2021-16623 – IT business solutions security risks manager M/F

  • CDI
  • N'importe où
  • Publié il y a 3 semaines

Regular/Temporary : Regular
Position description :
STMicroelectronics is a global leader of electronic components and the first European manufacturer of semi-conductors. The company designs, manufactures and sells smart solutions and products of daily life which consume little energy and contribute to make driving, factories, cities more “Intelligent”. They enable the development of new generations of mobile phones ad well as Internet of things.
With 46,000 employees worldwide, 7,400 of whom work in R&D and R&I, 80 sales & marketing offices in 35 countries and 11 main manufacturing sites, ST is recognized for its cutting-edge innovation technology.
In 2020, STMicroelectronics realized a net turnover of 10.22 billion dollars with more than 100,000 customers worldwide. The company is listed on Paris, Milan and New York Stock Exchange and shows strong growth.

* Context:
Reporting to the CIO, the RMIS (Risk Management, Information Security, and compliance) organization is in charge of Information Security in STMicroelectronics and risk management and compliance within the DIT organization.
Within RMIS, the department “InfoSec for IT business solutions” is in charge of security of IT business solutions (main domains: sales&marketing, HR, quality, logistic, finance and purchasing) to make sure security risks are identified and mitigated or accepted.

 * Role and responsibilities:
The job holder will:
Run with business/IT stakeholders the criticality assessments (simplified BIA) on IT solutions (*).
Manage the infosec assessment plan of the team and follow-up its execution.
Lead and animate the network of Business InfoSec officers (GISO) in one or more of the following domains: sales&marketing, HR, quality, logistic, finance and purchasing, with the objective to:Improve the security consciousness in those business groups.
Help translate contractual, regulatory and business security needs into requirements for IT solutions and associated business processes.
Help define and prioritize security actions.
Ensure that the main InfoSec risks in those business groups are identified, mitigated or accepted.
Maintain the security risk dashboard for use by GISO.
Maintain the DIT framework for securing IT business solutions and ensure that processes are in place to support its implementation.
Assist the head of InfoSec for IT business solutions in all tasks that may be required to maintain an efficient service to ST
(*) solutions managed by DIT or outside DIT, bespoke or commercial solutions, solutions on premises or in the cloud.

This position is open at the site of Crolles but candidates based in other sites will be considered.

Profile :
A cyber security professional with 10+ years’ experience.
Concrete experience in driving InfoSec for sales&marketing, HR, finance and purchasing domains.
Experience in driving security in whole or part of the technical landscape supporting IT business solutions in ST.

Strong experience in security risks assessments/ management.
Sound knowledge of security of SaaS solutions as well as API security.
Sound knowledge of security in the design of IT solutions.
Knowledge of security in SDP (Software Development Lifecycle) is a plus.
Knowledge of OS/DB security is a plus.

Mastering of English in a professional environment (written, spoken).
Willing to travel worldwide whenever necessary.
Able to keep things strictly confidential.
Ability to “clarify the unknown” and translate technical aspects into risks and to communicate on those risks.

Master’s degree in cyber security or computer science, or equivalent experience.

The technical landscape supporting those IT business solutions is made of the following technologies:
WebMethod (API, messaging bus).
Be spoke applications developed in JAVA using Oracle DB.
Azure IaaS / PaaS.
SaaS solutions (Concur, Ariba, salesforce.com, Adobe…).
Education level required : 5 – Master degree
Language / Level :
English : 2- Business fluent


Détails Emploi Informatique & Web