Regional Cybersecurity Officer

Mission

In charge of Cybersecurity of the Asia (excluding China) region: Japan, Korea, Thailand, Malaysia, Indonesia and India (~16,000 users, 3.4 BEUR sales)

➔ Act as the Cybersecurity point of contact for the region

➔ Functionally manage an international team of 5 Sites Cybersecurity Officers spread across the region

➔ Deploy the Valeo ISSP (Information Systems Security Policy) within the region, assess and improve the level of Cybersecurity of the different sites

➔ Coordinate the Cybersecurity incidents in the region

➔ Provide reporting of the region

➔ Contribute to the evolution of the Valeo ISSP (Information Systems Security Policy) and some Group Cybersecurity programs.

➔ Upon request, act as Group CISO (Chief Information Security Officer) delegate to perform some specific missions

➔ Regularly travel within the region to meet your team, key stakeholders, and ensure that the ISSP is properly applied.

Reporting line:

Hierarchical: Asia Information Systems Director

Functional: Group CISO (Chief Information Security Officer)

Responsibilities :

Accountability

➔ Act as the Cybersecurity point of contact for the region

• For the Group CISO (Chief Information Security Officer) and the Cybersecurity organization
• For the legal representatives
• For the customers
• For the partners and suppliers

➔ Functionally manage the Sites Cybersecurity Officers

• Organize and lead the regular Cybersecurity meetings with the Sites Cybersecurity Officers of the region
• Relay the Cybersecurity communications and actions to the Sites Cybersecurity Officers of the region
• Coordinate the translations performed by the Sites Cybersecurity Officers regarding the Cybersecurity communications, eLearning, TIPs

➔ Deploy the Valeo ISSP (Information Systems Security Policy) within the region, assess and improve the level of Cybersecurity of the different sites

• Disseminate Group standards, rules and best practices to the Sites Cybersecurity Officers
• Control and validate the Valeo ISSP compliance for all the sites of the region. If mandated by the Group CISO, act as delegate to provide exemptions. Alert Sites Cybersecurity Officers/Group CISO in case of deviation.
• Manage the Cybersecurity action plans of the region.

➔ Coordinate the Cybersecurity incidents in the region

• Ensure capitalization within the region following Cybersecurity events and incidents

➔ Provide reporting of the region

• Provide regular and on-demand reporting to the Group
• Follow and report the OEMs Cybersecurity requirements of the region

➔ Contribute to the evolution of the Valeo ISSP (Information Systems Security Policy) and some Group Cybersecurity programs

➔ Upon request, act as Group CISO (Chief Information Security Officer) delegate to perform some specific missions

Responsibility

➔ Act as the Cybersecurity point of contact for the region

• Participate to the external security assessments (customer mandated audit) and act as delegate of Group CISO.

➔ Functionally manage the Sites Cybersecurity Officers

• Develop knowledge of the Sites Cybersecurity Officers
• Manage their training.

➔ Deploy the Valeo ISSP (Information Systems Security Policy) within the region, assess and improve the level of Cybersecurity of the different sites

• Define and follow improvement plans with the Sites Cybersecurity Officers
• Perform or control, by Group CISO delegation, risk assessments for, but not limited to, projects, sites, third parties.

➔ Coordinate the Cybersecurity incidents in the region

• Ensure that all non-compliances, abnormal Cybersecurity events, and Cybersecurity incidents are raised by the Sites Cybersecurity Officers.
• Ensure swift resolution of Cybersecurity incidents with the Sites Cybersecurity Officers and the Group CIRT (Cybersecurity Incident Response Team).

➔ Provide the reporting of the region

• Inform the Continental IS Director(s) of the region for all aspects related to Cybersecurity non-classified as 'Secret'.
• Request the authorization to have an exemption to the Valeo ISSP whenever it is mandatory to fulfill a law/regulation linked to the region activity.

➔ Others

• Upon request, act as Group CISO delegate to perform some specific missions
• Act as internal Cybersecurity risk auditor for the other regions.

Contribution

➔ Contribute to the evolution of the Valeo ISSP (Information Systems Security Policy) and some Group Cybersecurity programs

• Contribute to Group Cybersecurity programs
• Propose, to Group CISO, initiatives to improve:
• Cybersecurity of the region
• Valeo ISSP, Group standards and rules
• Cybersecurity KPIs

Experience Required :

• Above 10 years of relevant experience in Cybersecurity
• Worked in an international company in a multicultural environment.
• Knowledge and experience linked to Cybersecurity standards (ISO 2700x, NIST, NIS…)
• Knowledge and experience in technical topics such as malware, patch management, firewalling…
• Other infrastructure / network / system / database / application experience
• International team management experience
• International stakeholder management experience
• Cybersecurity Incident management experience