- Company Name
- Ville d'Antibes Juan-les-Pins
- Job Title
- Directeur de la sécurité de l’information/Directrice de la sécurité de l’information
- Job Description
-
Job title: Director of Information Security
Role Summary: Owns the definition, deployment, and oversight of the municipal information systems security policy (PSSI), ensuring alignment with regulatory requirements and safeguarding city data and infrastructure.
Expactations:
- Lead the development and continuous improvement of the PSSI and associated documentation.
- Guarantee compliance with NIS2, ANSSI recommendations, RGS, and GDPR.
- Drive risk analysis, implement technical and organisational controls, and manage security incident response.
- Coordinate audit, penetration testing, and external evaluations.
- Define, monitor, and report on security and compliance metrics.
- Champion cybersecurity awareness and training for staff and elected officials.
- Serve as liaison with ANSSI and inter‑municipal networks.
Key Responsibilities:
1. Craft and maintain the PSSI, including risk treatment plans and procedural guidelines.
2. Conduct periodic risk assessments using EBIOS RM, ISO 27001, and other frameworks.
3. Implement and validate security controls across networks, systems, and services.
4. Oversee incident management, ensuring timely detection, containment, and recovery.
5. Plan, update, and test business continuity (PCA) and disaster recovery (PRA) plans.
6. Manage audit schedules, penetration tests, and external security evaluations.
7. Monitor compliance, compile reports for senior management and regulatory bodies.
8. Deliver cybersecurity training and awareness campaigns citywide.
9. Coordinate with partners, including ANSSI, to stay abreast of evolving threats and standards.
Required Skills:
- Strategic leadership in information security governance.
- Expertise in ISO 27001, EBIOS RM, NIS2, RGS, GDPR, and French ANSSI guidance.
- Deep knowledge of system, network, and cyber‑security architectures.
- Facility in risk assessment, incident response, and business continuity planning.
- Strong stakeholder communication, training facilitation, and change management.
- Ability to interpret and apply security regulations and audit findings.
- Proficiency with security metrics, dashboards, and compliance reporting.
Required Education & Certifications:
- Master’s level (Bac +5) in Computer Science, Information Systems Security, or equivalent.
- Professional certifications such as ISO 27001 Lead Implementer/Lead Auditor, CISM, or CISSP highly desirable.
- Demonstrated experience in a senior security role within a public‑sector or comparable environment.