Cyber Security Project Manager

Location

Bari | Italy

Job description

About Alstom We develop and market mobility solutions that provide the sustainable foundations for the future of transportation. Alstom’s products portfolio ranges from high-speed trains, metros, monorail, trams and e-buses to integrated systems, customized services, infrastructure, signalling and digital mobility solutions. Join our global community and help us create smart and sustainable innovations to meet the mobility challenges of today and tomorrow. An agile, inclusive and responsible culture is the foundation of our company. We are committed to encouraging our employees to reach their full potential, while valuing and respecting them as individuals. Why should you choose Alstom? To access technical and managerial career paths and leverage advanced paradigms and other cutting-edge technologies. The Role The selected candidate will work within the Group's international cybersecurity team, reporting directly to the head of the cybersecurity department. He/she will be responsible for managing and coordinating the development team, architects and consulting companies, for projects involving the design, creation and maintenance of cybersecurity aspects of Alstom's solutions. The resource will act transversally on projects and programmes for both validating cybersecurity solutions and defining architectures, within the Signalling Division. The figure will be the interface with the core project teams, supporting and team in their implementation. In particular, the Cyber Security Project Manager will have the opportunity to actively contribute to the protection of the industrial business services of the Group, supporting the definition and adoption of best security practices in the IT/OT field to ensure the most appropriate security level for the Group's environments. Activities: Be responsible for the security analysis of Alstom solutions and the definition of security requirements. Support the Security by Design and Vulnerability Management focal point of the group in executing processes within industrial sites and critical infrastructures, with the goal of ensuring security by design in projects by adopting best industry practices and supporting the definition of appropriate vulnerability remediation plans; Support the Cyber Security Governance & Strategy focal point in ensuring oversight of cybersecurity processes and controls in the OT field, supporting both the risk assessment process and addressing regulatory compliance aspects. Support the adoption of the security by design process and, in general, security in the life cycle of industrial systems. Apply methods and best practices of OT cybersecurity to the analysis and management of issues in the industrial field. Define, provide, and support the implementation of specialist requirements in IT/OT cybersecurity in project phases. Develop solutions, guidelines, and standards that can ensure the safety and cyber security of the Group's industrial contexts. Support the design, definition and implementation of secure industrial/network architectures and IT/OT integrations. Support the definition of corrective interventions and remediation plans in the Patch Management, Vulnerability Management, and Threat Intelligence processes. Support the management or escalation processes related to security events or issues in industrial environments. Educational and Professional Requirements University/ Engineer in degree level or equivalent experience\qualifications. Previous experience in security and risk management with a focus on security, performance and reliability. Understanding of main cybersecurity standards and regulations, such as: ISA/IEC 62443, TS 50701, ISO 2700X, NIST, NIS. Good knowledge of Cyber Security controls and their application with the aim of managing risks associated with industrial processes and services by implementing appropriate and cost-effective security solutions. Good knowledge in the enterprise domain of security processes such as Security by Design, Vulnerability Management, and Access Management." Understanding of System architecture. Experience in embedded or industrial systems and/or in System Engineering. Knowledge of cybersecurity risk assessment methodology. Knowledge of defence in depth techniques. Knowledge of recognized techniques for evaluating systems security and Intrusion testing techniques. Understanding of third-party auditing and risk assessment. Capacity to address high level (system) et low level (IT, Security technologies and Software design) and to design a cyber architecture is appreciated. Technical proficiency of Architecture concepts and techniques of systems and networks, operating systems and associated programming languages is appreciated. Cybersecurity certification such as ISA/IEC 62443 is appreciated. English excellent knowledge is mandatory. Ability to interact with a broad cross-section of personnel to explain and enforce security measures. Dynamic, autonomous. Creativity and ability to work in a complex environment. Synthesis spirit, excellent written and verbal communication skills complete the profile. Human Value is responsible for activities of Executive Search & Selection (Aut. Min. 7895/RS). Human Value guarantees equal opportunities (L. 903/77). Interested candidates, men and women, are invited to read the information about Privacy (art.13 of EU Regulation 2016/679) on

Job tags

Salary