Head of Cyber Security - Nouvelle-Aquitaine, France - MRJ Recruitment

Description

One of the Worlds leading food manufacturers, with sites in 10 countries across Europe, and a heritage of over 100+ years, has a brilliant new opportunity available: Group Cybersecurity Manager

Role intro

The Group has become the world's leading waffle and biscuit manufacturer via a large scale M&A strategy over the last few years. A key part of the company's growth strategy, is a large scale technology transformation with a new Cyber Security programme at the forefront of their current plans.
Working closely with the regional IT Directors and the Group board, the Group Cybersecurity Manager position is a newly created role with the remit to mitigate cybersecurity threats, ensure adequate organisational preparation for incidents and ensure a rapid recovery in event of an incident.

Strategy Definition

• Update and maintain the current Group cybersecurity strategy aligned with organizational objectives in order to protect our organization against evolving threats and risks
• Build an annual budget with the Group IT leadership. Build and defend business cases when required

Governance and Risk Management

• Establish and maintain a robust security governance framework
• Lead both the security steering committee and the security operational committee
• Ensure that disaster recovery and business continuity plans are in place and tested
• Identify, assess, and prioritize cybersecurity risks

Policies and Procedures

• Define and implement security policies, standards, and best practices to ensure compliance with industry regulations and maintain the highest level of security
• Develop and enhance information security management framework. Collaborate wit the Group IT teams to develop and agree on technology standards
• Review regularly security policies, standards and controls

Architecture, Assessments and Testing

• Is responsible for the choice of security systems and strategies based on industry frameworks and standards (e.g. NIST, ISO27001) for the IT and OT Group environments
• Oversee the implementation of secure systems and infrastructure, including cloud-based solutions, ensuring resilience, availability, and scalability
• Ensure regular security assessments, vulnerability scans, and penetration testing are conducted in order to identify and address potential security vulnerabilities

Incident and Crisis Management

• Coordinate Major security Incident with the Group IT teams
• Define and implement the incident response plan and responsible for its improvement
• Manage cybersecurity crisis, define group strategy response and arbitrate decision

Audit and Reporting

• Assess all audit findings, establishing a prioritized path to mitigation
• Manage security assessments for customers and potential customer audits
• Define security indicators to ensure security controls are integrated into systems, networks, and applications
• Establish dashboards to monitor current state and improvement over time
• Communicate security metrics to Executive Team

Required expertise, skills and experience

• A proven experience in a hands-on cybersecurity leadership role
• Good technical knowledge on IT technologies (Active Directory, Firewalling and Networking, Microsoft Office 365, Virtualization environment)
• A first experience in industrial environment and ideally some knowledge on OT security
• Good capacity to adapt to complex environments (multiple sites, different organizations, multiple Information Systems)
• Expertise in conducting risk assessments, vulnerability management, and incident response
• Ability to build trusted relationships with stakeholders at all levels, and effective collaborations with other teams
• High level of personal integrity, as well as the ability to handle confidential matters, and show an appropriate level of judgment and maturity
• Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives
• Strong customer focus — able to meet the demands of internal (Group IT) and external customers and stakeholders
• Ability to communicate information security and risk-related concepts to both technical and non-technical audiences at all levels
• Fluent oral and written English
• PLEASE NOTE*

This role is remote first with a preference to be based in France, Netherlands or UK.