Cyber security Manager

Job Summary:

We are seeking an experienced IT Infrastructure Risk Officer and Security Operations Manager to join our team. In this role, you will be responsible for implementing and overseeing controls related to information system security (ISS) within our company's functional scope. You will ensure compliance with Group policies and security standards, perform security assessments, contribute to security audits, and communicate effectively with various stakeholders. Additionally, you will play a vital role in developing and maintaining the IT skills of our employees, participating in ISS events, and actively contributing to the overall IT function and security community within our organization.

Responsibilities:

Manage IT risk and IT compliance\: 

o   Contribute to the drafting of Group policies / standards on the ISS in relation to its functional scope; if necessary, define and maintain up-to-date local procedures / best practices to meet the specificities of its department; 

o   Participate in the definition of the strategy and roadmap of the ISS for its functional scope, in collaboration with the RSSI GTS and the ISS function;

o   Define and validate the roadmaps for implementing IT risk treatment plans (application of standards, implementation of controls, etc.), ensuring that the relevant teams obtain funding and commitment.

o   Contribute to the updating of permanent control policies (update of the library of normative controls, etc.)

Plan\: 

o   Contribute to Security Projects initiated directly by and for its reporting department;

o   Support the deployment of security projects initiated by the Group and/or GTS within its operating scope as a relay and participate in the governance of these projects;

o   In general, acting as a security expert to advise on projects deployed within its projected department

o   Assess and manage IT risk treatment in all new projects or infrastructure within its scope (integration of security into projects, security by design processes);

o   Enforce Group policies / standards and/or procedures / good security practices within its projected department;

o   Validate and monitor exceptions, RAF, etc.;

o   Lead the resolution of security incidents and contribute to the post-mortem investigation of security incidents;

o   Lead the remediation of critical vulnerabilities in coordination with technical teams, SOC and CERT;

o   Maintain up-to-date IT security risk assessment of products/services/infrastructure within its functional scope 

o   Monitor and coordinate the timely closure of audit recommendations (internal / regulators), where appropriate intervene in support of operational teams.

Controls\: 

o   Rely on the controls team for the implementation of controls relating to the ISS within its functional scope (operational controls, managerial controls, mitigant risk description, NIST, etc.) and follow the associated remediation plans; 

o   Perform regular security assessments of the most critical infrastructure in accordance with Group policies and security standards (pentest, review of high-privilege accounts, hardening, USF, etc.), and produce the resulting analysis reports;

o   Contribute to security audits (internal audit / regulators) within its scope.

Communicate\: 

o   Communicate regularly on the IT risks of its scope and on the mitigation plans;

o   Communicate the status of security audits (internal audit / regulators) as well as the plans for dealing with recommendations;

o   Communicate on its activities (definition of relevant KPIs/KRIs) and on security alert points;

o   In the event of the detection of a security anomaly on its functional scope, exercise a duty of alert as soon as possible vis-à-vis the RSSI GTS and its hierarchy;

o   Raise to its projected department any changes in Group policies / standards or decisions by the ISS function in relation to the activities of its functional scope.

Qualifications:

1. Bachelor's degree in computer science, information technology, or a related field. Relevant certifications (e.g., CISSP, CISM, CRISC) are preferred.

2. Proven experience in information system security management, risk assessment, and security operations.

3. Strong knowledge of security controls, regulatory requirements, and industry best practices.

4. Familiarity with NIST standards or equivalent and PEN test tools

5. Excellent communication skills, including the ability to communicate complex security concepts to both technical and non-technical stakeholders.

6. Strong analytical and problem-solving abilities.

7. Proactive approach to identifying and mitigating security risks.

8. Ability to work collaboratively in a team environment and contribute to a positive work culture.

9. Strong organizational and project management skills, with the ability to prioritize and multitask effectively.

10. Up-to-date knowledge of emerging security threats and trends.