Information Security Technical Officer

Job Description

Oversee regional operational security implementation activities for a defined scope, and ensure the correct implementation of Group policies across India, Middle East, and Africa transversely across our client’s entities and subsidiaries.

Mission:
The main tasks of the consultant responsible for the service mission will include:

Follow-up and assist on the implementation of cybersecurity policies, roadmaps, and projects within the scope.
Oversee the monitoring of security events, exceptions, and alerts in the region to detect and respond to potential threats, including supervision of the MSSP / IT providers (Kyndril, DXC, BT, Equinix…).
Work closely with cyber service lines to align security practices with the organization’s overall security strategy.
Relay all cybersecurity information updates towards IT activities.
Work with IT teams to incorporate security standards and best practices into the design and implementation of systems and networks within the scope.
Facilitate the creation and prioritization of appropriate remediation plans following vulnerability management initiatives.
Oversee the security assessments and penetration tests on systems and applications to follow up on remediation measures.
Provide technical security updates and reports to the Regional CISO on the security posture of the scope and ongoing security initiatives.
Identify and report risks related to the information system in connection with incidents.
Monitor risk reduction action plans.
Ensure appropriate measurements are in place for efficiency of the service provided towards other lines of defense.
Oversee the implementation of security technologies and tools within the region.
Maintain KPIs by cyber-Process for each brand (Ceva, Terminals, Shipping, Vessels, GBS, others…).
Technological environment:

Windows and Linux servers
Networks and telecommunications
O365 office environment
Collaborative tools and enterprise social networking (Yammer, Stream, Teams, SharePoint)
Required skills:

Expertise in information security and IT, particularly infrastructure and architecture.
Knowledge of ISO27X frameworks desired
Knowledge of the EBIOS framework desired
Knowledge of NIST standards
Knowledge of the OWASP framework
Strong analytical and synthesis skills to quickly understand the client company’s environment, organization, business, and challenges.
Ability to anticipate risks in a situation and have a strong sense of proposal.
Ability to argue proposals/studies to convince and generate buy-in.
Good listening and communication skills, with all types of interlocutors (technical or non-technical).
Fluent in English (French is a plus).
Expected deliverables:

Plan for monitoring policy and control implementation.
Improvement plan for control implementation and monitoring.
Dashboard of activity measurement elements.