The post in a nutshell:
The Chief information security officer (CISO) manages the cybersecurity approach on an organizational and/or geographical perimeter within the organization. It defines or declines, depending on the size of the organization, the information systems security policy (prevention, protection, detection, resilience, remediation) and oversees its application. It provides advice, assistance, information, training and alerts, in particular to business managers and/or management within its scope. He ensures the implementation of solutions and operational processes to guarantee data protection and the level of security of information systems.
Depending on the size of the organization, he plays an operational role in the implementation of the IS security policy or manages a team.
Equivalent title: Information Systems Security Officer (OSSI), Information Systems Security Officer (FSSI), Head of Digital Trust (RCN)
- Define the axes and strategic objectives in terms of cybersecurity for its perimeter and have them validated by the competent management on it
- Identify the major security issues and risks within its scope
- Decline and maintain the IS security policy in collaboration with stakeholders
- Define an annual or multi-year action plan within its scope
- Define an investment policy with regard to security objectives
- Contribute to defining the organization of cybersecurity within its scope and lead it
- Follow regulatory and technical developments in your field
- Ensure relations with the players in its sector of activity around cybersecurity
- Organize the structures for steering safety action plans within the entities
- Define the organizational and technical measures to be implemented to achieve the security objectives
- Provide implementation support by providing technical and methodological assistance as well as security tools and services, possibly through a catalog of services
- Disseminate an ISS culture to users and decision-makers Ensure the promotion of IT security charters within its scope
- Evaluate the level of security within its scope, in particular through the performance of periodic audits and permanent controls
- Check that IS security policies and rules are applied within its scope and vis-à-vis third parties and subcontractors (third parties)
- Contribute to responding to requests from prospects and customers of the organization on security aspects (particularly in the context of calls for tenders)
Detect and respond:
- Take technical and/or organizational measures allowing the monitoring of security events, the assessment of security incidents and the reaction to attacks, ensure the establishment of a SOC (Security Operation Center)
Ensuring continuity and rebuilding
- Prepare and implement an IT continuity plan, as part of the business continuity plan (BCP)
- Prepare and implement an IT recovery plan, as part of the Business Resumption Plan (BRP)
- Propose the cyber-resilience strategy
- Report regularly to his hierarchy on the current level of IS security risk coverage Provide an advisory role to his hierarchy and the businesses within his scope
- Represent the organization in relations with regulatory authorities
- Propose the cyber-resilience strategy
Our advice: this position is open to women and men. Motivation and the desire to learn are the fundamental qualities for the success of your project. Don’t put a barrier on yourself, you can do it.
- Good knowledge of the organization’s challenges and professions
- Ability to build the organization’s cybersecurity strategy
- Ability to understand cybersecurity threats
- Knowledge of the information system and architecture principles
- Mastery of the fundamentals in the main fields of ISS
- Knowledge of security technologies and related tools
- Risk management, cybersecurity policy and ISMS
- Legal knowledge of IT law related to IS security and data protection Cyberdefence: knowledge of crisis management
- Knowledge of governance, norms and standards in the field of security: ISO standards (2700X), sector standards (PCI-DSS, etc.)
- Ability to influence
- Sense of general interest
- Team management
- Ability to report back to management
- Ability to work cross-functionally within the organization
- Ability to withstand pressure
- Ability to appropriate business issues
Description of the profession in the ANSSI directory
In organizations with industrial IS, there is generally an RSSI for the industrial perimeter. In organizations that develop products comprising IS, a CISO may be appointed (in this case, we can speak of a Product Security Officer (PSO)).
How to access into the job?
Education: Bac + 5 with a specialization in cybersecurity Professional experience: more than 5 years in the field of cybersecurity
Are you looking forward to long studies? Is your job goal to quickly lead multidisciplinary teams?
Or do you enjoy life on our campus so much that you want to stay forever?
The 5-year program is made for you.
The complete career guide
Condimentum lacinia quis vel eros donec ac odio. Nibh cras pulvinar mattis nunc sed blandit libero volutpat. Facilisis gravida neque convallis a cras semper auctor neque vitae.
Same field jobs
Our school provides training in 21 cybersecurity jobs, from technical to supervising positions, from IT operations to industrial systems security. Here is the list of jobs you will be trained for by attending one of our training programs.