Group Chief Information Security Officer

REPORTING: Hierarchical to Group CIO,                                                                                                   

MAIN DESCRIPTION:

Group Chief Information Security Officer’s main mission is to protect Vallourec's digital assets, being responsible of the group's information security policies and their implementation.

The Group CISO owns the process of all assurance activities related to the availability, integrity and confidentiality of group information covering the complete scope of information managed by Vallourec, i.e. information & data from customer, partners, employees and any operational or support function.

This is a key role in Vallourec transformation, ensuring both the performance of our operations (Industrial assets & operations) as well as our innovation roadmap (Cloud & data services).

Group CISO's is working with Vallourec Risk department and management from regions & transversal functions to determine acceptable levels of risk. CISO directly manages IT & Digital security strategy, operational roadmaps and is responsible for establishing and maintaining a corporate-wide information security management program and its associated budget.

CISOs need to be part of the global cybersecurity community that monitors and explores these sources and their efforts. Sharing experience and knowledge with other security experts lightens the burden on individual CISOs — and can deliver advance warnings with regard to current and future threats.

 

MAIN RESPONSIBILITIES:

  • Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program. More specifically this covers Mill Security Program and Cloud Security Program.
  • Work directly with regions and corporate functions to facilitate risk assessment and risk management processes
  • Develop and enhance an information security management framework
  • Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services
  • Provide leadership to the enterprise's information security organization
  • Partner with Vallourec stakeholders across the company to raise awareness of risk management concerns (HR, Risk Management, Sourcing, etc...)
  • Assist with the overall IT & Digital strategic planning, providing a current knowledge and future vision of technology and systems with a focus ou our Digital Program (including could transformation).

 

MAIN ACTIVITIES & PRIORITIES

1. Develop Enterprise wide Security Programs

  • Direct and approve the design of security systems (in accordance with ISO 27002);
  • Ensure that disaster recovery and business continuity plans are in place and tested;
  • Review and approve security policies, controls and cyber incident response planning;
  • Approve identity and access policies;
  • Oversee identity and access management;
  • Constantly update the cyber security strategy to leverage new technology and threat information;
  • Manage IT security budgets and investment programs.

 

2. Identify, Report and Control Incidents

  • Review investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities;
  • Manage directly crisis cells of critical incidents;
  • Ensure communication and proper treatment of local non critical incidents.

 

3. Manage and Train Security Staff

  • Provide training and mentoring to security team members;
  • Manage contractors and vendors involved in IT security, which may include hiring;
  • Functional management of Local Security Officer (LSO) in the regions. Operational follow-up, target settings, yearly evaluation, training plans.

 

4. Risk Management, threat Monitoring and Preventive Measures

  • Monitor Cyber risks (including IT department risks) on all dimensions (legal compliance, incidents monitoring, audit plans, operational security, compliance of infrastructures, for the complete scope of the group with regional teams.
  • Schedule periodic security audits;
  • Maintain a current understanding the IT threat landscape for the industry;
  • Translate that knowledge to identification of risks and actionable plans to protect the business;
  • Brief the executive team on status and risks, including taking the role of champion for the overall strategy and necessary budget;
  • Ensure compliance with the changing laws and applicable regulations (GDPR, …)
  • Join External auditors for yearly closing audits

 

5. Communicate Continuously

  • Communicate best practices and risks to all parts of the group, outside IT.
  • Make sure that cyber security policies and procedures are communicated to all personnel and that compliance is enforced;
  • Define and implement awareness trainings toward all users;

 

 

SKILLS AND EXPERIENCE:

  • Degree in business administration or a technology-related field required.
  • Professional security management certification
  • Minimum of eight to 12 years of experience in a combination of risk management, information security and IT jobs
  • Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST.
  • Excellent written and verbal communication skills and high level of personal integrity
  • Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams
  • Experience with contract and vendor negotiations and management including managed services.
  • Specific experience in Agile (scaled) software development or other best in class development practices.
  • Experience with Cloud computing/Elastic computing across virtualized environments.

Pour postuler à cette annonce, merci de contacter samantha.lachaize@vallourec.com

Pour obtenir plus d'informations sur ce poste, contacter Mahmoud DENFER https://www.linkedin.com/in/mahmouddenfer/  en MP