Référence offre : SLCISO18
Lieu : Paris - 1er arrondissement
Catégorie entreprise : Retail Luxe
Our client is a world leader company in retail.
Our customer is looking for a talented Chief Information Security Officer to join its teams and participate in this ongoing effort to transform the way technologies are used within the Group.
Reporting to the Architecture, Security & Technologies Director, you are responsible for the overall organizational security strategy, security program oversight and security architecture development for the organization.
You are an information security leader with a background in security architecture or engineering. You have extensive experience in developing and implementing complex security programs that reduce operational risk.
As our Chief Information Security Officer, you will be tasked with developing and managing a world-class, forward-looking infrastructure and application security program from the ground up. You will plan, develop and manage policies and practices at a global level to ensure our customer remains in compliance and maintains a high security standard.
How you will contribute
IT Security Program
- Develop, implement and monitor a strategic, comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy and recovery of information assets
- Proactive and innovative approaches are investigated and implemented appropriately ensuring security program adequately safeguards the organization against advanced threats
- Provide leadership through strong working relationships and collaboration to develop strategic goals for information security compliance and risk mediation.
- Liaise with external agencies as necessary to ensure the organization maintains a strong security posture against relevant threats and advancing threat landscape.
- Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and to continuously increase the maturity of information security program
- Policies, Procedures, Standards, and Guidelines
- Lead and coordinate the development and maintenance of information systems security policies, procedures, standards, and guidelines, ensuring compliance with laws and regulations including with privacy laws such as the GDPR.
- Establish security framework and ensure policies, procedures, standards, processes and controls adhere to framework requirements
- Establish monitoring and assessment processes to ensure compliance and adherence to established security policies, procedures, and standards
Threat and Risk Management
- Ensures threat and vulnerability resources and technology are proactively monitoring 24X7 potential threats and vulnerabilities and protection controls are implemented timely and appropriately to safeguard and maintain business operations
- Identifies and assesses risks in implementing business innovations. Provides assessment of those risks to business stakeholders.
- Design and execute penetration tests and security audits.
- Support continuous monitoring activities, vulnerability scans, policy and procedure updates, configuration/incident management, and training.
- Coordinate response to security audit requests from participant organizations and institutions and ensures any identified remediation activities are implemented within committed timeframes
- · Creates a risk-based process for the assessment and mitigation of any information security risk associated but not limited to supply chain partners, vendors, customers, and other third parties
- Monitors compliance with the organization’s information security policies and procedures among employees, contractors, alliances, and other third parties.
- Facilitate and support the development of asset inventories, including information assets in cloud services and other parties included as part of the organization’s technology environment
Communications, Training, and Outreach
- Oversee the development and implementation of training programs and communications to make systems, network, and data users aware of and understand security policies and procedures.
- Work with legal, risk and compliance staff to ensure all information owned, collected, and controlled by or on behalf of the company is processed and stored in accordance with applicable laws and other regulatory requirements
Data Protection and Privacy
- Collaborate and liaise with our client Global Privacy Officer in order :
- to coordinate our GDPR roadmap from the IT perspective
- to ensure appropriate technical and organizational measures are implemented both internally and externally by our service providers program
- to manage data protection breaches
- to support implementation of privacy and security by design
Research and Analysis
- Lead or conduct special projects or studies related to information systems security.
- Stay well-informed of best practices in the IT security field including from a data protection perspective, coordinate and/or evaluates new and emerging security practices and technologies, and recommends and promotes adoption as appropriate.
- Provides expert advice related to information and systems security to CIO and other executives and serves as an internal consulting resource on information security issues.
- Computer Science / Information Technology Degree or equivalent
- 5/8 years of current experience directly related to the responsibilities of the role.
- Broad knowledge of computer security issues, requirements, and trends.
- Knowledge of data protection key concepts (e.g. GDPR) and ability to assess data protection risks (CIPT would be a plus)
- Understanding of key business processes in Retail and Luxury
- Strong interpersonal and communication skills (both written and oral) plus the ability to achieve goals through influence, collaboration and cooperation.
- Demonstrated ability to work effectively with an array of constituencies in a community that is both demographically and technologically diverse.
- Skill in developing policy and procedure in a complex, decentralized, and mission-oriented environment.