ISSP (Information Systems Security Policy) and some Group

Cybersecurity programs

● Upon request, act as Group CISO (Chief Information Security Officer) delegate to perform some specific

missions

Responsibility

● Act as the Cybersecurity point of contact for the 'Region'

○ Participate to the external security assessments (customer mandated audit) and act as delegate

of Group CISO

● Functionally manage the Sites Cybersecurity Officers

○ Develop knowledge of the Sites Cybersecurity Officers

○ Manage their training

● Deploy the Valeo ISSP (Information Systems Security Policy) within the 'Region', assess and improve

the level of Cybersecurity of the different sites

○ Define and follow improvement plans with the Sites Cybersecurity Officers

○ Perform or control, by Group CISO delegation, risk assessments for, but not limited to, projects,

sites, third parties

● Coordinate the Cybersecurity incidents in the 'Region'

○ Ensure that all non-compliances, abnormal Cybersecurity events, and Cybersecurity incidents

are raised by the Sites Cybersecurity Officers

○ Ensure swift resolution of Cybersecurity incidents with the Sites Cybersecurity Officers and the

Group CIRT (Cybersecurity Incident Response Team)

● Provide the reporting of the 'Region'

○ Inform the Continental IS Director(s) of the 'Region' for all aspects related to Cybersecurity

non-classified as 'Secret'

○ Request the authorization to have an exemption to the Valeo ISSP whenever it is mandatory to

fulfill a law/regulation linked to the 'Region' activity

● Others

○ Upon request, act as Group CISO delegate to perform some specific missions

○ Act as internal Cybersecurity risk auditor for the other 'Regions'

Contribution

● Contribute to the evolution of the Valeo ISSP (Information Systems Security Policy) and some Group

Cybersecurity programs

○ Contribute to Group Cybersecurity programs

○ Propose, to Group CISO, initiatives to improve:

■ Cybersecurity of the 'Region'

■ Valeo ISSP, Group standards and rules

■ Cybersecurity KPIs

Experience Required :

● Above 10 years of relevant experience in Cybersecurity

● Worked in an international company in a multicultural environment.

● Knowledge and experience linked to Cybersecurity standards (ISO 2700x, NIST, NIS…)

● Knowledge and experience in technical topics such as malware, patch management, firewalling…

● Other infrastructure / network / system / database / application experience

● Team management experience

---