Our client is a major rail player in Europe. Endowed with industrial capacities and large and stable financial, it finances and manages a major fleet of 440 locomotives in Europe.
Made up of over 70 employees from a wide variety of backgrounds and mastering around ten languages, our client's team is rich in the diversity of their profiles. Financiers, engineers, technicians, trainers, driving experts, but also sales representatives.
With a European vocation, our client is currently enjoying rapid growth, driven by new services, a controlled acquisition and external growth strategy and a diversified portfolio of clients.
To face its development and the growth of its activity on the one hand, and the needs of securing his information system on the other hand, our client is recruiting a manager of information systems security (RSSI), attached to the Chief Data and Process Officer (CDPO).
The RSSI is mainly responsible for:
- Define and implement the information systems security policy (PSSI). The RSSI will be the guarantor of the logical and physical security of the IS as a whole, that is to say of the availability, security, regulatory compliance and integrity of the IS and information assets of the Group.
- Define the architecture of the information system (including telecoms) in the short and medium term.
For the Security area, it ensures:
- Communication, awareness-raising and change management to the actors concerned by the Information Systems Security Policy (PSSI).
- Training and advice on the challenges of information systems security.
- Analysis of the risks of the security of information systems and management of corrective measures.
- The choice of security measures and the implementation plan.
- The interface with Project Managers, operations and external stakeholders.
- Carrying out audits and monitoring the application of PSSI rules.
- Awareness.
- Technological and regulatory watch.
- Technical validation of the Purchasing Security component.
For the IS technical architecture domain, he ensures:
- Analysis of the existing system (operating systems, hardware, software, networks).
- Construction of the IS mapping.
- The choice of new technologies while respecting different constraints (cost, time and security).
- The development of the solutions integration plan.
- Information and advice from management on the technological consequences and of the new IS.
Given the international context, the RSSI coordinates the SSI strategy with local correspondents of the different entities.
Dissemination, evolution and monitoring of the implementation of the PSSI:
- Guarantee the implementation of the policy within the group
- Ensure the dissemination and promotion of the policy to employees
- Keep the policy up to date according to the evolution of the IS and the regulations Information system security risk analysis:
- Evaluate the risks, threats and consequences for each project.
- Establish a prevention plan.
- Trigger and follow the preventive and corrective actions to be implemented to reduce the risks detected. In collaboration with the Project Director, security and project managers.
- Measure and provide periodic reporting to Management.
Audit and control of the application of security requirements:
- Control and ensure the correct application of the group's IS security rules.
- Collaborate with security correspondents at remote sites for the standardization of security level.
- Audit the vulnerabilities of the IS periodically.
- Trigger and animate crisis cells if necessary.
- Coordinate a security steering committee within the IT department.
- Audit and control the application of the security requirements of providers and suppliers.
Awareness, training and advice on IS security issues:
- Bring expertise to put the right level of security at all stages of IT projects
- Inform and educate users and General Management
- Participate in keeping the IT charter up to date and promoting it to users
Old technology :
- Ensure technological and regulatory watch to guarantee logical and physical security of the SI as a whole.
Technical architecture of information systems:
- Build the architecture within 1, 3 and 5 years of the Group's information system, under the constraint of business development and growth strategy.
IT purchasing:
- Ensure that purchases in the IT field or relating to the information system comply with the group's security policy.
- Ensure that the contracts include the clauses and mentions of the Group relating to security.
Experience in an equivalent position of at least 5 years is necessary
CISSP certification (or equivalent) would be a plus.
English imperative, German would be a plus.