Req ID:469871
At Alstom, we understand transport networks and what moves people. From high-speed trains, metros, monorails, and trams, to turnkey systems, services, infrastructure, signalling and digital mobility, we offer our diverse customers the broadest portfolio in the industry. Every day, more than 80 000 colleagues lead the way to greener and smarter mobility worldwide, connecting cities as we reduce carbon and replace cars.
JOB TITLE & JOB CODE
Job Title (Job Code): Security into Project Leader
PURPOSE OF THE JOB
Reporting directly to the Cybersecurity Director, the Security into Project Leader ensures that the “Security into Project” policy (ISM-WMS-020) is applied for any given IS&T project, or any Business managed digital initiative. The Security into Project Leader will lead a team of Specialists and Experts, in charge of ensuring that the Alstom ISMS policies requirements are met. The Security into Project team will ensure that the design patterns and standards are implemented applying the existing processes and procedures.
ORGANISATION
Organisation structure (job belongs to..)
Digital Services
Reports directly to:
Cybersecurity Director
Other reporting to:
Dotted line to the Head of Security Architecture
Direct reports:
6
Network & Links
Internal
- Security Architecture, GRC and ISMS team
- Digital Services Head, VPs and Directors and teams,
- Architects, Project Managers and PMO,
- Business teams
External
- Service Providers and vendors
MAIN RESPONSABILITIES
- People and team management: recruitment, development, animation …
- Performance management: KPI reporting and service improvement plan
- Drive Security into Project policy adoption
- Adapt to new digital operating models supporting and securing the business led digital initiatives (SaaS, …)
- Contribute to Alstom ISMS improvement and patterns revision
- Represent the team and explain decisions during committees (PRC, ASB, …)
- Manage allocated budget: actual, forecast, …
- Collaborate with all project stakeholders, and gain adequate support when needed
- Create and animate a community of Champions in the different teams turning detractors to promotors
- Support the team on the following activities :
- Review and approve security deliverables: information system security questionnaires, architecture design documents, security checklist.
- Perform Risk analysis and identify/propose mitigation plan
- Make arbitrations evaluating and documenting the residual risk, and ensuring all the exceptions are tracked in the relevant register
- Ensure that Security Inquiry for Partners (SIP) is validated and signed of for all eligible partners in the ecosystem
- Ensure that Secure configurations are systematically applied for given projects or business initiatives
- Security Acceptance – make the right decision considering the residual risk and the asset value.
Qualifications
Educational Requirements
Mandatory:
- Bachelor's/Master's degree in Engineering/Technology
Desirable:
- CISSP or CISM
- Experience in Transport Industry is a plus
Experience
Mandatory:
- 10 years of work experience in cybersecurity
- 5 years in people or project management
