Group CISO

MAIN MISSION

The final objective of a CISO is to protect an organization's information assets, including Operational Technology (OT), from cyber threats while aligning with its business goals. This includes managing risks, developing and enforcing security policies, and implementing robust security measures. The CISO ensures compliance with regulations, handles incident response, and promotes security awareness among employees. They also oversee third-party security practices and continuously improve security strategies to adapt to evolving threats. Ultimately, the CISO aims to create a secure environment that protects the organization's assets, reputation, and operational continuity.

ACTIVITIES

* Risk Management: Identify, assess, and mitigate information security risks specific to ECCBC's bottling operations, including both IT and Operational Technology (OT), to protect the company’s assets, data, and supply chain
* Policy Development and Enforcement: Develop, implement, and enforce security policies, procedures, and standards tailored to ECCBC's industry, ensuring compliance with legal, regulatory, and contractual requirements, such as ISO27001, ISO22301, and NIST standards. Ensure the implementation of the company's security policy
* Security Architecture: Contribute to and support the design and maintenance of a robust security infrastructure in collaboration with the BTS Infrastructure Manager. This includes advising on the implementation of firewalls, intrusion detection systems, encryption, and securing OT environments
* Incident Response: Develop and manage an incident response plan to swiftly address and recover from security breaches that could impact ECCBC's operations and supply chain, including both IT and OT systems. Coordinate the management and monthly review of security incidents (anticipation and evolution of risks)
* Compliance: Ensure ECCBC adheres to relevant laws, regulations, and industry standards, including those related to food safety (e.g., ISO22000), data protection (e.g., GDPR), and supply chain security. Guarantee compliance with data collection and processing laws (Data Privacy)
* Security Awareness and Training: Promote a culture of security awareness among ECCBC employees through regular training and education. Ensure that stakeholders (HR, operational staff, etc.) complete declarations related to personal data processing. Raise awareness among company stakeholders (trainers, general resources) about following procedures and ensure adherence through audits. Ensure that production teams are continuously made aware of security protocols.
* Third-Party Management: Oversee the security practices of third-party vendors and partners, ensuring they comply with ECCBC’s security requirements to protect the integrity of the supply chain and production process
* Continuous Improvement and Innovation: Regularly review and update ECCBC’s security measures to adapt to evolving threats and technologies, fostering innovation in cybersecurity solutions to enhance the protection of production and distribution systems
* Business Alignment: Ensure that security strategies support ECCBC’s business objectives, enhancing operational efficiency and maintaining uninterrupted production and distribution
* Audit and Compliance Management: Coordinate and conduct regular security audits, including KO audits, supplier audits, and compliance reviews to identify and address vulnerabilities within ECCBC’s production and distribution networks, including OT systems. Ensure regular evaluation and auditing/controls of IT systems in accordance with the audit plan and regular follow-up on action plans resulting from audits. Coordinate compliance and/or certification projects related to security: ISO27001, PCI-DSS, security solutions, etc.
* Incident Coordination: Lead the coordination of security incidents affecting ECCBC’s information and OT systems, ensuring a timely and effective response to minimize the impact on operations
* User Access Management: Ensure that user access (user accounts) is conducted in accordance with established processes
* Fraud Management: Oversee the monitoring and management of customer alerts and suspicions of fraud
* Risk Analysis and Remediation: Analyze and consolidate risks within their scope and ensure that their team identifies remediation plans. Develop and monitor prevention and remediation plans
* Team Leadership: Manage and lead ECCBC’s operational security team, ensuring effective performance, continuous development, and alignment with the company’s strategic goals
* Communication and Assistance: Ensure awareness, advice, and assistance to IT/OT teams. Coordinate the posting and updating of the list of evacuators and first aid responders

EDUCATIONAL AND OTHER SPECIFIC TRAINING REQUIREMENTS

* Engineering degree or equivalent in the field of information systems or Information Security
* Master degree in Information Security is a nice to have
* ISO27001 certification
* NIST, GDPR & Data Protection Laws implementation and/or Audits certifications are strongly recommended
* Fluent in English and French

AREAS OF EXPERTISE AND YEARS OF EXPERIENCE:

* Minimum of 10 years of experience, including 5 years in a similar position, preferably in an international environment
* Expertise in Security implementations and Audits,
* Desirable knowledge in Industry Environment
* Desirable knowledge in managing cross-functional teams
* Extensive experience in leadership and relationship management
* Expert in Operation Security, Information Security, CyberSecurity and CyberResilience management principles involved in strategic planning

PERFORMANCE INDICATORS:

* Average time taken to detect, respond to, and resolve security incidents.
* Percentage of compliance with relevant legal, regulatory, and industry standards
* Number of open vulnerabilities and average time to remediate them
* Percentage of employees who have completed security awareness training
* Number of identified risks and percentage of mitigated risks

ECCBC BUSINESS ENABLERS

* Self-leadership
* Collaborative Leadership
* Customer Orientation
* Drive for Results
* Strategic Thinking
* Information Security Management
* Risk Management
* Incident Response and Management
* Compliance and Governance
* Audit and Compliance Management
* Communication and Stakeholder Management
* Security Awareness and Training
* Project Management
* Analytical and Problem-Solving
* Compliance and Legal Acumen

SOFT SKILLS & LEADERSHIP COMPETENCES

* Feedback & Coaching
* Managing 360º expectations
* Setting Goals for others
* Story Telling
* Empowering people