Supplier Security Risk Analyst

Req ID:495449 

Leading societies to a low carbon future, Alstom develops and markets mobility solutions that provide the sustainable foundations for the future of transportation. Our product portfolio ranges from high-speed trains, metros, monorail, and trams to integrated systems, customised services, infrastructure, signalling and digital mobility solutions. Joining us means joining a caring, responsible, and innovative company where more than 70,000 people lead the way to greener and smarter mobility, worldwide

Job Purpose

The Supplier Security Risk Analyst plays a critical role in ensuring that third-party suppliers meet the organization’s cybersecurity and compliance standards. This role supports the continuous assessment, monitoring, and governance of supplier-related security risks, contributing to the overall resilience of the digital supply chain.

Within the IT Risk, Compliance & Data Protection team, which is part of the Information Security & SecOps department, this role is implemented for addressing the following activities:

• Key Responsibilities

  • Supplier Risk Assessment & Qualification

    • Conduct and document Supplier Inquiry Qualification (SIQ) and Supplier Inquiry for Procurement (SIP) processes 
    • Perform risk assessments using tools such as Security Scorecard, BitSight, and Moody’s 
    • Evaluate supplier responses and determine risk treatment plans.

  • Contractual Security Controls

    • Ensure integration of cybersecurity clauses, NDAs, and SIPs into supplier contracts in collaboration with Legal and Procurement 
    • Support the definition and tracking of security KPIs in supplier agreements.

  • Monitoring & Governance

    • Maintain and update the Supplier Security Risk Register.
    • Monitor supplier performance and risk posture through dashboards and periodic reviews 
    • Coordinate with internal stakeholders to define response options for declining supplier risk scores 

  • Audit & Compliance

    • Support internal and external audits related to supplier security.
    • Ensure alignment with ISO 27001 controls (e.g., A.5.1, A.5.37) and internal ISMS processes 

  • Process Improvement & Reporting

    • Contribute to the continuous improvement of supplier risk management processes.
    • Prepare reports and dashboards for governance forums and risk boards 

  • Training & Awareness

    • Promote awareness of supplier security requirements across business units.
    • Support training initiatives related to supplier risk management tools and processes.

Alstom is the leading company in the mobility sector, solving the most interesting challenges for tomorrow’s mobility. That’s why we value inquisitive and innovative people who are passionate about working together to reinvent mobility, making it smarter and more sustainable. Day after day, we are building an agile, inclusive and responsible culture, where a diverse group of people are offered opportunities to learn, grow and advance in their careers, with options across functions and geographic locations. Are you ready to join a truly international community of great people on a challenging journey with a tangible impact and purpose?  

Equal opportunity statement:
Alstom is an equal opportunity employer committed to creating an inclusive working environment where all our employees are encouraged to reach their full potential, and individual differences are valued and respected.  All qualified applicants are considered for employment without regard to race, colour, religion, gender, sexual orientation, gender identity, age, national origin, disability status, or any other characteristic protected by local law. 
 

Job Type:​Experienced​