Information Security Compliance Analyst

The Information Security & Compliance Analyst (ISCA) is part of the Information Security Management System (ISMS) of the Group, managed by the Group Chief Information Security Officer (CISO).

 The ISCA acts on behalf of the CISO and is supporting forces for developing Information Security as defined by the Group and for participating in the Information Security deployment.

• Managing Global Information Security KPIs with the full support of Global IT and SOC/CERT teams.
• Ensuring global supplier security assessments following group procedures and with the full support of Legal & Compliance as well as Group IT teams.
• Maintaining the global repository of certifications & client requirements.
• Reviewing ISMS and Global IT procedures.
• Reviewing DRP controls & evidence.
• Following of technical vulnerability assessment / Security Scorecards and associated corrective measures.
• Conduct Security Audits within Expleo entities.
• Part of our Cyber Intelligence teal, alerting and following up cyber alerts and associated actions.
• Managing global incident response under the full accountability of the Group CISO.
• Provides advice and guidance.
• Escalates all necessary information to Group CISO.

The ISCA will also support Information Security activities by:

• Participating on Group Information Security strategy.
• Supporting the CISO on Group KPI definition.
• Supporting the CISO on Risk assessment process.
• Participating on the Information Security committees with the CISO and Local Information Security Officers (LISOs).
• Supporting CISO and LISOs in interface with other company functions (Legal, HR, Comm).
• Participating on the Security deployment into IT developments.
• Supporting Global IT procedures definition as well as dedicated client procedures.
• Participating & supporting on Security internal and external audits.
• Helping the CISO on following up of awareness program & associated content.

Bachelors degree in Computer Science.

• Ability to maintain and manage an internal organization in terms of Information Security.
• Strong knowledge of the entity’s organisation and its processing activities.
• Strong knowledge of management and lifecycle of projects.
• Strong knowledge of Information Security standards: ISO270001 and associated recommendations ISO27002.
• Strong knowledge of Risk Management: ISO27005, EBIOS.
• Strong knowledge over the implementation of ISMS.
• Good understandings of Information Technology & Cyber Security.
• Fluent English language skills.
• Ability to conduct, assess and monitor the implementation of Information risk management (assessment and mitigation measures).
• Ability to implement and facilitate a multidisciplinary governance, writing, synthesis, steering, animation, communication and planning skills.
• Accessibility and availability with the entity stakeholders.
• Ability to provide advice and recommendations for the implementation of Information Security requirements within Expleo’s organisation, with support from the CISO.

• 3 to 5 years in IT and Information Security.