Job Description

Position Description The Regional Information Security Officer role is to ensure the streamlined alignment of the Group and Region for all Information Security and IT Security matter. He/She is responsible for the security and associated compliance aspects in his/her region.

• The primary purpose of this role is to ensure strong regional alignment with the Global CISO team/strategy and local regulations related to IT and Cybersecurity activities but also promote any regional requirements for integration in the Global Information Security strategy.
• The secondary purpose of this role is to manage and deliver several Cybersecurity Transformation Programs activities that fall within this domain. All the SecOps aspects like day to day operations, patch and vulnerability management or security architecture design are part of it.
• The third purpose of this role is to become a credible and recognized Information Security Single Point Of Contact (SPOC) across the region able to influence at Senior level, educate the business functions; interact successfully with all oversight functions (risk, audit, legal…) and local regulators.

Roles and Responsibilities

• Be the Regional entry point for the Global Cybersecurity team and the local functions for IT Security and Information Security.
• Provide Cybersecurity consultancy and advisory on cross-functional initiatives and special initiatives that occur as a result of an ad-hoc request received from the Business, the regulator or the IT Team.
• Ensure the adoption and compliance with the Hermès Information Security Policy as well as the global Information security processes and tools.
• In close collaboration with the Audit and Risks department team, be the local point of contact for all auditors (internal or external) and coordinate and/or lead all IT audits execution
• In close collaboration with the Global Cybersecurity team, manage the 3rd parties security assurance and annual re-certification activities for the region.
• In close collaboration with the Global Cybersecurity team, monitor the IT & Information Security risks at local and regional level.
• Be a member of the regional incident response team taking the lead on all Cybersecurity and IT Security matters.
• Establish, own and manage Cybersecurity audit framework, leveraging on Group tools and processes while ensuring local criteria are in scope.
• Ensure alignment, implementation and monitoring of local regulations and policies in relation with the Global CISO.
• Act as a local business enabler for the Global Cybersecurity team and evangelize IT security via regular training sessions delivery ensuring that Cybersecurity is not seen as a blocker, but as a partner to endeavors and goals.
• Own projects delivery and initiatives within the Global Cybersecurity Roadmap providing tactical project management where necessary, SME guidance where appropriate and by calling on the resource of other teams and departments as required.
• Act as a collaborator across the CISO team and wider business, sharing knowledge and insight and helping develop individuals.
• Produce presentations and analysis describing Information Security and CISO team activities for a range of audiences with varying levels of seniority.
• Manage the Cybersecurity regional annual budget in coordination with the local management as well as the Global CISO.
• Liaise with other pillars to standardize Management Information (MI) reporting, with ownership of all MI data produced by the Operations pillar. Coordinate the production of MI, reporting packs and presentation materials within the CISO team and communicate the outputs to relevant internal and external parties.

Relationship matrix

• Internal:

o Global CISO Team o Corporate / Divisions IT Teams o Business & oversight functions o Auditors (internal & external) o Hermès Senior Leaders

• External:

o Suppliers o Auditors o Regulators

Requirements

• Degree in Computer Science or related field, or equivalent experience.
• More than 5 years Cybersecurity/InfoSec/IT Security experience in large international organization
• Security certifications like but not limited to:

o CISSP o CISM o CISA o CGEIT o CRISC o ISO 27001/5

• Knowledge of applicable data privacy practices, regulations and laws.
• Knowledge of network protocols and IT infrastructure.
• Proven experience working successfully with external service providers
• Strong understanding of project management principles.
• Excellent interpersonal skills.
• Ability to present ideas in business-friendly and user-friendly language.
• Highly self-motivated and directed with ability to effectively prioritize tasks.
• Proven analytical, evaluative, and problem-solving abilities.
• Extensive experience working in a team-oriented, collaborative environment.
• Regular travels are required.