Information Security Director

Select how often (in days) to receive an alert:

Company: Alstom

At Alstom, we understand transport networks and what moves people. From high-speed trains, metros, monorails, and trams, to turnkey systems, services, infrastructure, signalling and digital mobility, we offer our diverse customers the broadest portfolio in the industry. Every day, more than 80 000 colleagues lead the way to greener and smarter mobility worldwide, connecting cities as we reduce carbon and replace cars.

• The Information Security Director is responsible for defining, implementing, and continuously improving Alstom’s global security strategy across Digital Services.
• This role ensures the Confidentiality, Integrity, and Availability of digital assets, and aligns security initiatives with business objectives and regulatory requirements.
• This end-to-end strategic position encompasses the governance and identification of cybersecurity risks, the protection of Alstom digital assets, the detection of security events and the response to security incidents.

Reports directly to: Group Chief Information Security Officer

Other reporting to: “Dotted line reporting” Position title if any

Direct reports: “head of” the following activities:

• Governance Risk and Compliance
• Cybersecurity Projects/Programs
• Cybersecurity Architecture & Solutions
• Security into Projects
• Identity and Access Management
• Security Operations Center
• Product Security Service Center

Position title of connected positions / functional report

• Business Process Solutions
• Operations Center
• IT Infrastructures
• Data and AI
• Digital Platforms
• Business Lines

• Service providers
• Regulatory bodies (e.g. ANSSI)

Describe here main information such as accountabilities, authorities, performance measurements …etc.

• Define and maintain Alstom’s Information Security mission, vision, strategy, and roadmap, in coordination with the Group CISO.
• Align Information Security initiatives with Corporate objectives and Digital Transformation programs.
• Contribute to global security governance and represent Information Security in executive committees.
• Maintain Alstom ISMS policies ensuring compliance with international standards (ISO 27001, NIS 2 and any applicable regulation).
• Oversee Digital Services Cybersecurity Risk Management including Security Debt Management, Security Validation, and Third Parties Risk Management.
• Improve Alstom Information Security awareness and culture.
• Animate the global network of Security correspondents.

• Deliver Information Security project and program portfolio on time, on budget and on quality.
• Lead the Information Security roadmap and budget management.
• Ensure the Information Security Crisis processes and procedures are up to date and organization readiness.

• Oversee all Digital Services and Business led projects to ensuring compliance to Alstom ISMS requirements.
• Perform projects risk assessments including Sensitivity assessment, Risk identification and recommendations with required measures.

• Ensure Cybersecurity Solutions meet required efficiency and performance to mitigate the evolving threat landscape.
• Supervise the design and deployment of secure architectures for IT and Industrial environments (labs and shopfloors).
• Drive adoption of security patterns and standards across projects and platforms.
• Manage the PKI Services.

• Oversee and manage IAM for Mission and Business Critical Applications.
• Manage the Alstom Identity and Access Governance solution (passport).
• Manage the Alstom B2B IAM solution.
• Oversee the Privilege Access Management including privilege access platform and PAM processes.

• Lead global Information Security Operations, including SOC, VOC, Threat Intelligence and endpoint security.
• Ensure robust security event detection, incident response and reaction.
• Lead the Risk Based Vulnerability Management activities (RBVM).
• Proactively identify threats relevant in Alstom environment.
• Monitor KPIs and implement continuous improvement plans for security services.

• Deliver Vulnerability Assessment and Pen Tests (VAPT) Services for Alstom Products and Projects.
• Manage and maximize adoption of the Alstom Static Code Analysis solution (SCA).
• Lead the global Product and Solution Incident Response Team (PSIRT).
• Lead the NIDS competency center for Railway projects.

• Build and mentor a high-performing Security team across multiple geographies.
• Foster collaboration with IT domains, transverse functions, and business stakeholders.
• Promote cybersecurity awareness and training programs across the organization.

Educational Requirements: Describe the minimum educational requirement/level

• Master’s degree in Information Security, Computer Science, or related field
• Certifications: CISSP, CISM, or equivalent

Describe the knowledge and experience required for this role

• 15+ years in cybersecurity roles
• Proven experience in managing global programs and teams
• Knowledgeable of identity governance, IAM, PKI
• SOC management
• Outsourcing and supplier management

• Security Architecture
• Security Operations
• Familiarity with ISO 27001 and NIST frameworks
• Soft Skills: Strategic thinking, leadership, communication, stakeholder engagement

You don’t need to be a train enthusiast to thrive with us. We guarantee that when you step onto one of our trains with your friends or family, you’ll be proud. If you’re up for the challenge, we’d love to hear from you!

Important to note

As a global business, we’re an equal-opportunity employer that celebrates diversity across the 63 countries we operate in. We’re committed to creating an inclusive workplace for everyone.