Chief Information Security Officer

Profile

Job Description
Company Description Veolia Group aims to be the benchmark company for ecological transformation. With nearly 220,000 employees worldwide, the Group designs and provides game-changing solutions that are both useful and practical for water, waste and energy management. Through its three complementary business activities, Veolia helps to develop access to resources, preserve available resources and replenish them. In 2021, the Veolia group provided 79 million inhabitants with drinking water and 61 million with sanitation, produced nearly 48 million megawatt hours and recovered 48 million tons of waste. Veolia Environnement (Paris Euronext: VIE) achieved consolidated revenue of 28,508 billion euros in 2021.   ****Job Description Implement and maintain information security management system within the organization. Provide advisory role, support, information, training and alert to other departments. 
Maintains an inventory of all important information assets
Evaluates risks, threats and consequences, establishes the prevention plan
Propose, reviews and updates a set of information security documentation (information security policy, risk assessment methodology, statement of applicability, etc.)
Performs risk assessment for activities to be outsourced. Defines security clauses that must be part of agreements
Communicates the benefits of information security. Propose information security objectives, improvements and corrective actions. Propose budget and other required resources for protecting the information assets
Cooperates with the HR department on training and awareness plans for information security. Performs continuous activities related to awareness raising and induction training on security topics for new employees
Coordinates response to security incidents. Prepares evidence for legal action following an incident. Analyze incidents in order to prevent their recurrence
Coordinates the business impact analysis process and the creation of response plans. Coordinates response plan testing and performs post-incident review of the recovery plans
Approves methods for the protection of mobile devices, computer networks and other communication channels. Propose authentication methods, password policy, encryption methods, etc. Defines principles for secure development of information systems
Coordinates all efforts related to personal data protection
Remains in continuous contact with authorities and special interest groups
Qualifications Education / Experience / Background
Bachelor’s Degree in Information Systems Management, Security Engineering, Computer Science, or related field
Master’s degree preferred
10 years information technology experience focusing in information security/cybersecurity
Proven track record and experience developing information security strategy and programs, including successful implementation in large, multinational enterprises in the manufacturing industry
Knowledge / Skills / Abilities
Being able to implement tools in order to raise users' awareness on IT risk (face-to-face meetings, emails of alert, brochures & posters ...)
To understand the applicable safety policies and implement them on his entity in association with the network operational teams
Understand the applicable safety policies and implement them on his entity in association with the operational server and datacenter teams
Understand the applicable safety policies and implement them on his entity in association with the workstation operational teams
Understand the applicable safety policies and implement them on his entity in association with development teams. To know the OWASP referential
Understand and implement the monitoring safety tools such as scanner (application and technical), SIEM, malware detection tools…
Understand and implement tools and methods allowing to exploit the IT vulnerabilities (e.g. Metasploit)
Understand and implement tools and methods allowing to manage the safety incidents (method & technical)
Know the main standards of the domain (ISO27001, ISAE3402) and be able implement them
Ability to act with precision and accuracy
Ability to work with several teams no hierarchical link
Analytical Mind
Ability to collaborate constructively
Ability to lead large meetings 
Required Certification / Licenses / Training
Professional security management certification preferred; Certified Information Systems Security Professional (CISS), Certified Information Security Manager (CISM) 
Additional Information Veolia offers the most complete range of environmental solutions to meet the challenges of cities, governments, campuses, businesses and industries. Our network of talent and hands-on know-how is unique and unrivaled. 
We help our customers address their environmental and sustainability challenges in energy, water and waste. That means improving our clients' energy efficiency, better managing their water and wastewater, and recovering resources from their wastes. We do this in a safe, cost-effective and innovative manner for more than 550 communities and more than 30,000 businesses, campuses and organizations throughout North America.  
As an inclusive company, Veolia is committed to diversity and gives equal consideration to all applications, without discrimination.
We are an Equal Opportunity Employer! All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.
Apply

Company info

Sign Up Now - 100KCrossing.com