Head of Cyber Security - Montpellier, France - MRJ Recruitment

Description

One of the Worlds leading food manufacturers, with sites in 10 countries across Europe, and a heritage of over 100+ years, has a brilliant new opportunity available: Group Cybersecurity Manager

Role intro:

The Group has become the world's leading waffle and biscuit manufacturer via a large scale M&A strategy over the last few years. A key part of the company's growth strategy, is a large scale technology transformation with a new Cyber Security programme at the forefront of their current plans.

Working closely with the regional IT Directors and the Group board, the Group Cybersecurity Manager position is a newly created role with the remit to mitigate cybersecurity threats, ensure adequate organisational preparation for incidents and ensure a rapid recovery in event of an incident.

Key role responsibilities:

Strategy Definition

• Update and maintain the current Group cybersecurity strategy aligned with organizational objectives in order to protect our organization against evolving threats and risks.
• Build an annual budget with the Group IT leadership. Build and defend business cases when required.

Governance and Risk Management

• Establish and maintain a robust security governance framework.
• Lead both the security steering committee and the security operational committee.
• Ensure that disaster recovery and business continuity plans are in place and tested.
• Identify, assess, and prioritize cybersecurity risks.

Policies and Procedures

• Define and implement security policies, standards, and best practices to ensure compliance with industry regulations and maintain the highest level of security.
• Develop and enhance information security management framework. Collaborate wit the Group IT teams to develop and agree on technology standards.
• Review regularly security policies, standards and controls.

Architecture, Assessments and Testing

• Is responsible for the choice of security systems and strategies based on industry frameworks and standards (e.g. NIST, ISO27001) for the IT and OT Group environments.
• Oversee the implementation of secure systems and infrastructure, including cloud-based solutions, ensuring resilience, availability, and scalability.
• Ensure regular security assessments, vulnerability scans, and penetration testing are conducted in order to identify and address potential security vulnerabilities.

Incident and Crisis Management

• Coordinate Major security Incident with the Group IT teams.
• Define and implement the incident response plan and responsible for its improvement.
• Manage cybersecurity crisis, define group strategy response and arbitrate decision.

Audit and Reporting

• Assess all audit findings, establishing a prioritized path to mitigation.
• Manage security assessments for customers and potential customer audits.
• Define security indicators to ensure security controls are integrated into systems, networks, and applications.
• Establish dashboards to monitor current state and improvement over time.
• Communicate security metrics to Executive Team.

Required expertise, skills and experience

• A proven experience in a hands-on cybersecurity leadership role.
• Good technical knowledge on IT technologies (Active Directory, Firewalling and Networking, Microsoft Office 365, Virtualization environment).
• A first experience in industrial environment and ideally some knowledge on OT security.
• Good capacity to adapt to complex environments (multiple sites, different organizations, multiple Information Systems).
• Expertise in conducting risk assessments, vulnerability management, and incident response.
• Ability to build trusted relationships with stakeholders at all levels, and effective collaborations with other teams.
• High level of personal integrity, as well as the ability to handle confidential matters, and show an appropriate level of judgment and maturity.
• Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
• Strong customer focus — able to meet the demands of internal (Group IT) and external customers and stakeholders.
• Ability to communicate information security and risk-related concepts to both technical and non-technical audiences at all levels.
• Fluent oral and written English.

*PLEASE NOTE*

This role is remote first with a preference to be based in France, Netherlands or UK.