Region Security Director

Region Security Director

- - - - - - - - - - - -

KEY EXPECTED ACHIEVEMENTS

As part of his/her main mission:

• The Group's security policy is adapted to the Region's specific characteristics.

• The regulations applicable to his/her scope and areas are known and analyzed. Compliance measures are implemented where necessary.

• Threats specific to the Region are identified, anticipated & reduced to acceptable level in his/her areas of responsability: Assets, Information and Know-how Protection, Travel, Expatriations & Events, Malicious acts against sites & employees.

• An analysis of the risks within its perimeter is carried out and shared with the Region Management Team and DCAPP. Its result is incorporated into the Region's risk map.

• Risk prevention and protection measures are deployed in the event of a security incident.

• Incidents are analyzed to learn from experience.

• The mobilization of the network of RGEPs and Site Security Specialists enables the effective deployment of prevention and protection policies and measures.

• Training and awareness-raising initiatives required in these areas are identified and launched with the support of the local Competency Managers (LCM) and Learning & Development (RL&D) network in the region.

• Assessments are carried out to guarantee an acceptable level of security, in compliance with the regulations and Group policies.

As the single point of contact for the Region Management Team for other DCAPP areas:

• Recommendations and guidelines are communicated to the Region Management Team at the request of the IS Security Manager Region or Time Zone, Time Zone Environment & Prevention Manager (TZEP) and Health Coordinator.

• Specific requests from the Region Management Team in these areas are collected and forwarded to them.

As a permanent member of the Ethics Committee Region and the Ethic Point Region, by delegation of the Region Director:

• Procedures and deadlines for handling reports are respected.

• Investigators are appointed and their suitability in terms of area of expertise and independence is verified.

• Investigations led by the RSR or under his/her supervision are conducted diligently.

• The quality of the ethical investigations is verified and guaranteed, including their potential admissibility by the authorities, for all the investigations OR only those that fall within the security perimeter (depending on the decision between DCAPP and Compliance).

• The cases provided for in the procedures are effectively presented to the Ethics Committee Region.

As part of crisis management:

• He/she participates or is represented in Region crisis cells for crises falling within his/her areas of responsibility.

In the context of Cyber Security:

• Training/awareness-raising on cyber risks and threats (in particular those required by the Group) are identified and their level of completion is monitored and shared with the Region Management Team.

• Physical threats to IS/IT infrastructures are identified.

• an analysis of the physical risks to IS/IT infrastructures is carried out.

• Physical protection of IS/IT infrastructures is defined, operational and monitored.

If he/she is managing a team:

• His/her team is managed.

• The development of team members is ensured.