Can be 5 years’ experience
Must be comfortable speaking English and French language.
This role is for our French project. The role will involve identifying, evaluating, and reporting on legal and regulatory, IT and cybersecurity risk to information assets, while supporting and advancing business objectives.
The Project is responsible for establishing and maintaining the information security programme to ensure that information assets, technology, applications, systems, infrastructure, and processes are adequately protected in the digital world we operate within.
While the focus and reporting line of this role is the French project, there will be matrix management by the Global Chief Information Security Officer.
Main duties/role and responsabilités
- Identify and evaluate the risks presented to information assets and ensure controls are in place in line with the company risk appetite.
- Retain current knowledge of the French legal and regulatory frameworks relating to civil nuclear and the associated controls required to protect information assets.
- Monitors the external threat environment for emerging threats and advises relevant stakeholders on the appropriate course of action.
- Provide regular reporting on the current state of the information security programme to senior business leaders and the Global CISO.
- Support the development and implementation of global security policies.
- Provides clear risk mitigation directives for projects with components in IT including the mandatory application of controls.
- Supports the development of effective disaster recovery policies and standards.
Attributes/ Experience required
- Demonstrated experience and success in risk management, information security and both information and operational technology.
- Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or other similar credentials.
- Knowledge of common information security management frameworks such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework.
- Sound knowledge of business management and a working knowledge of information security risk management and cybersecurity technologies.
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from board members to technical specialists.
- Excellent stakeholder management skills.
- Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
- Poise and ability to act calmly and competently in high-pressure, high-stress situations.
