Information Security Officer

Responsibilities:
The Information Security Officer provides advice, assistance, information, training, and alerting.
He/she can intervene in all or part of the information systems of his/her Business Unit and its subsidiaries - including South Africa, Namibia, and Botswana.
He/she carries out a technological and regulatory watch in his/her field and proposes changes to guarantee the security of the information systems as a whole.
In charge of all security aspects of the cyberspace of Veolia Services Southern Africa.
Definition and implementation of the information systems security policy:
Defines the objectives and needs related to cybersecurity for the BU and its subsidiaries, in collaboration with the relevant actors (general management, information systems management, human resources management, business management, finance and others)
Drafts the associated security procedures in collaboration with the relevant players
Implements the cybersecurity policy, ensures its evolution and updates
Sets up an organization to ensure the long-term governance of the BU's cybersecurity.
Assesses cyber IT risks with the assistance of the BU Information System Department.
Assesses cyber OT risks with the assistance of the BU's industrial security correspondent or manager.
Studies the means of ensuring the security of information systems and their proper use by all the players in its scope.
Proposes a list of security measures to be implemented to the authorities within its scope of responsibility, for their approval, and ensures the follow-up and development of this action plan over time (the action plan is accompanied by resource requirements).
Ensures project management of the implementation of security measures (this mission, depending on the type of technical or organizational measure, may be shared with a business manager or the head of the information system) and reports to the group DSSI on progress.
Regularly informs and raises awareness among the management of its BUs and subsidiaries about cybersecurity issues and risks.
Conducts awareness-raising and training activities for users on cybersecurity issues.
Participates in the creation of the information systems security charter for its perimeter (if there are local specificities to be taken into account) and ensures its promotion to all users of its establishments.
Conducts regular security audits of IT and OT information systems in order to verify the proper application of group and local cybersecurity policies by the actors of its BU and its subsidiaries.
Monitors and manages security incidents that occur within its BU and subsidiaries - adopts and applies the group's incident, alert and crisis management procedures.
Verifies the integration of cybersecurity in all projects of his BU and its subsidiaries.
Monitoring local regulatory and technical developments to ensure that cybersecurity policies are in line with these developments.

Key Skills
KNOWLEDGE OF TECHNICAL CONCEPTS OF INDUSTRIAL COMPUTER APPLICATIONS, COMPUTER NETWORKS AND SECURITY MECHANISMS.
IMPLEMENT CYBERSECURITY PROCEDURES AND TOOLS.
KNOWLEDGE OF ISO 2700X SECURITY STANDARDS.
USE AND IMPLEMENT AUDIT TECHNIQUES AND PROCEDURES.
MANAGE RISKS (FINANCIAL, HUMAN, TECHNICAL): ANTICIPATION, IDENTIFICATION, IMPLEMENTATION OF CORRECTIVE ACTIONS.
SIGNIFICANT EXPERIENCE IN THE NEGOTIATION AND MANAGEMENT OF CROSS-FUNCTIONAL SSI PROJECTS.
LEGAL KNOWLEDGE OF INFORMATION SYSTEMS SECURITY, AND PARTICULARLY OF THE TEXTS REGULATING THE INDUSTRIES.
DESIGN AND ADAPT COMMUNICATION MEDIA AND/OR DOCUMENTATION ACCORDING TO THE MESSAGES AND TARGETS.
SHARE KNOWLEDGE AND KNOW-HOW.
MANAGE CRISIS SITUATIONS.
Carry out its mission and set its organization in an autonomous way.
Make decisions (respect of commitments...)
Arguing one's decisions in order to convince and to obtain support
Sense of confidentiality and ethics
Adopt an appropriate relational behaviour
Know how to lead working groups, awareness sessions and training.
Demonstrate diplomacy and pedagogy
Organize and lead change.
Management.
Ability to travel.
Languages: English compulsory, French beneficial.