Cyber Security Architect

Job Description

Reporting directly to the Head of Information Security Architecture and Standards, the IS Security Architect Standard referent & Security into project service manager defines some security architecture patterns and contributes to design the appropriate security mechanisms and tools to be implemented within the Alstom Information System.He is part of a team of security architects who define and support security solutions, standards and rules to be implemented to enforce the Security Policy in all Infrastructure and Business projects.He has to ensure security into project methodology is applied, followed and maintained up to date linked to Information System & Technology needs and objectives in compliancy with Cyber Security policies.He has to ensure that Cyber Security standards defined by Security Architecture and Standards are maintain up to date and aligned with Cyber Security model and the associated Cyber Security policies. Main responsabilities

• The Cyber Security Architect ensuring that Security into project methodology is applied, followed and maintained up to date linked to Information System & Technology needs and objectives in compliancy with Cyber Security policiesSecurity studies and standards
  • Exchange Project Management Office team on new project methodology and promote Cyber Security processes to be integrated, updated, followed
  • Promote Security into project methodology into IS&T to make that methodology is well spread across department and clear for every IT projects manager
  • Manage Cyber Security consulting team to work Cyber Security assessment into projects.
• The Cyber Security Architect ensuring that Cyber Security standards are maintained up to date within the team linked to the IS&T strategies and Cyber Security policies evolution.
  • Exchange with every Cyber Security Architect within on their respective scope to update the associated Cyber Security standards
  • Exchange with Governance Risk & Compliance team on Cyber Security policies evolution
• The Cyber Security Architect is solution owner for some specific Security Solutions under his responsibility
  • Security studies and standards
  • Architecture validation, against Security Policy
  • Integration of Security into standard designs
  • Support level 3/4 expertise for security solutions
  • Management & budget support on Security projects

• The Cyber Security architect follows and validates the security aspects in some Alstom s IT projects
  • ISSCQ produce all Information System Security and Compliance Questionnaire at the initial phase of all projects
  • Risk analysis perform risk analysis and identify mitigation plan when relevant
  • Security Insurance Plan make sure that all IT partners/providers respect the security policy when they deliver services (e.g. Cloud or SaaS provider)
  • Security Acceptance make the right decision considering the residual risk and the asset value
  • ISS Run Q&A and industrialization

Qualification & Competencies - Expected LevelInitial Background: an IT leader having 10 years of experience in Cyber Security architecture risk assessmentLanguages: EnglishMandatory experiences:

• Knowledge of ISO 27002 and ISO 27005
• Management of external resources
• Know how to adapt your message to the interlocutor, manage transversal collaboration
• Good interpersonal skills, rigorous work, positive attitude, and strong autonomy
• General knowledge of IT

Reporting directly to the Head of Information Security Architecture and Standards, the IS Security Architect Standard referent & Security into project service manager defines some security architecture patterns and contributes to design the appropriate security mechanisms and tools to be implemented within the Alstom Information System.He is part of a team of security architects who define and support security solutions, standards and rules to be implemented to enforce the Security Policy in all Infrastructure and Business projects.He has to ensure security into project methodology is applied, followed and maintained up to date linked to Information System & Technology needs and objectives in compliancy with Cyber Security policies.He has to ensure that Cyber Security standards defined by Security Architecture and Standards are maintain up to date and aligned with Cyber Security model and the associated Cyber Security policies. Main responsabilities

• The Cyber Security Architect ensuring that Security into project methodology is applied, followed and maintained up to date linked to Information System & Technology needs and objectives in compliancy with Cyber Security policiesSecurity studies and standards
  • Exchange Project Management Office team on new project methodology and promote Cyber Security processes to be integrated, updated, followed
  • Promote Security into project methodology into IS&T to make that methodology is well spread across department and clear for every IT projects manager
  • Manage Cyber Security consulting team to work Cyber Security assessment into projects.
• The Cyber Security Architect ensuring that Cyber Security standards are maintained up to date within the team linked to the IS&T strategies and Cyber Security policies evolution.
  • Exchange with every Cyber Security Architect within on their respective scope to update the associated Cyber Security standards
  • Exchange with Governance Risk & Compliance team on Cyber Security policies evolution
• The Cyber Security Architect is solution owner for some specific Security Solutions under his responsibility
  • Security studies and standards
  • Architecture validation, against Security Policy
  • Integration of Security into standard designs
  • Support level 3/4 expertise for security solutions
  • Management & budget support on Security projects

• The Cyber Security architect follows and validates the security aspects in some Alstom s IT projects
  • ISSCQ produce all Information System Security and Compliance Questionnaire at the initial phase of all projects
  • Risk analysis perform risk analysis and identify mitigation plan when relevant
  • Security Insurance Plan make sure that all IT partners/providers respect the security policy when they deliver services (e.g. Cloud or SaaS provider)
  • Security Acceptance make the right decision considering the residual risk and the asset value
  • ISS Run Q&A and industrialization

Qualification & Competencies - Expected LevelInitial Background: an IT leader having 10 years of experience in Cyber Security architecture risk assessmentLanguages: EnglishMandatory experiences:

• Knowledge of ISO 27002 and ISO 27005
• Management of external resources
• Know how to adapt your message to the interlocutor, manage transversal collaboration
• Good interpersonal skills, rigorous work, positive attitude, and strong autonomy
• General knowledge of IT

Job Segment: Consulting, Project Manager, Information Security, Technology ,

Keyskills :
aaarisk analysiscyber securityiso 27002deliveryenvironmental impact assessmentproject management officeit projectssolution designdocumentationsiem