Cybersecurity Architect

Apply now »

Date: 20 Mar 2024

Location: Charleroi, BE

Company: Alstom

Req ID:411490 

Leading societies to a low carbon future, Alstom develops and markets mobility solutions that provide the sustainable foundations for the future of transportation. Our product portfolio ranges from high-speed trains, metros, monorail, and trams to integrated systems, customised services, infrastructure, signalling and digital mobility solutions. Joining us means joining a caring, responsible, and innovative company where more than 70,000 people lead the way to greener and smarter mobility, worldwide 

 

 

 

PURPOSE OF THE JOB

Responsible for designing, creating, and maintaining the cybersecurity aspects of Alstom solutions

 

POSITION IN THE ORGANISATION

Organisation structure (job belongs to)

D&IS / Group Cybersecurity

Reports directly to:

Cybersecurity Department Head / Cybersecurity Platform Manager / Cybersecurity Region Manager (as relevant)

Other reporting to:

functionally to Project/Program Cybersecurity Manager (PCyM)

 

Network & Links

Internal

  • Project/Program team (PM, Engineering, V&V, Safety, RAM,  ..)
  • Cyber Engineers and CSP Leaders (as relevant)
  • Cybersecurity Governance & Expertise
  • Other Cybersecurity Architects

External

  • Customer representatives (as relevant)
  • Supplier representatives (as relevant)
  • National authorities’ representatives (as relevant)

 

 

MAIN RESPONSIBILITIES

 

Key Accountabilities:

  • Responsible of Alstom solution security analysis and of the definition of its security requirements and architecture.
    • Understand the solution to be delivered and secured
    • Design and document reliable security architecture resilient against cyberthreats (CADRA)
    • Ensure update and upgrade delivered solution cybersecurity as needed
  • Lead or contribute to activities such as:
    • Cybersecurity risks assessment
    • Cybersecurity requirement implementation
    • Cybersecurity evaluation of the developed solution(s)
    • Management of 3rd parties on Cybersecurity aspects
    • Cybersecurity Vulnerability Management
  • Provide technical guidance and supervision for the project/program team
    • participate to Project/Program Design Reviews
    • support engineering team answer design and technical difficulties related to cybersecurity implementation,
    • be referent for management and third parties on cybersecurity architecture and technical implementation.
    • Ensure homogeneous cybersecurity implementation conform to Governance & Expertise policies.
  • Respond and support to any security-related incidents and provide post-event analysis
  • Ensure cyber trend watch (new threats, new techno, etc.)  related to the delivered solution(s)

 

Optionally, on case by case:

  • Peer review of cybersecurity deliverables from other Projects/Programs
  • Contribute to technical proposals on bids/tenders
  • Contribute to Cybersecurity process and standard(s) definition
  • Member of Cybersecurity expertise network

 

Key Job Authorities and Dimensions

  • Technical expertise on cybersecurity architecture and requirements for Alstom solution

Performance measurements:   

  • Provide requested deliverable in time with adequate quality
  • Relevancy of proposed cybersecurity solution
  • Alignment with Alstom cybersecurity strategy and policies
  • Contribution to peer reviews

 

  

EXPERIENCE PREREQUISITES & REQUIRED COMPETENCES

 

Educational Requirements  

Mandatory:

University/ Engineer in degree level or equivalent experience\qualifications

Desirable:

Cybersecurity certification such as ISA/IEC 62443

 

Experience  

Mandatory:

  • Extensive experience in IT/OT security and risk management with a focus on security, performance and reliability
  • Technical proficiency of Architecture concepts and techniques of systems and networks, operating systems and associated programming languages.

Desirable:

  • Experience in embedded or industrial systems (railway / aeronautics ...)
  • Experience in System Engineering

 Competencies & Skills  

  • Understanding of main cybersecurity standards and regulations, such as: ISA/IEC 62443, TS 50701, ISO 2700X, NIST, NIS
  • Understanding of OT System architecture
  • Knowledge of cybersecurity risk assessment methodology
  • Knowledge of defence in depth techniques such as:
    • Network security architecture development and definition
    • Perimeter security controls such as firewalls, IDS/IPS, network access controls, and network segmentation
    • Various aspects of network security such as routers, switches, and VLAN security
    • Security concepts related to DNS, including routing, authentication, VPN, proxy services
  • Capacity to address high level (system) et low level (IT, Security technologies and Software design) and to design a cyber architecture (zoning, services, …).
  • Knowledge of recognized techniques for evaluating systems security and Intrusion testing techniques.
  • Understanding of third-party auditing and risk assessment
  • Ability to interact with a broad cross-section of personnel to explain and enforce security measures
  • Dynamic, autonomous. Creativity and ability to work in a complex environment.
  • Synthesis spirit, excellent written and verbal communication skills,  

 

 

Alstom is the leading company in the mobility sector, solving the most interesting challenges for tomorrow’s mobility. That’s why we value inquisitive and innovative people who are passionate about working together to reinvent mobility, making it smarter and more sustainable. Day after day, we are building an agile, inclusive and responsible culture, where a diverse group of people are offered opportunities to learn, grow and advance in their careers, with options across functions and geographic locations. Are you ready to join a truly international community of great people on a challenging journey with a tangible impact and purpose?  

 

Equal opportunity statement:
Alstom is an equal opportunity employer committed to creating an inclusive working environment where all our employees are encouraged to reach their full potential, and individual differences are valued and respected.  All qualified applicants are considered for employment without regard to race, colour, religion, gender, sexual orientation, gender identity, age, national origin, disability status, or any other characteristic protected by local law. 

 


Job Segment: Embedded, Testing, Risk Management, Technology, Finance

Apply now »