Sites Cybersecurity Officer Jobs

Missions:

In charge of Cybersecurity of one or several Valeo sites in a Cybersecurity Region:

➔ Act as a Cybersecurity point of contact for the site(s)

➔ Coordinate the different actors of the site(s) for all Cybersecurity topics

➔ Deploy the Valeo ISSP (Information Systems Security Policy) within the sites, assess and improve their level of Cybersecurity

➔ Control the application of the Valeo ISSP (Information Systems Security Policy) and the specific

Cybersecurity rules/exemptions of the site(s)

➔ Raise any non-compliance, abnormal Cybersecurity event, and Cybersecurity incident

➔ Manage locally the Cybersecurity events and incidents

➔ Provide the reporting of the site(s) to the Regional Cybersecurity Officer

➔ Contribute to develop the Cybersecurity mindset within the site(s)

Roles & Responsibilities:

1) Accountability

● Act as a Cybersecurity point of contact for the site(s)

○ Act as the site(s) Cybersecurity point of contact for:

■ Group Cybersecurity organization

■ Regional Cybersecurity Officers

■ Cybersecurity operations centers

■ CIRT (Cybersecurity Incident Response Team)

○ Act as the site(s) Cybersecurity point of contact for external Cybersecurity assessments (e.g.

customer mandated audits)

○ Act as the site(s) Cybersecurity point of contact for the Site BCP Manager regarding local BCP

procedures

○ Communicate within the site(s) for any topic related to Cybersecurity (awareness, rules,

process)

● Deploy the Valeo ISSP (Information Systems Security Policy) within the sites, assess and improve their

level of Cybersecurity

○ Deploy Cybersecurity Group standards, rules and best practices in the site(s)

○ Perform the Site Information Risk Assessments

○ Manage the Cybersecurity action plans at site(s) level

● Control the application of the Valeo ISSP (Information Systems Security Policy) and the specific

Cybersecurity rules/exemptions of the site(s)

○ Control that the Cybersecurity requirements are fulfilled in the DRPs (Disaster Recovery Plan) of

the site(s)

○ Control that the Cybersecurity requirements, defined in the DRPs (Disaster Recovery Plan), are

operational and well performed during each yearly DRPs (Disaster Recovery Plan) execution

● Raise any non-compliance, abnormal Cybersecurity event, and Cybersecurity incident

○ Following the appropriate process, raise:

■ Non-compliance to the Regional Cybersecurity Officer

■ Abnormal Cybersecurity event to the Regional Cybersecurity Officer

■ Cybersecurity incident to the Regional Cybersecurity Officer and CIRT

● Manage locally the Cybersecurity events and incidents

○ Monitor and manage the alerts published by the Cybersecurity operations center (viruses,

patches) in the site(s)

○ Monitor the Cybersecurity events

○ Record, report and manage the Cybersecurity incidents related to site(s) in coordination with the

Regional Cybersecurity Officer (and CIRT if needed)

○ Deploy remediation plans defined in coordination with the CIRT and/or the Cybersecurity

operations center

● Provide the reporting of the site(s) to the Regional Cybersecurity Officer

○ Report action plans progress, exceptional requests, troubles...

○ Manage and provide the Cybersecurity KPIs of the site(s)

2) Responsibility

● Act as a Cybersecurity point of contact for the site(s)

○ Apply Cybersecurity requirements following Regional Cybersecurity Officer’s request

● Control the application of the Valeo ISSP (Information Systems Security Policy) and the specific

Cybersecurity rules/exemptions of the site(s)

○ Realize the Site Information Compliance Assessment and update it when requested and/or

following a major change in the site(s). Alert Regional Cybersecurity Officer in case of major

deviation.

○ Control that the Group Cybersecurity standards, rules and best practices are respected

○ Act as internal Cybersecurity risk auditor for the other sites of the ‘Region’ (upon request of the

Regional Cybersecurity Officer)

● Manage locally the Cybersecurity events and incidents

○ Suggest capitalization in perimeter following Cybersecurity events and incidents

● Provide the reporting of the site(s) to the Regional Cybersecurity Officer

○ Participate to the Regional Cybersecurity Officer’s Cybersecurity meetings

○ Propose improvements of Group standards to Regional Cybersecurity Officer

● Other

○ Upon request, act as Regional Cybersecurity Officer delegate to perform some specific missions

3) Contribution

● Coordinate the different actors of the site(s) for all Cybersecurity topics

○ Contribute to Group Cybersecurity programs

● Deploy the Valeo ISSP (Information Systems Security Policy) within the sites, assess and improve their

level of Cybersecurity

○ Perform or control, upon Regional Cybersecurity Officer delegation, risk assessments for, but not

limited to, local projects or other sites

● Contribute to develop the Cybersecurity mindset within the site(s)

○ Assist and advise IS/IT people on Cybersecurity matters

○ Translate the Cybersecurity communications, eLearning, TIPs… when requested by the

Regional Cybersecurity Officer

Qualifications:

• Certification(s) in some Cybersecurity standards/technical domains
• Other infrastructure / network / system / database / application experience
• Knowledge and experience linked to Cybersecurity standards (ISO 2700x, NIST, NIS)
• Good English communication skills
• Knowledge and experience in technical topics such as malware, patch management, firewalling
• >3 years of relevant experience in Cybersecurity
• Bachelor’s degree or Master’s degree in Computer Science and/or Cybersecurity