- Company Name
- Upward
- Job Title
- CISO Groupe (H/F)
- Job Description
-
**Job Title**
Group Chief Information Security Officer (CISO)
**Role Summary**
Lead the development and execution of the group’s information security strategy, ensuring governance, risk management, compliance, and operational security across all IT, cloud, and application environments. Interface directly with executive leadership, IT, risk, legal, and operational teams to embed security into the organization’s transformation roadmap.
**Expectations**
- Deliver a secured, compliant, and resilient ICT environment that supports the group’s public‑service mission.
- Raise the security maturity level by implementing best‑practice frameworks and measurable KPIs.
- Serve as the primary liaison for external audits, regulatory bodies, and strategic partnerships.
**Key Responsibilities**
1. **Governance & Compliance** – Define, implement, and update security policies, standards, and procedures (including PSSI); oversee regulatory compliance (GDPR, DORA, Solvency II, etc.).
2. **Risk Management** – Conduct risk assessments (EBIOS‑RM, ISO 27005, MEHARI), maintain risk register, and coordinate remediation plans with stakeholders.
3. **Security Operations** – Ensure the logical and physical protection of networks, servers, cloud services, endpoints, and applications; coordinate incident response with the SOC.
4. **Project Security** – Provide security reviews, risk acceptances, and security documentation for all IT transformation initiatives.
5. **Audit & Testing** – Lead internal/external audits, penetration tests, and vulnerability assessments; manage remediation follow‑ups.
6. **Metrics & Reporting** – Establish and monitor KPIs/KRIs, report security posture to the Executive Committee and senior management.
7. **Budget Management** – Track security budget, ROI, and resource allocation.
8. **Culture & Awareness** – Design and deliver security awareness campaigns tailored to IT, business, and executive audiences.
9. **External Interaction** – Represent the group in tenders, external partnerships, and regulatory discussions.
**Required Skills**
- Deep knowledge of network, system, application, cloud (Azure/AWS/GCP), and SaaS security.
- Proficiency in risk assessment methodologies and frameworks (EBIOS‑RM, ISO 27005, MEHARI).
- Strong understanding of cyber‑compliance regimes (GDPR, DORA, Solvency II).
- Experience coordinating cross‑functional security initiatives and managing projects.
- Excellent communication and influence skills, capable of simplifying technical concepts for non‑technical stakeholders.
- Leadership, confidentiality, ethical judgement, and rigor in decision‑making.
**Required Education & Certifications**
- Bachelor’s or Master’s degree in engineering, computer science, IT, or equivalent professional pathway.
- Minimum 5 years of experience in cybersecurity within heavily regulated environments.
- Preferable certifications: CISSP, CISM, CISA, CRISC, ISO 27001 Lead Implementer, or equivalent.