Project Cybersecurity Manager

Req ID:503000

At Alstom, we understand transport networks and what moves people. From high-speed trains, metros, monorails, and trams, to turnkey systems, services, infrastructure, signalling and digital mobility, we offer our diverse customers the broadest portfolio in the industry. Every day, more than 80 000 colleagues lead the way to greener and smarter mobility worldwide, connecting cities as we reduce carbon and replace cars.

Key accountabilities:

• Analyze Program security needs (including laws and regulations), determine security objectives and main security risks strategy
• Plan security activities within development life cycle, estimate costs and duration, their impacts related to program execution, Identify training needs
• Is responsible for Cost / Quality / Delay of Program Cybersecurity deliverables, as needed per Project / program context :
• Cybersecurity context, and Cybersecurity Risk Analysis
• Cybersecurity Architecture definition and requirement allocation
• Cascading of requirement to suppliers, Manage Third Parties Risks,
• Application of Cybersecurity Assurance Level
• Definition of Cybersecurity Operating Procedures
• Evaluation of the Project/Program achieved Cybersecurity level
• Provide support during technical design meetings for cybersecurity activities
• Obtain agreement from Program/Customer about on the set of security measures to be implemented
• Manage vulnerabilities and Cybersecurity issues and actions plan,
• Manage Program Cybersecurity related communication,
• Report on Program Cybersecurity status
• In case of external Cybersecurity audit, manage the relationship with auditors Establish lessons learned
• Promoting the Alstom Code of Ethics and adhering to the highest standards of ethical conduct
  
  

Performance measurements:

• No "NO GO" for Cybersecurity reasons in Gate Reviews
• Quality of Cybersecurity deliverables, in time
• Achievement of Program targeted level of Cybersecurity
• Assessment findings: Low rework due to external or internal assessments
• Vulnerability management is in place
• Respect of Cybersecurity activities QCD commitment
• Cybersecurity issues/incident resolution
  
  

Experience:

Mandatory:

• Experience with direct responsibility for hands on architecture, design, development
• Experience related to Cybersecurity in general, deployment experience of security technologies
• Experience with Project Management
• 8+ years of proven experience delivering safety critical systems
• 3-5 years of experience using standards including IEC-62443, CLC/TC 50701, APTA and other standards
• Experience performing cybersecurity analysis on Industrial Control Systems
• Experience with conducting cyber certification for Industrial Control Systems in a lead role
  
  

Desirable:

• Experience in embedded or OT/ Industrial systems (railway/aeronautics)
• Experience performing cybersecurity analysis on passenger rail systems
• Experience with conducting cyber certification for rapid transit systems in a lead role
  
  

Competencies & Skills

• Engineering Background
• Knowledge of main Cybersecurity standards and regulations, such as: ISO 2700X, 62443, NIST, APTA
• Knowledge of some Cybersecurity solutions and areas
• Methods of Cybersecurity risk analysis
• Architecture concepts and techniques of systems and networks, operating systems and associated programming languages.
• Knowledge of the main techniques for evaluating systems security
• Certification in cybersecurity like CISSP/CISM/CEH/GICSP/CompTIA Security+
  
  

You don’t need to be a train enthusiast to thrive with us. We guarantee that when you step onto one of our trains with your friends or family, you’ll be proud. If you’re up for the challenge, we’d love to hear from you!

Important to note

As a global business, we’re an equal-opportunity employer that celebrates diversity across the 63 countries we operate in. We’re committed to creating an inclusive workplace for everyone.