Cybersecurity Architect - (25000GIS)

The context of the service is more specifically within the ASSU/CSC/SEC team, which is in charge of the governance of security for the French entity and its subsidiaries internationally.

The Cybersecurity Architect contributes to security strategy and IT risk management by defining security policies and guidelines, overseeing controls and associated remediation, and providing consulting support to projects and business areas within their area of responsibility.

RESPONSIBILITIES

Specifically, you will be required to:

Design:

· Contributes to risk analyses related to technological foundations. It analyzes risks and vulnerabilities in systems and equipment;

· Defines and recommends the reference technical architecture that meets a variety of requirements (features, interoperability, or robustness of information systems, compliance, sustainability, etc.), the needs of the company, and current regulations;

· Develops and updates technical policies, security standards, and associated security solution guides related to its areas of expertise concerning business strategy, IT, and innovation.

Recommendation::

· Implements the appropriate technical recommendations and ensures the follow-up of his recommendations in compliance with established standards;

· Protects the information systems of his company by implementing security processes, particularly patch management. The cybersecurity architect regularly verifies the level of security achieved through compliance and cyber intrusion testing campaigns. He considers and analyzes vulnerabilities and non-compliances and proposes action plans;

· Communicates cybersecurity requirements to various suppliers and/or developers and checks their consideration in the documentation and implementation of subsystems. Ensures proper mastery of solutions by operational teams.

Advice:

· Proactivity in proposing changes to security solutions;

· Promotes the use and combination of existing security components;

· Analyzes security risks associated with the introduction of new technologies or new information systems.

Communication / Steering

· Contributes to the maturity development of technical architects and planners concerning IT security;

· Collaborates with technical security specialists to provide a comprehensive view of security;

· Represents the entity's security to other security teams within the Group;

· Ensures the planning, organization, and facilitation of workshops and technical meetings with IT stakeholders.

SPOC: serban-paul.dobreanu@socgen.com

Profile

· +5 years in computer science or its equivalent professional qualification (security option appreciated) and 10-15 years of experience overall, in relevant security field;

• Knowledge and experience in risk analysis methodologies (e.g.: 27005; EBIOS,);
• Knowledge and experience in the following methods: Agile, DevOps, CI/CD, Github / Gitlab;
• Oral and written communication , French A2/B1 , English B2 (Awareness, Reporting);

· Autonomous, pedagogical, curious, with a innovative mindset .

NICE TO HAVE:

· Certifications in technical areas such as cloud, O365, big data, APIs, AI, Automation, and blockchain

· ISO 27001 certification.