Westhouse is a leading recruitment company that operates globally in the field of personnel selection, placement and project management.
For our client we are currently looking for a
Chief Information Security Officer (m/f) - Lyon
>Your professional profile includes:
• A Master's Degree or equivalent.
• Minimum 10 years of experience in IT.
• Being an international team player working across countries with multiple functions and at the global level.
• Strategic leader and builder of both vision and bridges, and able to energize the appropriate teams in the organization.
• Extensive knowledge of Security Management and Frameworks (such as ISO/IEC 27001, ITIL, COBIT, NIST)
• Security certifications
• Extensive knowledge in Risk Management.
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from board members to technical specialists. Excellenet stakeholder management skills.
• Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic business environment.
• Fluent in English. French and other additional languages is a plus.
As Corporate Information Security Officer (CISO) you will be responsible for establishing, promoting and maintaining the information security program to ensure that information assets and associated technology, applications, systems, infrastructure and processes are adequately protected in the digital ecosystem in which the company operates. Reporting to the Deputy CIO, you will be responsible for identifying, evaluating and reporting on cyber-security risks to information assets, while supporting and advancing company strategy.
>Information Security Strategy and Governance
• Set Corporate Information Security Strategy in line with Deputy CIO and company Business strategy
• Define, implement and maintain Corporate Information Security Program policies and guidelines
• Define and maintain Enterprise Information Security Architecture in line with Enterprise Risks, Information Security Risks and Private Data Protection requirements
>Information Technology (IT) Crisis Management
• Define organizational and political framework around IT Crisis Management in line with Global Crisis Management
• Govern IT Crisis Management plan definition, implementation and training
• Provide guidance on IT disaster recovery strategy in alignment with the identified IT risks
>IT Audit Management
• Participate in definition of audit scope and organize internal IT audits
• Responsible to organize financial audit activities on the IT scope
• Define and follow up implementation of audit recommendations
>IT Risk Management
• Define organization and framework around IT Risk Management in line with the Enterprise Risk Management
• Animate and report IT risk management activities
>Information Security Operation
• Manage ISMS (Information Security Management System) for Global Data Center and all remote locations
• Define framework for IT/OT in line with identified IT risks
• Manage security framework and controls for outsourcing providers
• Define and deploy awareness training to IM&T and User community
• Advise and provide guidance for security investigations and forensics activities
• Mandate regular security reviews and participate in governance committees for decisions regarding internal and external security audits
• Supervise governance for DR test planning and execution
>Lead the Organization
• Manage a cost-efficient information security organization. This includes hiring (and conducting background checks), training, staff development, performance management.
We look forward to receiving your application documents in electronic form.