IT & Cyber Security Director, Paris

The Group Internal Audit Department operates independently and reports to the Group Chief Executive Officer

• It provides an independent, systematic, disciplined approach to evaluate and improve risk management, control and governance processes for the Group's various strategic business units, business units and functions (e.g., Sales, Delivery, IT, Cybersecurity, Finance, Procurement, and HR)
• Is recognized as the catalyst for strengthening the organization's control performance
• The GIA team is composed of about 40 multilingual staff, headed by the Group CAO (Chief Audit Officer)

Responsibilities

Perform audit of the Group IT Organization and the Cybersecurity / Information Security functions (objectives, governance, key controls on security policies and procedures, etc.)

• Proficiency in auditing security controls for the Applications and Infrastructure Component (e.g., servers)
• Ability to identify security risks and associated security controls for the business units
• Should have ability to make strong and relevant recommendations around the IT & Cybersecurity risks, overall contributing to the improvement of the internal control environment.
• Support other functional auditors (e.g., Finance auditor, HR auditor) during the audit assignments
• Be clear, concise, and convincing in addressing Executive Management level and reporting audit findings with recommendations.
• Ensuring methodology and quality assurance standards are in accordance with the companies standards
• Manage the IT & Cybersecurity dedicated auditors in the department, participate in their recruitment, daily supervision, evaluation, training plan
• Supervise the quality of all IT & Security audits done by GIA in the Group
• Contribute in the technology roadmap of the Group Internal Audit department on IT & Cybersecurity matters
• Continuously evolve and improve the practice of IT & Cybersecurity audit within the department, including improving the work program, risk approach, methods and tools.

Requirements

Knowledge and experience of IT frameworks including ISO 27001, ITIL, NIST 800-53

• Willing to progress following certifications: ISO 27001, CISA, CIA or CISSP
• Master's degree in information technology from an institute of repute
• Excellent written & verbal communication level in English.
• At least 12 years of experience in Information Security and Cybersecurity, with minimum 5 years as an IT / Systems or Cybersecurity Consultant or Auditor, preferably in an IT company
• Specific experience in managing cybersecurity incidents, cyber operations, and testing (SOC, pentesting, threat intelligence etc.)
• Experience and knowledge in the following areas is appreciated: security solutions and tools, Cloud security, usage of firewalls, IDS/IPS, Identity & Access Management, End Point Security, SSL, Security Information & Event Management
• Demonstrated experience of interaction at CIO/CISO level with Fortune 1000 company
• Knowledge on regulations such as GDPR, EU Data Privacy