Information Systems Security Manager North America

Safran est un groupe international de haute technologie opérant dans les domaines de l'aéronautique (propulsion, équipements et intérieurs), de l'espace et de la défense. Sa mission : contribuer durablement à un monde plus sûr, où le transport aérien devient toujours plus respectueux de l'environnement, plus confortable et plus accessible. Implanté sur tous les continents, le Groupe emploie collaborateurs pour un chiffre d'affaires de 27,3 milliards d'euros en 2024, et occupe, seul ou en partenariat, des positions de premier plan mondial ou européen sur ses marchés. Safran est la 2ème entreprise du secteur aéronautique et défense du classement « World's Best Companies 2024 » du magazine TIME. Safran Landing Systems est le leader mondial des fonctions d'atterrissage et de freinage pour aéronefs. Son expertise couvre l'ensemble du cycle de vie de ses produits, de la conception et la fabrication jusqu'à la maintenance et la réparation. Partenaire de plus de 25 avionneurs dans les domaines du transport civil, régional et d'affaires ainsi que dans le domaine militaire, Safran Landing Systems équipe plus de aéronefs et ses équipements effectuent plus de atterrissages quotidiens.

Descriptif mission

• Enforcement of Safran Security strategy, policies, standards and procedures - Leading the Worldwide initiative to achieve NIST and CMMC compliance - Management of all security incidents effecting North American sites - Recommending security projects to address vulnerabilities - Ensuring effective management of all security equipment/solutions utilized by the North American sites - Working with other IS groups, the incumbent will also be responsible for all required security documentation, policy enforcement and approvals of systems/projects from a security perspective. - Establishing themself as the Security authority and provide guidance to other departments such as Compliance, Programs, Commercial, Engineering, Operations and IS for all security related topics External Information System Security compliance Responsible for leading all worldwide initiatives related to customer or regulatory compliance related to CMMC, NIST or other US DoD requirements. Responsible for defining the scope of projects required to meet customer or regulatory needs at the North American sites. Responsible for creating the security design proposals and presenting these proposals to the Chief Information Security Officer to gain approval. Responsible for approving all required technical architecture documentation, network diagrams, information flow diagrams, security sheets, change controls, DRP Documents, trainings or hand-over documentation to support a security project transition into production. Participate in all security related project steering committees, ensuring security compliance and ensuring security projects are completed in line with customer or regulatory deadlines. Preparing presentations to present customer or regulatory status and to present this status to IS Management and Senior Executive team. Internal Information System Security Compliance: As Information System security referent, working with customers, regulatory authorities or Global IS security group to ensure security compliance at the North American sites. Responsible for definition of all security projects required to meet the required compliance levels. Responsible for definition, application and enforcement of IS security policy as well as development of all required security documentation needed to support the process. Responsible for reviewing/authorizing infrastructure design proposals, advising the global CISO about the proposals and providing guidance to IS project teams from a security perspective. Responsible for auditing of security systems/solutions and reporting of audit results as requested by the Global CISO.

5-7 years of experience in a similar role and at a similar level A recognized University degree, preferred in Computer Engineering, Computer Science, Industrial Engineering - Excellent problem-solving skills. - Experience in various IT/IS disciplines, technologies, and platforms (Infrastructure, networking, firewalls, communication protocols, databases and mobility). - Experience with implementing/managing security for applications, IS infrastructure, Active Directory or cloud based solutions (in particular AWS / GOV Cloud). - Working knowledge of mainstream Firewall technologies - Specific experience with ISO 27k, NIST SP or CMMC standards and implementation of said standards. - Knowledge of industrial domain security related to manufacturing facilities. - Excellent communication skills. - Innovative mindset and persistence. - Decision making skills. - Planning and organization - Analytical Skills. - Customer service and continuous improvement mindset. - Technical Writing Skills. (Specifically related to IS projects) - Teamwork - Ability to concurrently project manage a diverse list of items. - Able to collect and translate business requirements. - Flexibility, ability to change focus and adopt to changing corporate priorities. - Time Management skills. - Excellent communication skills required for interactions with target audiences from end users to IS Management, with IS personnel at other SLS sites, suppliers, contractors or customers - Must be able to meet Services Canada CGR requirement to a NATO level clearance. All items listed below will be considered an asset: - CISSP, CISM or equivalent specialized training - Security accreditations in AWS / Gov Cloud, Cisco, Microsoft etc. - Good working knowledge of Windows operating systems. - Good working knowledge of networking concepts including an understanding of TCPIP and the OSI networking model. Specialized knowledge in networking and computer hardware listed below: - Common security firewalls and network devices - Remote working solutions - Database security. - Network VLAN methodologies - Certificate management - IP Phone System security - UNIX/Linux Operating system security - Specific knowledge of implementing requirements to satisfy NIST SP or CMMC Level 2 standards. - Specialized knowledge with ensuring security of (IaaS/PaaS/SaaS) cloud solutions on either AWS / Gov Cloud or Azure platforms. - French language proficiency