Téléphone: (+33) 9 75 12 81 19 Email: contact@apessi.com

Project Cybersecurity Manager

Location: Saint OUen, France

Company: Alstom

The Railway industry today is characterized by both a strong and sustained growth across the world. The trends that drive this are well known: environmental challenges, population growth, urbanization and increasing demands of mobility. With 6B€ of Sales and over 30.000 employees based in nearly 60 countries, Alstom develop & market the most complete range of systems, equipment and services offered today in the railway sector, using more and more digital solutions. Today we offer our customers solutions that feature a seamless blend of diverse technologies, ensuring optimal interfaces, along with flexible implementation and real synergy in innovation.

 

INTRODUCTION

Alstom is a leading supplier of rolling stock, control systems for trains and metros in France and worldwide. These solutions must evolve today to respond to the potential cyber-attacks that can occur on our systems. All solutions, products and projects in progress are affected. Our Engineering Excellence Centers in Saint-Ouen, Bangalore, Melbourne FL, Sao Paulo, Charleroi and Bologna are moving towards a more digital approach and are looking for profiles that can analyze the risks involved, design cyber architectures and manage the cybersecurity activities on ongoing projects or programs.

ABOUT THE ROLE

Reporting to the Cybersecurity Delivery Manager, the Project Cybersecurity Manager role is to organize and manage the cybersecurity studies, design, verification and validation activities during the project execution.

 

ORGANIZATIONAL REPORTING

The Project Cybersecurity Manager is reported to the Project Manager and to the Region Cybersecurity Manager.

 

RESPONSABILITIES

The Project Cybersecurity Manager (PCyM) is the point of contact of the Project for cybersecurity related subjects. He is in charge of the following activities:

  • Establish the Cybersecurity Management Plan (CyMP) of the Project
  • Ensure that applicable security requirements, security rules (including laws and local regulations), security guidelines, security information, etc. are distributed to all personnel involved in the Project including personnel and subcontractors
  • Ensures availability of the necessary means (resource, competence and budget for the staffing of the cybersecurity activities in the Project)
  • Manage Cybersecurity Engineers: Cybersecurity Risks Analysts (CyRA) and Cybersecurity Designers (CyD); for the definition of the most efficient system architecture related to cybersecurity requirements of the contract
  • Obtain agreement from the Project Manager (PM), Platform Cybersecurity Manager and Region Cybersecurity Manager about targeted maximum residual risks level, cybersecurity risks to be addressed, security measures to be implemented
  • Verify that all parts of the Project organization, including subcontractors, perform their works according to the applicable security requirements, security rules, security guidelines, security information
  • Review the Cybersecurity Risk Analysis and the Cybersecurity Evaluation Report, evaluate project and business impacts of technical vulnerabilities identified as part of technological monitoring activities
  • Review deployment documents (Design, RAM, V&V) from a cybersecurity perspective
  • Define and follow-up action plans to close the cyber security issues
  • Ensure Cybersecurity awareness been propagated to Alstom team and suppliers
  • Organize the capture of experience feedback and the implementation of continuous improvement plans for Cybersecurity aspects

 

Note that the PCyM is a member of the Change Control Board (CCB), in charge of evaluating Cybersecurity related impact of Change Request (CR) and following them up to closure.

 

Within the framework of specific projects, for the activities of descent and return of the V cycle:

  • Responsible for Cost / Quality / Delay Deliverables Cybersecurity
  • To be the technical interface with the customer for the Cybersecurity domain

COMPETENCIES & SKILLS

  • Engineering Background
  • Knowledge of main Cybersecurity standards and regulations, such as: ISO 2700X, 62443, NIST, NIS, French LPM
  • Knowledge of some Cybersecurity solutions and areas

 

EDUCATIONAL REQUIREMENTS

Mandatory: University / Engineer in degree level – Master’s Degree

Desirable:  Cybersecurity certification such as:  GICSP, CISSP, GSEC, CISM, …

 

KNOWLEDGE/EXPERIENCE

Mandatory:

  • Experience with direct responsibility for hands on architecture, design, development
  • Experience related to Cybersecurity in general, deployment experience of security technologies.
  • QCD Management

 

Desirable:

  • Knowledge of Alstom Products & Solution Portfolio
  • Experience in embedded or industrial systems (railway / aeronautics …)

 

LOCATION OF THE ROLE

Saint-Ouen, France

 

CONTRACT TYPE / BONUS (OPTIONAL)

Permanent role (Local Contract)

Lieu