GOVERNANCE, RISK and COMPLIANCE

Risk Management

• Identify, estimate, evaluate Cybersecurity risks of the Group and ensure with CISOs in charge that proper mitigation actions are in place. Communicate on these risks with key stakeholders.
• Maintain the cartography of major cyber risks, validate impacts and risk appetite with business and provide analysis and insights to the Enterprise Risk Management team
• Support Cybersecurity in Projects teams (Group & zones) on all aspects of cybersecurity during projects.
• Manage the Third Parties Risk Management cybersecurity program and ensure proper cybersecurity requirements are included in contracts & appendixes.
• Develop connections with legal, VMO, internal audit teams…
• Develop a culture of cyber risks among all stakeholders and across the whole company through awareness and communication.

Compliance

• Define, improve and keep up-to-date a comprehensive cybersecurity compliance program, including regulatory watch, requirements understanding and integration in internal policies, compliance monitoring and gaps mitigation plans.
• Act as the Cybersecurity point of contact to lead communications with internal and external auditors.
• Ensure non compliances, audit recommendations and any other cybersecurity weaknesses are remediated in due time.
• Drive global or cross-zone compliance projects or action plans (PCI-DSS, GDPR...).

Continuous Monitoring & Reporting

• Define and implement cybersecurity continuous monitoring.
• Define, improve and keep up to date Group Cybersecurity Dashboards and KPI/KRI reporting.
• Enforce and control the correct application of the Group's Cybersecurity framework. Follow Group and Zone cybersecurity KPIs and controls.
• Animate regular meetings with cybersecurity leadership team and Group IT departments.