IT Risk & Compliance Analyst

Req ID:459275 

Leading societies to a low carbon future, Alstom develops and markets mobility solutions that provide the sustainable foundations for the future of transportation. Our product portfolio ranges from high-speed trains, metros, monorail, and trams to integrated systems, customised services, infrastructure, signalling and digital mobility solutions. Joining us means joining a caring, responsible, and innovative company where more than 70,000 people lead the way to greener and smarter mobility, worldwide

Within the newly combined function of IT Risk, Compliance& Data Protection, part of the Cybersecurity department, this role is implemented for addressing the following activities:

• S(he) assesses, evaluates and makes recommendations to management regarding the adequacy of the security controls.
• S(he) contributes to ensure that Digital Transformation activities, processes, and procedures meet defined requirements, policies and regulations.
• S(he) contributes to the coordination and tracking of audits including scope, units involved, timelines, relations with auditing agencies and outcomes.
• S(he) performs and update risk assessments according to the business operations.
• S(he) controls Vendor Risk Management data entry and due diligence.
• S(he) contributes to the ISO 27001 certification project.
• Monitoring and ensuring the right application of governance policies and processes
  • Contribution to the maintenance of the information security policies framework (draft and update Information Security Policies)
  • Contribution to the improvement of integration of security in projects process and deliverables
  • Application Sensitivity Questionnaire at the initial phase of all projects
  • Security requirements to be integrated in contracts with all IT partners/providers
  • Risks Analysis to be carried out on applications that require it.
• Monitoring the Security Debt
  • Supporting the security architects in making that sure the necessary actions are conducted by applications teams to reduce the security debt
  • Ensuring of the progress of actions to remediate vulnerabilities in Solutions and raise alerts.
• Contributing to the preparation of audits with Partners and Architects of audited solutions
• Contributing to the ISO 27001 certification project activities: implementation and follow-up of the action plan

Alstom is the leading company in the mobility sector, solving the most interesting challenges for tomorrow’s mobility. That’s why we value inquisitive and innovative people who are passionate about working together to reinvent mobility, making it smarter and more sustainable. Day after day, we are building an agile, inclusive and responsible culture, where a diverse group of people are offered opportunities to learn, grow and advance in their careers, with options across functions and geographic locations. Are you ready to join a truly international community of great people on a challenging journey with a tangible impact and purpose?  

Equal opportunity statement:
Alstom is an equal opportunity employer committed to creating an inclusive working environment where all our employees are encouraged to reach their full potential, and individual differences are valued and respected.  All qualified applicants are considered for employment without regard to race, colour, religion, gender, sexual orientation, gender identity, age, national origin, disability status, or any other characteristic protected by local law. 
 

Job Type:​Experienced​