- Company Name
- Dijon, ville et métropole
- Job Title
- Une ou un Responsable de la Sécurité des Systèmes d'Information (RSSI)
- Job Description
-
**Job Title:**
Chief Information Security Officer (Head of Information System Security)
**Role Summary:**
Lead the security strategy and operations for the digital transformation of a metropolitan public administration and its surrounding communes. Define policy, manage risks, ensure compliance with data protection and cybersecurity regulations, oversee incident response, and promote security culture across multiple IT sites.
**Expectations:**
- Deliver a robust, compliant security posture aligned with strategic business objectives.
- Act as a senior advisor to executive management on risk, compliance, and emerging threats.
- Maintain the highest levels of data integrity, confidentiality, and availability.
- Foster continuous improvement through governance, monitoring, and training.
**Key Responsibilities:**
1. **Security Policy & Governance**
- Define, update, and enforce the information‑security policy in line with ISO 27001/27002, NIST, and local regulations (RGPD, RGS, NIS‑2).
- Lead governance forums (security steering committees, project reviews) to embed security into all initiatives.
2. **Risk & Vulnerability Management**
- Conduct risk assessments, maintain a dynamic risk register, and prioritize mitigation actions.
- Oversee vulnerability scanning, penetration testing, and OSINT monitoring.
3. **Compliance & Audit**
- Coordinate internal and external audits, interpret regulatory requirements, and recommend corrective actions.
- Manage incident reporting and escalation, ensuring timely communication to stakeholders.
4. **Continuity & Incident Response**
- Develop, test, and refine Business Continuity (BCP) and Disaster Recovery (DR) plans.
- Lead incident‑response teams during security events and drive post‑mortem analysis.
5. **Training & Awareness**
- Design and deliver security awareness programs for business units and management.
- Measure adoption and adjust messaging to maximize policy compliance.
6. **Strategic Partnerships**
- Collaborate with the Operational Security Lead (RSO) and IT project teams to integrate controls from conception through delivery.
- Stay abreast of emerging threats and industry best practices to inform roadmap decisions.
**Required Skills:**
- Strong command of information‑security frameworks and standards (ISO 27001, NIST CSF).
- Expertise in risk assessment, vulnerability analysis, and threat intelligence.
- Proven audit and compliance management experience (RGPD, RGS, NIS‑2).
- Incident‑response leadership and crisis communication skills.
- Excellent stakeholder management, influencing senior executives and diverse technical teams.
- Effective training design and delivery capabilities.
- Analytical mindset with data‑driven decision‑making.
**Required Education & Certifications:**
- Minimum Master’s degree (or equivalent) in Computer Science, Cybersecurity, Information Technology, or related field.
- Professional certifications strongly preferred: ISO 27001 Lead Implementer/Auditor, CISSP, CISM, or CRISC.
- Knowledge of French data‑protection and public‑sector cybersecurity regulations is mandatory.