IT Governance Specialist

At Alstom, we understand transport networks and what moves people. From high-speed trains, metros, monorails, and trams, to turnkey systems, services, infrastructure, signalling and digital mobility, we offer our diverse customers the broadest portfolio in the industry. Every day, 80,000 colleagues lead the way to greener and smarter mobility worldwide, connecting cities as we reduce carbon and replace cars.

Could you be the full-time IT Risk Expert in our Information Security & SecOps department we’re looking for?

Educational Requirements

Mandatory:

• Bachelor’s/Master’s degree
• 3 to 5 years of advanced IT skills with high level experience in information security governance, information security risk management and ISO 27001 implementation
• Language: English

Desirable:

• FAIR Risk Management
• ISAE3000/SOC2
• IEC 62443
• European Regulations (EU GDPR, NIS2)

Experience

Mandatory:

• Ability to identify and document specific security issues, propose resolution options, and interpret matters from the perspective of involved stakeholders
• Ability to develop security standards and guidelines based on best practices and industry standards
• Understanding of common security standards and regulations (e.g., ISO27001, ISO27005, MITRE, etc.)

Desirable:

• Knowledge of information security risk management frameworks and compliance practices
• Experience with Security and Process Maturity Assessment

Competencies & Skills

• Expertise: In-depth knowledge of the ISO 27001 standard and its requirements, along with experience in implementing, maintaining, and auditing Information Security Management Systems (ISMS).
• Professionalism: Has strong knowledge of Information security regulations in consonance to EU Regulations.

• Communication: Strong skills in both written and oral levels, with the ability to adapt technical message depending on the audience Managers of Information Security & SecOps Department teams, Security Control Owners, Solution Architecture Tower Leads, Product & Solutions Cybersecurity managers. The ability to translate ISO 27001 control requirements in accordance to business requirements.

• Collaboration and partnership: Build and maintain collaboration with colleagues from different work environments and takes part of a collaborative network 
• Project coordination: Ability in planning and following various activities with diverse teams
• Systematic: Works logically, considers options and sets clear and measurable targets which balance competing priorities. 
• Drive for Results: Takes personal accountability for results and commitments, and ability to measure and improve performance
• Flexibility: Able and willing to adapt and to work effectively within a variety of diverse situations, and with diverse individuals or groups. Participate in multiple projects and tasks, with constantly changing priorities and evolving issues.
• Discretion: Ability to deal with sensitive and confidential issues using developed discretion and judgment, while maintaining independence and objectivity.
• Business acumen: experience on transportation or railway industries is a plus
• Ability to communicate cybersecurity and technology risks effectively
• Resourceful, creative and highly self-motivated, self-directed, and attentive to detail
• Excellent interpersonal, communication, leadership, motivational, organizational, and planning skills

Important to note

As a global business, we’re an equal-opportunity employer that celebrates diversity across the 63 countries we operate in. We’re committed to creating an inclusive workplace for everyone.