Cybersecurity Director

The post in a nutshell:

The Cybersecurity Director is a senior executive responsible for defining the cybersecurity strategy in such a way as to meet the organization’s cybersecurity challenges and to comply with the regulations in force in the countries where the organization operates. He leads the cybersecurity sector and can manage a network of Information Systems Security Managers (RSSI) to cover the entire scope of the organization. It defines the strategic and managerial indicators to measure the level of maturity of the organization in terms of cybersecurity and reports to General Management and the Audit Committee.

Given the current challenges related to cybersecurity, the Cybersecurity Director holds a senior executive position and is called upon to sit on the management bodies of his organization. Reporting to a member of the Executive Committee is recommended. He must have a comprehensive understanding of the evolution of cybersecurity to keep the organization’s security strategy up to date.

Equivalent title: Director of Information Systems Security (DSSI)

Missions

Plan :

• Define the axes and strategic objectives in terms of cybersecurity and have them validated by General Management
• Identify security issues, major security risks weighing on the organization and legal and regulatory compliance requirements
• Define and maintain the IS security policy in collaboration with stakeholders
• Define the strategy for compliance with the legislative and regulatory framework; ensure relations with the players in its sector of activity around cybersecurity
• Define an annual or multi-year action plan
• Define an investment policy with regard to security objectives Define the organization of cybersecurity within the organization and lead it
• Define the organizational and technical measures to be implemented to achieve the security objectives
• Manage the implementation of the organization’s IT security charter and promote it to all users
• Contribute to responding to requests from customers and partners of the organization on security aspects

Animate:

• Animate the CISO network through security governance
• Provide implementation support by providing technical and methodological assistance as well as tools and security solutions, possibly through a catalog of services

Verify:

• Assess the level of security within the organization, in particular through the performance of periodic audits and permanent controls
• Check that IS security policies and rules are applied in the organization and vis-à-vis third parties and subcontractors (third parties)

Report:

• Report regularly to General Management on the current level of coverage of IS security risks
• Ensure an advisory role with the General Management and the business lines of the organization Represent the organization in relations with the regulatory authorities

Our advice: this position is open to women and men. Motivation and the desire to learn are the fundamental qualities for the success of your project. Don’t put a barrier on yourself, you can do it.

Skills

Know how

• Good knowledge of the organization’s challenges and professions
• Ability to build the organization’s cybersecurity strategy
• Ability to understand cybersecurity threats
• Knowledge of the information system and architecture principles
• Mastery of the fundamentals in the main areas of ISS Knowledge of security technologies and associated tools
• Risk management, cybersecurity policy and ISMS Legal knowledge of IT law related to IS security and data protection
• Knowledge of governance, norms and standards in the field of security: ISO standards (2700X), sector standards (PCI-DSS, etc.)

Abilities

• Leadership
• Ability to influence
• Sense of general interest
• Team management
• Ability to work cross-functionally within the organization
• Ability to appropriate business issues