Cybersecurity Manager - Program Job in Alstom

Req ID:73515

We create smart innovations to meet the mobility challenges oftoday and tomorrow. We design and manufacture a complete range of transportation systems, from high-speed trains to electric busesand driverless trains, as well asinfrastructure, signalling and digital mobility solutions. Joining us meansjoininga truly global community ofmore than36 300 people dedicated to solving real-world mobility challenges and achieving international projects with sustainable local impact.

Purpose of the Job -

- To organize and manage the cybersecurity studies, design and verification & validation activities for Metro Rail projects executed by Alstom

- Manage internal and external stakeholders on a project in the area of cybersecurity.

- Interface with global Alstom cybersecurity management team.

Organisational Reporting -

- Project Manager (functional) and to Department Head (hierarchical)

Network & Links -

- In contact with the Cybersecurity Management Office.

- Integrated within Project management Team

ACCOUNTABILITIES & AUTHORITIES

Key Accountabilities

The Program Cybersecurity Manager is the point of contact of the Program for cybersecurity related subjects. He is in charge of the following activities:

• Analyse Program security needs (including laws and local regulations), determine security objectives and main security risks strategy
• Analyse cybersecurity features to be developed based on product design directives (IEC 62443) and Alstom solution roadmap.
• Obtain agreement from Program about on the set of security measures to be implemented
• Plan security activities within development life cycle, estimate costs and duration, their impacts related to program execution.
• Expert guidance to implementation team towards developing product cybersecurity features.
• Is responsible for Cost / Quality / Delay of Program Cybersecurity deliverables, as below :
  • Cybersecurity Management Plan and maintain Risk Registry
  • Cybersecurity Architecture Definition and Requirement Allocation
  • Supplier capability assessment and COTS evaluation reports
  • Application of Cybersecurity Assurance Level
  • Produce Cybersecurity evaluation plan and report
  • Definition of Cybersecurity Operating Procedures
  • Evaluation of the Program achieved Cybersecurity level
• Provide support during technical design meetings for cybersecurity activities
• Manage vulnerabilities and Cybersecurity issues and actions plan,
• Manage Program Cybersecurity related communication
• Report on Program Cybersecurity status
• In case of external Cybersecurity audit, manage the relationship with auditors Establish lessons learned

Key Job Authorities and Dimensions

• Responsible of the QCD of Cybersecurity Work Package
• Functional animation of Cybersecurity Engineer (if required)

Performance measurements:

• No "NO GO" for Cybersecurity reasons in Gate Reviews
• Quality of Cybersecurity deliverables, in time
• Achievement of Program targeted level of Cybersecurity
• Assessment findings : Low rework due to external or internal assessments
• Vulnerability management is in place

• Respect of Cybersecurity activities QCD commitment

• Cybersecurity issues/incident resolution

EXPERIENCE PREREQUISITES & REQUIRED COMPETENCES

Educational Requirements

• University/ Engineer in degree level (mandatory)
• Cybersecurity certification such as: GICSP, CISSP, GSEC, CISM (desirable)

Experience

Mandatory:

• Experience related to Cybersecurity in general, development experience of security technologies.
• Quality, Cost and Delivery Management

Desirable:

• Knowledge of Alstom Products & Solution Portfolio.
• Experience in embedded or industrial systems (railway / aeronautics ...)

Competencies & Skills

• 10+ years total relevant experience.
  • Data protection (Data at rest protection, Data in transit protection, Data loss prevention)
  • Hardening (Integrity & Authenticity verification, Mobile media Protection, ..)
  • Architecture (System Secure Architecture, Network Protection & Partitioning, Wireless access, Remote Access Management, Secure Administration, Platform Physical Security)
  • Detection & Response capacity (Asset management & discovery, Anti-malware, DoS detection, Log / Event / Alarm Management, Intrusion Detection/Prevention systems, Incident Response Management capabilities)
  • Cryptography Management
  • Vulnerability and Patch Management
• General knowledge on standards related to Cybersecurity : ISO 2700x, IEC 62443, NIST, NIS.
• Network architectures (main technical principles).
• Good knowledge in software architecture, in particular regarding O.S (especially Linux).
• Knowledge about risk assessment is a plus.
• Project/Program management skills (Quality, Cost and Delivery)
• Knowledge of industry best practices, methodologies, tools, etc. in the field of cybersecurity
• Strong documentation (written) and presentation (verbal) skills
• Ability to communicate effectively with internal stakeholders.
• Cybersecurity certifications desirable (GICSP, CISSP, GSEC, CISM)
• Dynamic, autonomous.Ability to work in a complex and cross functional environment

An agile, inclusive and responsiblecultureis the foundation of ourcompanywhere diverse people are offered excellent opportunities to grow, learn and advanceintheir careers.We are committed toencouragingour employeesto reach their full potential,while valuing and respecting them as individuals.

Job Type:?Experienced?