ISMS Officer

Req ID:445531 

We create smart innovations to meet the mobility challenges of today and tomorrow. We design and manufacture a complete range of transportation systems, from high-speed trains to electric buses and driverless trains, as well as infrastructure, signalling and digital mobility solutions. Joining us means joining a truly global community of more than 70000 people dedicated to solving real-world mobility challenges and achieving international projects with sustainable local impact.   

The IS&T ISMS Officer is responsible for coordinating the governance of the Alstom ISO 27001 certified ISMS, including ownership of planning, measuring and improving activities for the ISMS. You will define, maintain & communicate Alstom’s security framework, policies and standards & ensure their adherence within the organization to protect Alstom’s information assets.

Part of your role will be the alignment of security requirements with key stakeholders, communication of security objectives and KPIs (also through the global executive cybersecurity dashboard), and ensuring a continuous certification under ISO 27001.

Main Responsibilities

1. Governance of the ISMS: 

• Definition and execution of the certification roadmap, considering customer needs and regulatory changes (§6.2/§6.3)
• Coordination and execution of internal pre-assessments/audits (§9.2)
• Planning and executing the semi-annually ISMS Management Review, including ISMS KPIs (§9.3)
• Planning and Execution of the control maturity assessment (§10.1)
• Tracking of audit findings and their remediation status (§10.2)

2. Management, development and timely update of all Security documents (standards, procedure, work instructions) and tracking review/update of the whole ISMS relevant documentation (§7)

3. Establishing, aligning and implementing security standards and processes across different stakeholders/functions/business lines

4. Coordinating the quarterly ISMS Forum for all control owners

5. Ensuring ISMS requirements across the supply chain (from customer towards suppliers) and across internal projects.

6. Ownership of the security process continuity governance (BIA and BCP)

7. Leading a small team to deliver above activities.

8. Responsible for providing guidance and support to others on complex issues within her/his area of expertise, acting as ISMS / ISO 27001 SPOC

Educational Requirements

•  Bachelor’s degree in computer science or similar designation (Master is desirable)
• Fluent English is mandatory

Mandatory Experience

• Managing information security risk
• 10+years of experience
• Using and defining risk management frameworks and processes
• Applying compliance practices
• Operating an ISMS

Desirable

• Experience in Security Governance
• Experience in information security management
• Experience with FAIR framework for measuring and analyzing information risk

Competencies & Skills 

• Expertise: Proven experience in ISO 27001 Security Management and good knowledge over related international standards or Cybersecurity frameworks from different countries.
• Professionalism: Has strong knowledge Information Security standards and regulations.
• Communication: Strong skills in both written and oral levels, with the ability to adapt technical message depending on the audience (Business Lines, Functions, DPOs, Risk management team etc.). Ability to translate security and business requirements into IT requirements.
• Collaboration and Partnership: Build and maintains collaboration with colleagues from different work environments and takes part of a collaborative network 
• Project coordination: Ability in planning and following various activities with diverse teams
• Systematic: Works logically, considers options and sets clear and measurable targets which balance competing priorities. 
• Drive for Results: Takes personal accountability for results and commitments, and ability to measure and improve performance
• Flexibility: Able and willing to adapt and to work effectively within a variety of diverse situations, and with diverse individuals or groups. Participate in multiple projects and tasks, with constantly changing priorities and evolving issues.
• Discretion: Ability to deal with sensitive and confidential issues using developed discretion and judgment, while maintaining independence and objectivity.
• Business acumen: experience on transportation or railway industries is a plus

Organisation Structure

IS&T Cybersecurity

Reports directly to

Head of IT Risk, Compliance & Data Protection

Network and Links

• Internal IS&T VPs and Directors Compliance Officer Internal Audit DPO, CSO, CIO, CISO Legal Procurement

  External Customers Suppliers Local / regional authorities

An agile, inclusive and responsible culture is the foundation of our company where diverse people are offered excellent opportunities to grow, learn and advance in their careers.  We are committed to encouraging our employees to reach their full potential, while valuing and respecting them as individuals.