Information Security officer
Apply and enforce the information security policy across the entire IT environment.
Conduct periodic security controls: access reviews, configuration checks, patch compliance verification, etc.
Plan and coordinate penetration tests and vulnerability scans, track non-conformities and implement remediation plans.
Interact with the Security Operations Center (SOC).
Monitor and manage security-related ticketing.
Define and track security KPIs to measure the performance and maturity of the information system.
Identify security gaps in relation to internal and external standards and propose continuous improvement plans, in coordination with business and technical teams.
Recommend and implement security solutions adapted to project needs (authentication mechanisms, API security, encryption, network segmentation, etc.).
Support the security of new IT and business projects (risk analysis, secure architecture, compliance checks).
Coordinate and follow up on internal, external, and regulatory audits (ISO 2700X, GDPR, DORA, CSSF circulars, etc.).
Manage the full lifecycle of digital certificates: creation, renewal, expiration tracking.
Ensure secure exchanges with clients and partners.
Contribute to security incident management: analysis, response, communication, and post-incident review.
Maintain an active watch on threats, vulnerabilities, and security technologies.
Prepare reports and dashboards for the CISO and relevant stakeholders.
Competencies required
Master's degree (or equivalent BAC+4/5) in Cybersecurity, Computer Science, or Information Systems.
At least 5 years of experience in a similar role.
Solid knowledge of security frameworks (ISO 2700X, NIST, CIS Controls) and regulatory requirements (GDPR, DORA, CSSF circulars).
Proficiency with security technologies and tools: SIEM, EDR, MFA, IAM/PAM, DLP, sonarqube, Nexus.
Ability to identify improvement opportunities and lead practical remediation initiatives.
Strong analytical skills, rigor, autonomy, and the ability to interact with both technical and non-technical profiles.
Excellent communication skills in French and English.