Description de l'offre
Saint-Gobain conçoit, produit et distribue des matériaux et des solutions pensés pour le bien-être de chacun et l’avenir de tous. Rejoignez une communauté innovante, passionnée et entreprenante pour améliorer le monde de demain.
Filiale de Saint-Gobain, la Direction des Systèmes d'Information (SGDSI) a pour vocation de définir, mettre en place et piloter la politique Systèmes d'Information et Télécoms du Groupe auprès de ses 1200 filiales et de ses fournisseurs dans le monde.
Reporting to de Saint-Gobain Chief Information Security Officer, the Infrastructure Security Officer shall be responsible to ensure the security of the Infrastructure part of the Saint-Gobain IT. He/she is accountable for the compliance of the SG Infrastructure to the strategy defined by SG DSI Group and for the application of the standards by the Security Officers of the regional organizations in charge of the User and Local Infrastructure Support (SGTS), and of the Datacenters / Cloud Services Provider (Cloud Factory).
Within this framework, his/her main tasks are:
Strategy / Roadmap
- To contribute to the definition of the Cybersecurity strategy of SG IT Infrastructure.
- To participate to the elaboration of the Infrastructure Cybersecurity roadmap.
- To manage the actions identified in the roadmap.
Organization and animation of the community of SGTS / Cloud Factory Security Officers
- To define the governance model of the community.
- To animate this community and check the good understanding.
Communication and reporting
- To define the communications lines with all stake-holders, especially when crisis attack.
- To transfer the necessary information to the community of SGTS / Cloud factory services Officers and make sure of the good understanding.
- To organize the Infrastructure reporting and ensure the regular reporting.
Awareness and training
- To increase awareness of SG top management to the Cybersecurity risks.
- To ensure the training of SGTS / Cloud Factory Security Officers.
- To conduct technology watch on vulnerabilities and trends related to Infrastructure.
- To share the knowledge with the CyberSoc and SGT / Cloud Factory Security Officers team.
- To contribute to the elaboration of the Infrastructure Cybersecurity policy.
- To contribute to the publication and explain the policy to the community.
Management of the risks of the entities
- To enforce the risk management methodology at the level of each SG entity.
- To support the community in the implementation.
Integration of the Security in the projects
- To ensure Security is integrated in the major project carried out by the SGTS / Cloud Factory Security officers.
- To support the community in the implementation of the methodology.
Integration of the Security in operation
- To contribute to the integration of the security in the Run of the Infrastructure activities.
- To contribute to the definition of control plans and their implementation.
Management of exceptions and Gestion des exceptions et suivi des vulnérabilités
- To challenge the exception requests;
- To participate to the Exception review process with the Cybersecurity expertise team.
- To contribute to the technical tests.
Follow-up of action plans
- To control the set-up and the follow-up of corrective action plans following audits or non-conformities
- To lead the Infrastructure Cybersecurity projects in coordination with the SGTS / Cloud Factory teams. Teams.
Management of Incidents
- To contribute to the analysis and the resolution of the major incidents.
- To contribute to the resolution of Cybersecurity attacks crisis.
Engineer or Master IT / Cybersecurity Degree
Significant experience (6/7 years) in security of Information Systems, IT security consultancy, IT audits, IT technical management…
Certifications are a plus (CISSP, CISA, CISM, SANS, ISO 27001-2005 Lead Auditor / Lead Implementer, ISO 27005 Risk Manager, ITIL…).
Job based in Paris / La Defense (SG DSI Groupe).
- Knowledge of Risk analysis methodologies ((EBIOS, etc.).
- Good knowledge of IT Security essentials and technology, for the protection of Information Systems, Infrastructure and Applications.
- Experience in the management of the security within the projects.
- Good Knowledge of Infrastructure and Telecom technologies (mainly Microsoft Windows / Unix environments, physical or virtualized).
- Fluent in French and English,
- Critical thinking, analytical and synthesis skills,
- Team work and interpersonal skills,
- Autonomy, source of proposals and inquisitive,
- Communication (oral and writing),
- Integrity and rigor.