Sites Cybersecurity Officer

Missions :

In charge of Cybersecurity of one or several Valeo sites in a Cybersecurity Region :

Act as a Cybersecurity point of contact for the site(s)

Coordinate the different actors of the site(s) for all Cybersecurity topics

Deploy the Valeo ISSP (Information Systems Security Policy) within the sites, assess and improve their

level of Cybersecurity

Control the application of the Valeo ISSP (Information Systems Security Policy) and the specific

Cybersecurity rules / exemptions of the site(s)

Raise any non-compliance, abnormal Cybersecurity event, and Cybersecurity incident

Manage locally the Cybersecurity events and incidents

Provide the reporting of the site(s) to the Regional Cybersecurity Officer

Contribute to develop the Cybersecurity mindset within the site(s)

Roles & Responsibilities :

1)Accountability

Act as a Cybersecurity point of contact for the site(s)

Act as the site(s) Cybersecurity point of contact for :

Group Cybersecurity organization

Regional Cybersecurity Officers

Cybersecurity operations centers

CIRT (Cybersecurity Incident Response Team)

Act as the site(s) Cybersecurity point of contact for external Cybersecurity assessments (e.g.

customer mandated audits)

Act as the site(s) Cybersecurity point of contact for the Site BCP Manager regarding local BCP

procedures

Communicate within the site(s) for any topic related to Cybersecurity (awareness, rules,

process)

Deploy the Valeo ISSP (Information Systems Security Policy) within the sites, assess and improve their

level of Cybersecurity

Deploy Cybersecurity Group standards, rules and best practices in the site(s)

Perform the Site Information Risk Assessments

Manage the Cybersecurity action plans at site(s) level

Control the application of the Valeo ISSP (Information Systems Security Policy) and the specific

Cybersecurity rules / exemptions of the site(s)

Control that the Cybersecurity requirements are fulfilled in the DRPs (Disaster Recovery Plan) of

the site(s)

Control that the Cybersecurity requirements, defined in the DRPs (Disaster Recovery Plan), are

operational and well performed during each yearly DRPs (Disaster Recovery Plan) execution

Raise any non-compliance, abnormal Cybersecurity event, and Cybersecurity incident

Following the appropriate process, raise :

Non-compliance to the Regional Cybersecurity Officer

Abnormal Cybersecurity event to the Regional Cybersecurity Officer

Cybersecurity incident to the Regional Cybersecurity Officer and CIRT

Manage locally the Cybersecurity events and incidents

Monitor and manage the alerts published by the Cybersecurity operations center (viruses,

patches, etc.) in the site(s)

Monitor the Cybersecurity events

Record, report and manage the Cybersecurity incidents related to site(s) in coordination with the

Regional Cybersecurity Officer (and CIRT if needed)

Deploy remediation plans defined in coordination with the CIRT and / or the Cybersecurity

operations center

Provide the reporting of the site(s) to the Regional Cybersecurity Officer

Report action plans progress, exceptional requests, troubles

Manage and provide the Cybersecurity KPIs of the site(s)

2) Responsibility

Act as a Cybersecurity point of contact for the site(s)

Apply Cybersecurity requirements following Regional Cybersecurity Officers request

Control the application of the Valeo ISSP (Information Systems Security Policy) and the specific

Cybersecurity rules / exemptions of the site(s)

Realize the Site Information Compliance Assessment and update it when requested and / or

following a major change in the site(s). Alert Regional Cybersecurity Officer in case of major

deviation

Control that the Group Cybersecurity standards, rules and best practices are respected

Act as internal Cybersecurity risk auditor for the other sites of the Region (upon request of the

Regional Cybersecurity Officer)

Manage locally the Cybersecurity events and incidents

Suggest capitalization in perimeter following Cybersecurity events and incidents

Provide the reporting of the site(s) to the Regional Cybersecurity Officer

Participate to the Regional Cybersecurity Officers Cybersecurity meetings

Propose improvements of Group standards to Regional Cybersecurity Officer

Other

Upon request, act as Regional Cybersecurity Officer delegate to perform some specific missions

3) Contribution

Coordinate the different actors of the site(s) for all Cybersecurity topics

Contribute to Group Cybersecurity programs

Deploy the Valeo ISSP (Information Systems Security Policy) within the sites, assess and improve their

level of Cybersecurity

Perform or control, upon Regional Cybersecurity Officer delegation, risk assessments for, but not

limited to, local projects or other sites

Contribute to develop the Cybersecurity mindset within the site(s)

Assist and advise IS / IT people on Cybersecurity matters

Translate the Cybersecurity communications, eLearning, TIPs, etc. when requested by the

Regional Cybersecurity Officer

Qualifications :

Bachelors degree or Masters degree in Computer Science and / or Cybersecurity

Certification(s) in some Cybersecurity standards / technical domains

3 years of relevant experience in Cybersecurity

Knowledge and experience linked to Cybersecurity standards (ISO x, NIST, NIS, etc.)

Knowledge and experience in technical topics such as malware, patch management, firewalling

Other infrastructure / network / system / database / application experience

Fluent in English