Information Security Director

At Alstom, we understand transport networks and what moves people. From high-speed trains, metros, monorails, and trams, to turnkey systems, services, infrastructure, signalling and digital mobility, we offer our diverse customers the broadest portfolio in the industry. Every day, more than 80 000 colleagues lead the way to greener and smarter mobility worldwide, connecting cities as we reduce carbon and replace cars.

Job Title (Job code): Information Security Director

• The Information Security Director is responsible for defining, implementing, and continuously improving Alstom’s global security strategy across Digital Services.
• This role ensures the Confidentiality, Integrity, and Availability of digital assets, and aligns security initiatives with business objectives and regulatory requirements.
• This end‑to‑end strategic position encompasses the governance and identification of cybersecurity risks, the protection of Alstom digital assets, the detection of security events and the response to security incidents.

DIGITAL SERVICES

Group Chief Information Security Officer

“Dotted line reporting” Position title if any

• Governance Risk and Compliance
• Cybersecurity Projects/Programs
• Cybersecurity Architecture & Solutions
• Security into Projects
• Identity and Access Management
• Security Operations Center
• Product Security Service Center

• Business Process Solutions
• Operations Center
• IT Infrastructures
• Data and AI
• Digital Platforms
• Business Lines

• Service providers
• Technology vendors
• Regulatory bodies (e.g. ANSSI)

• Define and maintain Alstom’s Information Security mission, vision, strategy, and roadmap, in coordination with the Group CISO.
• Align Information Security initiatives with Corporate objectives and Digital Transformation programs.
• Contribute to global security governance and represent Information Security in executive committees.

• Maintain Alstom ISMS policies ensuring compliance with international standards (ISO 27001, NIS 2 and any applicable regulation).
• Oversee Digital Services Cybersecurity Risk Management including Security Debt Management, Security Validation, and Third Parties Risk Management.
• Improve Alstom Information Security awareness and culture.
• Animate the global network of Security correspondents.

• Deliver Information Security project and program portfolio on time, on budget and on quality.
• Lead the Information Security roadmap and budget management.
• Ensure the Information Security Crisis processes and procedures are up to date and organization readiness.

• Oversee all Digital Services and Business led projects to ensuring compliance to Alstom ISMS requirements.
• Perform projects risk assessments including Sensitivity assessment, Risk identification and recommendations with required measures.

• Ensure Cybersecurity Solutions meet required efficiency and performance to mitigate the evolving threat landscape.
• Supervise the design and deployment of secure architectures for IT and Industrial environments (labs and shopfloors).
• Drive adoption of security patterns and standards across projects and platforms.
• Manage the PKI Services.

• Oversee and manage IAM for Mission and Business Critical Applications.
• Manage the Alstom Identity and Access Governance solution (passport).
• Manage the Alstom B2B IAM solution.
• Oversee the Privilege Access Management including privilege access platform and PAM processes.

• Lead global Information Security Operations, including SOC, VOC, Threat Intelligence and endpoint security.
• Ensure robust security event detection, incident response and reaction.
• Lead the Risk Based Vulnerability Management activities (RBVM).
• Proactively identify threats relevant in Alstom environment.
• Monitor KPIs and implement continuous improvement plans for security services.

• Deliver Vulnerability Assessment and Pen Tests (VAPT) Services for Alstom Products and Projects.
• Manage and maximize adoption of the Alstom Static Code Analysis solution (SCA).
• Lead the global Product and Solution Incident Response Team (PSIRT).
• Lead the NIDS competency center for Railway projects.

• Build and mentor a high-performing Security team across multiple geographies.
• Foster collaboration with IT domains, transverse functions, and business stakeholders.
• Promote cybersecurity awareness and training programs across the organization.

Master’s degree in Information Security, Computer Science, or related field

Fluent in English

15+ years in cybersecurity roles

Proven experience in managing global programs and teams

• Security Architecture
• Security Operations
• Risk Management
• Familiarity with ISO 27001 and NIST frameworks
• Soft Skills: Strategic thinking, leadership, communication, stakeholder engagement

You don’t need to be a train enthusiast to thrive with us. We guarantee that when you step onto one of our trains with your friends or family, you’ll be proud. If you’re up for the challenge, we’d love to hear from you!

As a global business, we’re an equal‑opportunity employer that celebrates diversity across the 63 countries we operate in. We’re committed to creating an inclusive workplace for everyone.