Chief information security officer (CISO) - SMB / VSB
To identify cyber issues and risks but also to decline and maintain the strategic policy.
The post in a nutshell:
Within an SMB / VSB, the function of Chief information security officer is not a dedicated position and the missions and activities can be carried out by the CIO, the IT manager, an administrator, an operator or well an IT project manager. The essential activities and tasks that must be carried out by one or more people in the organization are described below.
Equivalent title: Information Systems Security Officer (OSSI), Information Systems Security Officer (FSSI), Head of Digital Trust (RCN)
- Identify security risks on its perimeter
- Define and maintain the IS security policy
- Define organizational and technical security measures, deploy them, ensure their operational functioning and maintain them at the state of the art
- Ensure that projects are designed and carried out in a secure manner
- Ensure that security policies and rules are applied in the organization, manage security audits on the organization’s IS, monitor remediation actions
- Set up and administer security tools
- Disseminate an ISS culture to users and make decision-makers aware of security issues
Detect and respond:
- Contribute to the detection and management of security incidents and crises
- Prepare and implement an IT continuity plan
- Produce reports of security actions within the organization
- Mobilize external expertise if necessary
Our advice: this position is open to women and men. Motivation and the desire to learn are the fundamental qualities for the success of your project. Don’t put a barrier on yourself, you can do it.
- Good knowledge of the organization’s challenges and professions
- Ability to build the organization’s cybersecurity strategy
- Ability to understand cybersecurity threats
- Knowledge of the information system and architecture principles
- Mastery of the fundamentals in the main fields of ISS
- Knowledge of security technologies and related tools
- Risk management, cybersecurity policy and ISMS
- Legal knowledge of IT law related to IS security and data protection
- Cyberdefence: knowledge of crisis management
- Knowledge of governance, norms and standards in the field of security: ISO standards (2700X), sector standards (PCI-DSS, etc.)
- Ability to influence
- Sense of general interest
- Team management
- Ability to report back to management
- Ability to work cross-functionally within the organization
- Ability to withstand pressure
- Ability to appropriate business issues
Description of the profession in the ANSSI directory
The scope of responsibility of the CISO can be exercised in different areas depending on the nature of the organization. In organizations with industrial IS, there is generally an RSSI for the industrial perimeter. In organizations that develop products comprising IS, a CISO may be appointed (in this case, we can speak of a Product Security Officer (PSO)).
How to access into the job?
Education: Bac + 5 with a specialization in cybersecurity Professional experience: more than 5 years in the field of cybersecurity
Our Intra-company training
From 2023 the CSB SCHOOL will offer you to train your employees to help them develop their different skills in the cybersecurity field. After a thorough study of the need by our development manager, you will be put in touch with our different pedagogical experts on the identified theme.
The complete career guide
Condimentum lacinia quis vel eros donec ac odio. Nibh cras pulvinar mattis nunc sed blandit libero volutpat. Facilisis gravida neque convallis a cras semper auctor neque vitae.
Same field jobs
Our school provides training in 21 cybersecurity jobs, from technical to supervising positions, from IT operations to industrial systems security. Here is the list of jobs you will be trained for by attending one of our training programs.