Location

Full remote from Europe 

When

To start asap - 1 year contract 

Mission Description

We are seeking a skilled and experienced "Security In Projects" consultant. This role will focus on conducting comprehensive cybersecurity and compliance risk assessments on new projects within our organization, ensuring that all initiatives align with our security policies/standards and compliance requirements. It requires strong analytical and technical skills, a global understanding/knowledge of organizational and technical security best practices, and the ability to communicate effectively with project teams.

Key responsibilities:

1) Risk Assessment:

-Conduct thorough risk assessments for projects, identifying potential security vulnerabilities and compliance issues.

-Identify the risks inherent to the project based on the CIA criteria (Confidentiality, Integrity, Availability).

-Define security measures to be implemented as part of the project in order to reduce the risks identified.

-Review the project technical documentation (High Level Design / Low Level Design) to confirm the effective implementation of these security measures, prior to the deployment.

-Follow up with security exceptions in case of non compliance with Solvay policies/standards.

2) Cross-Functional Collaboration:

-Work closely with project managers, and other stakeholders (Procurement, Vendor Management, Data Privacy Office, CISO Office, etc.) to integrate security considerations throughout the project lifecycle.

3) Vendor assessment:

-Evaluate the cybersecurity maturity of third parties using the CyberSecurity Requirements Exhibit (CSRE).

-Provide a global score of third parties based on this evaluation.

-Identify any major deviation with Solvay’s requirements.

-Create the final security annex to be signed off by the vendors in order to have their contractual engagement.

-Analyze vendor’s SOC2 Type II report to evaluate their cybersecurity posture.

4)Process Communication and Improvement:

-Stay updated on industry trends, threats, and best practices related to project security and compliance.

-Contribute to the continuous improvement of the security assessment process, tools, and methodologies.

-Contribute to the Security Testing (pentest/DAST/configuration audit) RFP and the deployment of the service within the SIP.

-Establish an operational process aiming the post-production/periodical assessment of services and applications.

-Communicate regularly within our organization about the SIP methodology.

-Inform people about any process changes or improvement, ensuring that all teams understand and follow the latest SIP process.

5)Change Management:

-Review all major changes presented to the Change Advisory Board (CAB) from a cybersecurity perspective.

6)Other:

-Assist the SIP Service Owner in various cross-functional activities and initiatives critical to the SIP process.

Education and experience:

-Education: Master’s degree in Cybersecurity, Information Technology, or a related field.

-Experience: Minimum of 5 years experience in cybersecurity risk assessment, auditing IT security controls across enterprise IT systems and platforms.

-Relevant certifications (e.g. ISO27001, EBIOS RM, CISM, CISSP) are highly appreciated.

-Good understanding of security frameworks (e.g. NIST, ISO 27001) and compliance regulations (e.g. GDPR, HIPAA, Export Control, Dual Use).

Skills and behavioral competencies:

-Result orientation, influence and impact.

-Excellent analytical and problem-solving skills, with a keen attention to detail.

-Excellent verbal and written communication skills, with the ability to present complex information clearly and concisely.

-Understanding of cybersecurity principles, best practices, and frameworks.

-Strong understanding of IT systems, network security, and data protection principles.

-Ability to work collaboratively with cross-functional teams and manage stakeholder expectations.

-High organizational skills with the ability to manage multiple tasks simultaneously.

-Analytical Skills: Ability to analyze complex vendor proposals and make data-driven decisions.

Language skills:

-French

-English (mandatory)

What’s in it for the candidate ?

-Gain experience in risk assessment and management within project environments.

-Good understanding of security frameworks (e.g., NIST, ISO 27001) and compliance regulations (e.g., GDPR, HIPAA, Export Control).

-A collaborative and innovative work environment.