Download
Send

Director Information Security

IT

47088

Switzerland, Zürich, Zürich

Remote Position: 

No

July 19th, 2023

Internship: 

No

Constellium is a global leader in aluminum manufacturing with 12’500 employees in 31 locations distributed over Europe, North America and Asia. Constellium serves a well-diversified spectrum of customers from the aerospace, transportation, automotive and the packaging industry. In order to serve these dynamic and challenging industries, Constellium invests in R&D in order to develop high value-added products and to drive forward its roadmap towards a sustainable future. This requires Constellium IT to provide reliable, cost-effective and secure IT services that support its production processes as well as the business support functions.

The Director Information Security is part of the IT Leadership Team reporting to the CIO. He is leading the Global Information Security team (of currently 8 team members) and is responsible to assess, improve, drive and oversee a complete information security program in the global organization.

The goal of Information Security at Constellium is to keep Constellium free from major security incidents and compliance issues. Achieving this goal in a global matrix organization, requires an experienced manager who has management, organizational, communication and also a broad set of technical skills. He is expected to be able to drive and develop information security by anticipating future protection needs and to increase the maturity of the current focus areas while considering and balancing business constrains and its surrounding conditions.

 

Key Accountabilities

  • Oversee, develop and drive global Information Security (focusing on IT Security).
  • Ensure Information Security is aligned with business, legal and customer requirements.
  • Support the security team in executing Information Security programs, projects and initiatives such as upgrading end point protection solution, implementing new security services, implementing a manufacturing security program.
  • Support the security team in operational security topics such as security incident handling, handling of exception requests.
  • Ensuring information security is well integrated with the infrastructure, application and site IT teams.
  • Oversee various security risk assessments activities, implement mitigation activities and support business and IT teams in getting them implemented.
  • Oversee, support and continuously improve our compliance programs for IT SOX, TISAX and NIST/CMMC.
  • Provide information security communication and awareness training to IT and business and to our end users.
  • Oversee vendors and 3rd parties in order to manage risk associated with them.
  • Maintain a thorough KPI measuring, visualization and reporting system which allows tracking and communicating the current status of information security and to reveal weaknesses and trigger improvement actions.
  • Establish trusted and collaborative relationship with business, global and site teams.

 

 

General experience and skills

  • 10-15 years of experience in IT, the majority of it in information security.
  • Bachelor degree in information technology, specialization in information security and a master’s degree are considered beneficial.
  • Fluent in English, French and/or German is a plus.
  • Ability to do moderate (up to 20% max) traveling (primarily to our manufacturing sites)
  • Common industry certifications from ISC2, ISACA, or accepted industry certifications, preferably CISM, CRISK or ISO 27001 lead auditor.
  • Experience in an English speaking and international work environment.
  • Ability to work, collaborate and get things done in a global matrix organization and in collaboration with different global and local IT teams as well as with business.
  • Good leadership skills and ability to manage and develop a global and distributed information security team.
  • Strong and convincing communication in order to discuss, present security topics and to convince senior management about needed security measures.
  • Good skills in making operational and project budgets (including business cases), forecasting, tracking, living and promotive a financial discipline.
  • Willingness to work in a fast changing and demanding environment.
  • Experience in convincing colleagues from other teams, functions or business units, to understand and follow security requirements and remediate deviations thereof.
  • Ability to manage projects as a project manager and to supervise team members who are managing projects.
  • Ability to perform vendor management, supervise their performance.

 

Technical Skills

  • Strong understanding of how the technological development in IT and cyber threats affect Constellium today and in the future.
  • Ability to anticipate future protection needs, develop adequate mitigation plans, get buy-in and finally get them implemented.
  • Experience in developing and maintaining a thorough information security program and management system.
  • Solid foundation in various technical Information Security topics such as system- and network security, cloud security, identity and access management, cryptography, physical security.
  • Good understanding of information security standards, frameworks, best practices and compliance requirements such as: ISO 27001, Cobit, NIST, GDPR.
  • Solid understanding of SOX and IT SOX (IT General Controls).
  • Experience in performing security external security assessments, internal reviews, assessment and in providing support for IT projects.
  • Experience in writing and maintaining policy, standards and procedure frameworks.

 

Constellium is an Equal Opportunity Employer: Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.