Information Security Director H/F Alstom

Req ID:505192

At Alstom, we understand transport networks and what moves people. From high-speed trains, metros, monorails, and trams, to turnkey systems, services, infrastructure, signalling and digital mobility, we offer our diverse customers the broadest portfolio in the industry. Every day, more than 80 000 colleagues lead the way to greener and smarter mobility worldwide, connecting cities as we reduce carbon and replace cars.

JOB TITLE & JOB CODE

Job Title (Job code): Information Security Director

PURPOSE OF THE JOB

The Information Security Director is responsible for defining, implementing, and continuously improving Alstom's global security strategy across Digital Services.
This role ensures the Confidentiality, Integrity, and Availability of digital assets, and aligns security initiatives with business objectives and regulatory requirements.
This end-to-end strategic position encompasses the governance and identification of cybersecurity risks, the protection of Alstom digital assets, the detection of security events and the response to security incidents.

ORGANISATION

Organisation structure (job belongs to..)
DIGITAL SERVICES

Reports directly to:
Group Chief Information Security Officer

Other reporting to:
Dotted line reporting Position title if any

Direct reports: head of the following activities:

Governance Risk and Compliance
Cybersecurity Projects/Programs
Cybersecurity Architecture & Solutions
Security into Projects
Identity and Access Management
Security Operations Center
Product Security Service Center

Network & Links Position title of connected positions / functional report

Internal

Business Process Solutions
Operations Center
IT Infrastructures
Data and AI
Digital Platforms
Business Lines

External

Service providers
Technology vendors
Regulatory bodies (e.g. ANSSI)

MAIN RESPONSABILITIES

Describe here main information such as accountabilities, authorities, performance measurements ...etc.
Strategic Leadership

Define and maintain Alstom's Information Security mission, vision, strategy, and roadmap, in coordination with the Group CISO.
Align Information Security initiatives with Corporate objectives and Digital Transformation programs.
Contribute to global security governance and represent Information Security in executive committees.

Governance, Risk Management & Compliance

Maintain Alstom ISMS policies ensuring compliance with international standards (ISO 27001, NIS 2 and any applicable regulation).
Oversee Digital Services Cybersecurity Risk Management including Security Debt Management, Security Validation, and Third Parties Risk Management.
Improve Alstom Information Security awareness and culture.
Animate the global network of Security correspondents.

Projects/Programs/Crisis

Deliver Information Security project and program portfolio on time, on budget and on quality.
Lead the Information Security roadmap and budget management.
Ensure the Information Security Crisis processes and procedures are up to date and organization readiness.

Security into Projects

Oversee all Digital Services and Business led projects to ensuring compliance to Alstom ISMS requirements.
Perform projects risk assessments including Sensitivity assessment, Risk identification and recommendations with required measures.

Architecture & Solutions

Ensure Cybersecurity Solutions meet required efficiency and performance to mitigate the evolving threat landscape.
Supervise the design and deployment of secure architectures for IT and Industrial environments (labs and shopfloors).
Drive adoption of security patterns and standards across projects and platforms.
Manage the PKI Services.

Identity & Access Management (IAM)

Oversee and manage IAM for Mission and Business Critical Applications.
Manage the Alstom Identity and Access Governance solution (passport).
Manage the Alstom B2B IAM solution.
Oversee the Privilege Access Management including privilege access platform and PAM processes.

Security Operations

Lead global Information Security Operations, including SOC, VOC, Threat Intelligence and endpoint security.
Ensure robust security event detection, incident response and reaction.
Lead the Risk Based Vulnerability Management activities (RBVM).
Proactively identify threats relevant in Alstom environment.
Monitor KPIs and implement continuous improvement plans for security services.

Product Security Service Center

Deliver Vulnerability Assessment and Pen Tests (VAPT) Services for Alstom Products and Projects.
Manage and maximize adoption of the Alstom Static Code Analysis solution (SCA).
Lead the global Product and Solution Incident Response Team (PSIRT).
Lead the NIDS competency center for Railway projects.

People & Stakeholder Management

Build and mentor a high-performing Security team across multiple geographies.
Foster collaboration with IT domains, transverse functions, and business stakeholders.
Promote cybersecurity awareness and training programs across the organization.

MAIN REQUIRED COMPETENCES

Educational Requirements Describe the minimum educational requirement/level

Mandatory:

Master's degree in Information Security, Computer Science, or related field
Fluent in English

Desirable:

Certifications: CISSP, CISM, or equivalent

Experience Describe the knowledge and experience required for this role

Mandatory:

15+ years in cybersecurity roles
Proven experience in managing global programs and teams

Desirable:

Knowledgeable of identity governance, IAM, PKI
SOC management
Outsourcing and supplier management

Competencies & Skills Describe the needed skills (technical & behavioral)

Security Architecture
Security Operations
Risk Management
Familiarity with ISO 27001 and NIST frameworks
Soft Skills: Strategic thinking, leadership, communication, stakeholder engagement

You don't need to be a train enthusiast to thrive with us. We guarantee that when you step onto one of our trains with your friends or family, you'll be proud. If you're up for the challenge, we'd love to hear from you!

Important to note

As a global business, we're an equal-opportunity employer that celebrates diversity across the 63 countries we operate in. We're committed to creating an inclusive workplace for everyone.

Job Type:Experienced

Job Segment:
Information Security, Risk Management, Manager, Computer Science, Technology, Finance, Management