Manager IT

client of Emploi Patner

Define and promote the Cyber Security governance of the entity.

Implement and manage a Cyber Security governance that aligns with the strategic priorities of the entity and the IT governance of the Group; which sets Cyber Security operational objectives and makes decisions, and finally which ensures the adherence and mandate of the main Cyber Security stakeholders of the entity.

Decline the Cyber Security reference framework of the group within the entity (policies, requirements, indicators and control plan) and integrate the specific business and regulatory requirements related to the entity.

Play a role of advice, information, training and alert to the entity's management.

Conduct Cyber Security projects at the entity level and provide expertise to the entity's IT teams and projects.

Implement projects to improve and strengthen the Cyber Security level of the entity, in accordance with the Group's objectives and the requirements of the regulators.

Implement monitoring and surveillance to anticipate Cyber Security risks related to the technologies used within the entity.

Ensure that security is integrated into the entity's project management process by providing the appropriate information security policies and practices.

Collaborate with the entity's purchasing and legal department to ensure that information security requirements are included in contracts with third parties.

Assist and manage Cyber crises

Ensure the response to Cyber incidents in connection with the Group CSIRT.

Coordinate interventions in the event of Cyber Security incidents and crises and ensure that the entity's essential services are restored.

Develop and monitor post-incident action plans.

Conduct and supervise the security of customer data, data and IT assets of the entity

Intervene with the entity's IT teams (developers, administrators, users, etc.) and on IT production in order to secure customer data, data and IT assets of the entity both at the technical and organizational level.

Provide Cyber Security expertise and support to the entity's IT teams and IT production.

Carry out internal controls with IT production and suppliers to ensure that security measures are taken and applied correctly and that the entity's customer data and its sensitive IT assets are protected.

Report on the Cyber Security of the entity

Report to the DSI of the entity, and where applicable to the Group DSI and the Group RSSI, on the progress of the implementation of the Group Cyber Security program in the entity.

Ensure a Cyber Security risk management of the entity, a regular monitoring of these risks with their stakeholders (Business, IT teams, IT production or other Third parties) and a reporting to the Management and control functions of the entity.

Collect the Cyber Security costs of the entity, monitor the deviations and provide a consolidated view of the Cyber Security budget at the Group level.

Communicate to the Group the entity's responses to regulators' requests on Cyber Security issues.

Set up a network around Cyber Security and communicate the vision

Organize committees with the IT risk managers of the entity and participate in the regular committees organized by the Group RSSI.

Create the internal networks necessary between the IT security teams, the business managers, the control functions (Compliance, RISK, General Inspection) and the HR management teams to ensure the necessary alignment.

Liaise with external organizations, such as law enforcement agencies and other advisory bodies, as needed, to ensure that the entity maintains a strong security posture and is well aware of the threats identified by these organizations.

Be in contact with external peers to address common trends, findings and risks in Cyber Security.

Implement a targeted information security awareness and training program for all employees of the entity and more particularly for the IT sector and business lines.