Deputy Chief Information Security Officer

Location: Lyon

Role Overview

Our client is a leader in sustainable energy generation with a big roadmap for the next decade. We are looking for people that are passionate about change & innovation, and looking for a genuine challenge alongside frontier technology.

As the Deputy Chief Information Security Officer (Deputy CISO), you will play a pivotal role in leading and managing the organization’s information security strategy and operations. Working closely with the CISO, you will oversee the implementation of robust cybersecurity frameworks, lead critical security programs, and manage responses to evolving cyber threats. This role requires a balance of strategic leadership and hands-on expertise, with a strong focus on governance, risk management, and incident response.

Key Responsibilities

• Strategic Leadership: Support the CISO in defining and executing the organization’s cybersecurity strategy, ensuring alignment with business goals.
• Governance & Compliance: Oversee compliance with relevant standards and regulations (e.g., GDPR, ISO 27001, NIST CSF). Develop and maintain policies, procedures, and frameworks for information security.
• Operational Oversight: Manage day-to-day operations of the cybersecurity program, including threat management, vulnerability assessments, and incident response.
• Team Management: Lead and mentor a multidisciplinary security team, fostering a culture of security awareness and excellence.
• Risk Management: Identify, evaluate, and mitigate information security risks across IT and OT environments.
• Incident Response: Coordinate responses to major cybersecurity incidents, including communication with stakeholders and root cause analysis.
• Collaboration: Partner with IT, legal, compliance, and operations teams to ensure security is embedded across all organizational processes.
• Technology Enablement: Evaluate, implement, and manage security tools and technologies to strengthen the organization’s defense posture.
• External Stakeholders: Act as a key point of contact for external auditors, regulators, and partners on cybersecurity matters.

Required Qualifications

• Education: Bachelor’s or Master’s degree in Computer Science, Information Security, or a related field.

Experience:

• Minimum 7-10 years of experience in information security, including 3+ years in a leadership role.
• Proven experience managing cybersecurity programs in IT and OT environments is a strong plus.

Technical Knowledge:

• Deep understanding of cybersecurity frameworks and standards (e.g., ISO 27001, NIST CSF, IEC 62443).
• Experience with network security, incident response, and risk management.
• Familiarity with industrial protocols and operational technology (SCADA/DCS/IIoT) is desirable.

Preferred Qualifications

• Professional certifications such as CISSP, CISM, CISA, GICSP, or equivalent.
• Experience in conducting cybersecurity audits and assessments.
• Strong knowledge of regulatory environments, such as GDPR.
• Professional French and English