Information security officer – Inspections et incidents – H/F
Auchan Retail International – ARI – is hiring an Information Security Officer (M/F) – ISO in charge of its "Inspection & Incidents" domain within the International Cybersecurity Team.
About Auchan Retail International cybersecurity strategy
Auchan Retail cybersecurity strategy is endorsed by top management. Cybersecurity is named as a mandatory component of the information system.
As a consequence, ARI Cybersecurity team
- Maintains the international cybersecurity framework (the rules)
- Delivers operational cybersecurity services (e.g. vulnerability scanner, EDR, SOC), mainly as a service center
- Monitors and report global cybersecurity posture
- Operates the cybersecurity of the international components technically under Auchan Retail International responsibility
About Auchan Retail’s Corporate digital security team
Please trust us, we are a funny team of 30 people… This well being is confirmed each week with our famous lunch where we will remind you to pay for a glass if you forget it 😉
This funny team is organized in matrix with 2 "IT delivery" departments and 4 "security departments"
- Operations domain, in charge on delivering the right quality of the operational service we deliver (e.g. ensure IAM availability is compliant with SLAs)
- Projects domain, in charge of deploying the IT solutions wherever it’s planned to be deployed (e.g. ensure IAM is deployed in each and every BU)
- Governance, Risk a Compliance domain, in charge of the management of the global cybersecurity framework, resiliency, awareness & change management
- People & Identity, in charge of digital identity lifecycle management for all employees
- Infrastructure security, in charge of infrastructure hardening and monitoring of cybersecurity posture (protect)
- Inspection & Incidents, in charge of monitoring of threats, detection and reaction to cybersecurity incidents (detect & react)
- You are part of CISO board. As a security expert with management skills,
- You develop and deliver a vision, aligned with the cybersecurity policy
- You are owner of the processes required to make this vision happen (i.e. cybersecurity incidents management process)
- You manage the products owners, you approve the products roadmap and you ensure an appropriate change management is implemented, in collaboration with the business units – Your scope includes pentests, attack surface monitoring, EDR, SOC, CERT, Threat Intelligence, DLP
- You manage the security experts in charge of theses processes & products
- You ensure that the company is ready to manage the cybersecurity incidents and be ready to respond (processes, procedures, crisis management, red team)
- You ensure that both the processes and tools are deployed and efficient (in collaboration with project & operations departments) and report KPIs
- You support the interested parties in understanding the cybersecurity policy, the risks and the mitigation options, in particular with CTO and BU teams
As member of CISO Board, you, you have additional responsibilities
- You own and manage your budget (~2M€) and reports the well use of this budget according to Auchan Retail management control rules
- You manage the relationship with key partners, in particular those delivering services to your domain (e.g. SOC)
- You actively participate to international community by providing operational guidance
In this job position, you won’t perform the technical activities by yourself (we’re not hiring a pentester) but you’ll have to manage people who will do it for Auchan Retail. Even if you do not do it, we expect from you sufficient skills to be able to challenge parties.
You will do your job in an international environment, working daily with business units over the world.