The IT Security leader is a centerpiece in Edenred IT Security set up. S/he will be in charge of IT security in the Zone.
KEY RESPONSIBILITIES for the zone and its Business units
· Implementing the global IT security strategy at zone level
· Building, managing and reporting the IT compliance budget and costs in accordance with Group requirements
· Managing the IT security leaders and experts in the zone
· Overseeing or managing IT security projects
· Taking over specific global IT compliance topics for the Group if need be
· Managing security services in accordance with Group strategy (e.g. Access management, Authentication, Network / Email / Endpoint Security, DLP, …)
· Defining, implementing and maintaining the IT Security procedures in the zone, in accordance with Group policies
· Implementing IT security in projects (Security by design : risk analysis, recommendations, control before go live), using Group methodology
· Performing and reporting IT Security risk assessments on IT applications and IT assets to ensure compliance with the group security standards and protect the business
· Implementing security controls on IT services, including penetration testing, code reviews and third-party audits
· Collecting, analyzing and publishing security KPIs for the zone, providing improvement actions
· Following-up zone remediation plan
· Role includes IT continuity supervision (IT DRP) and IT compliance, complying with the standard and regulation needed for the business (PCI-DSS, ISO27001, …)
· Promoting IT compliance in the zone and be the referent inside the zone regarding IT compliance
· Integrating IT compliance requirements or perspective in project and application risk analysis (e.g. GDPR IT related requirements, IT resilience, Internal audit P1 recommendations)
· Managing and reporting IT security incident according to Group policy & procedures
· Reports to the Global Chief Information Officer of the Group
· Direct reports : Region IT security leaders, Business Units IT Security leaders and experts
· Other key relationships : Global IT security team, Zone IT leader, Region IT leaders, BU IT leaders, Application owners, Developers, project managers, IT ops, General managers and business representatives, Data Protection Officer, Architects
· Monitoring Edenred’s Digital risk in the Zone (regulatory, governance, IT infrastructure and application)
· Ensuring the implementation of the Group security policies and procedures
· Ensuring Edenred’s Digital systems constantly meet security standards and/or company risk appetite
· Supporting Edenred’s initiatives around new technologies and bringing in innovation to the Edenred IT security practices (Cloud security, DevSecOps approach, …)
The successful candidate will be an accomplished information security professional with a proven track record of having successfully developed and implemented information security policies and procedures, in conjunction with business leaders. S/he will be result and performance oriented with a can-do attitude and be able to persuade/influence others in the organization. The IT Security leader needs to build and report the information security risk profile of the zone.
As a manager, specialized in information security, the IT Security leader, requires strong communication skills. The ability to engage various stakeholders with passion and conviction to persuade others that security is paramount and not just an option. Manager posture as well as relevant technical skills are essential to ensure credibility within the Company.
- 5+ years of experience as Information security manager and expert in a still growing, evolving international matrix environment. Experience should ideally have been gained in large and complex international organizations where security is a critical capability. S/he will have demonstrated experience building trusted relationships in the organization, based on competence and credibility rather than authority. Experience in project management and procedure implementation, maintenance and monitoring will be appreciated.
- Extensive knowledge of Security and Risk Frameworks as well as software development best practices. Additionally, s/he will have deep understanding of the cybersecurity threats and stakes. That experience will have been acquired within forward-thinking / modern organizations, operating preferably with public cloud (AWS/Azure) and eCommerce platforms.
- Professional security management certification is a plus e.g. Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials. Experience in certification, security standard or regulatory program (e.g. ISO27001, PCI-DSS, NIST, CIS, GDPR, DSP2, …) is also a plus.
- Fluent in English, French will also be preferred.
- Other European languages would be advantageous.
CRITICAL LEADERSHIP CAPABILITIES
- Collaborating and Influencing
· Invites and uses the opinions and perspectives of others across the organization
· Adapts own approach to the audience, anticipating issues, preparing for possible resistance to proposed solutions and responding in an appropriate style to reach a mutual agreement
· Resolves conflicts by discussing individual issues with each person
· Works closely with various business unit IT leaders and application owners to ensure a common understanding of objectives.
· Takes initiative and proactively engages with the Business units, rather than being reactive to their demands.
- Cultural Agility
· Accepts input from a wide range of perspectives in a highly international context.
· Promotes diversity of views, such as diversity from thoughts, background, experience and process, in headquarter and subsidiaries.