LABs Cyber Security Architect

Apply now »

Date: 12-Jun-2022

Location: Saint-Ouen (Paris area), France

Company: Alstom

We create smart innovations to meet the mobility challenges of now and the future. We design and manufacture a complete range of transportation systems, from high-speed trains to electric buses, autonomous subways, signalling and digital mobility solutions. Joining us means joining a truly global community of 34 500 people dedicated to solving real-world mobility challenges and achieving international projects with sustainable local impact. 
For more information, please visit: http://www.alstom.com/

Reporting directly to the Head of Information Security Program Delivery, the LABs Cyber Security Architect defines some security architecture patterns and contributes to design the appropriate security mechanisms and tools to be implemented within the Alstom Information System, especially on LABs (development and test environment for Alstom products), environment managed by Business or IS&T to develop Alstom products.

He/She is part of a team of Cyber Security Program Delivery team who define and support security solutions, standards and rules to be implemented to enforce the Security Policy in all Infrastructure and Business projects.

He/She defines Cyber Security architecture for Alstom LABs environments and develop associated Cyber Security services

Main responsabilities

  • The LABs Cyber Security Architect is scope referent for LABs environments with the missions to
    • Manage Security studies and standards
    • Assess & validate Architecture, against Security Policy
    • Integrate of Security into standard designs
    • Support level 3/4 – expertise – for security solutions
    • Manage & budget support on Security projects
    • Develop associated Cyber Security services

 

  • Cyber Security Architect Center follows and validates the security aspects in some Alstom’s IT projects
    • ISSCQ – produce all Information System Security and Compliance Questionnaire at the initial phase of all projects
    • Risk analysis – perform risk analysis and identify mitigation plan when relevant
    • Security Insurance Plan –make sure that all IT partners/providers respect the security policy when they deliver services (e.g. Cloud or SaaS provider)
    • Security Acceptance –make the right decision considering the residual risk and the asset value
    • ISS Run Q&A and industrialization

 

 

Qualification & Competencies - Expected Level

 

Initial Background: an IT leader having total of 8 years of experience in Cyber Security Architecture, Cyber Security Security risk management; 5 years in Cyber Security Industrial Architecture.

 

Languages: French, English

Mandatory experiences:

  • Knowledge of ISO 27002 and ISO 27005
  • Knowledge of ISA/IEC 62443, certification is a plus
  • Excellent written/verbal/communication in French and English mandatory, listening and facilitation skills
  • Able to identify and document specific security issues, propose resolution options, and interpret matters from the perspective of involved stakeholders
  • Able to analyze technical risks and vulnerabilities and to design the appropriate architecture for Industrial environment
  • Good understanding of OT environments
  • Good understanding of security tools and mechanisms (IDS/IPS, antivirus, anti-malware, authentication mechanisms, IAM, PKI, encryption, DevSecOps etc.)

Reporting directly to the Head of Information Security Program Delivery, the LABs Cyber Security Architect defines some security architecture patterns and contributes to design the appropriate security mechanisms and tools to be implemented within the Alstom Information System, especially on LABs (development and test environment for Alstom products), environment managed by Business or IS&T to develop Alstom products.

He/She is part of a team of Cyber Security Program Delivery team who define and support security solutions, standards and rules to be implemented to enforce the Security Policy in all Infrastructure and Business projects.

He/She defines Cyber Security architecture for Alstom LABs environments and develop associated Cyber Security services

Main responsabilities

  • The LABs Cyber Security Architect is scope referent for LABs environments with the missions to
    • Manage Security studies and standards
    • Assess & validate Architecture, against Security Policy
    • Integrate of Security into standard designs
    • Support level 3/4 – expertise – for security solutions
    • Manage & budget support on Security projects
    • Develop associated Cyber Security services

 

  • Cyber Security Architect Center follows and validates the security aspects in some Alstom’s IT projects
    • ISSCQ – produce all Information System Security and Compliance Questionnaire at the initial phase of all projects
    • Risk analysis – perform risk analysis and identify mitigation plan when relevant
    • Security Insurance Plan –make sure that all IT partners/providers respect the security policy when they deliver services (e.g. Cloud or SaaS provider)
    • Security Acceptance –make the right decision considering the residual risk and the asset value
    • ISS Run Q&A and industrialization

 

 

Qualification & Competencies - Expected Level

 

Initial Background: an IT leader having total of 8 years of experience in Cyber Security Architecture, Cyber Security Security risk management; 5 years in Cyber Security Industrial Architecture.

 

Languages: French, English

Mandatory experiences:

  • Knowledge of ISO 27002 and ISO 27005
  • Knowledge of ISA/IEC 62443, certification is a plus
  • Excellent written/verbal/communication in French and English mandatory, listening and facilitation skills
  • Able to identify and document specific security issues, propose resolution options, and interpret matters from the perspective of involved stakeholders
  • Able to analyze technical risks and vulnerabilities and to design the appropriate architecture for Industrial environment
  • Good understanding of OT environments
  • Good understanding of security tools and mechanisms (IDS/IPS, antivirus, anti-malware, authentication mechanisms, IAM, PKI, encryption, DevSecOps etc.)


Job Segment: Information Security, Risk Management, Technology, Finance