Req ID : 56324
We create smart innovations to meet the mobility challenges of now and the future. We design and manufacture a complete range of transportation systems, from high-speed trains to electric buses, autonomous subways, signalling and digital mobility solutions.
Joining us means joining a truly global community of 36 300 people dedicated to solving real-world mobility challenges and achieving international projects with sustainable local impact.
Alstom develops & markets the most complete range of systems, equipment and services offered today in the railway sector.
Today we offer our customers solutions that feature a seamless blend of diverse technologies, ensuring optimal interfaces, along with flexible implementation and real synergy in innovation.
One of the last challenges faced by the railway sector is to take into account the cybersecurity within their solutions : Railway systems, as with most Industrial Automation Control Systems (IACS), have been considered immune to cyber security threats and attacks for years.
Nevertheless, the increase of interconnected and digitalized assets in the railway sector and the parallel increase of cyber-crime targeting IACS have driven the need for a coordinated approach to cybersecurity implementation.
The primary responsibilities of the Program Cybersecurity Manager are :
For program cybersecurity management : To perform security risk assessment of mainline railway sub-system; To specify and validate the suitable solutions and counter measures for each of the not-acceptable risks;
To define the Cybersecurity processes, rules and guidelines of the Program and ensure these ones are followed.
For technical mentoring : To define cybersecurity test strategy; Mentor people how to manage and implement cybersecurity tests;
Mentor development of cybersecurity test platform.
Specific responsibilities of the role :
Perform solution cybersecurity security assessment, including Zones and Conduits architecture
Identify the not acceptable risks for each component and / or sub-system
Liaise with the platform and program team to define the most suitable solution reducing the risk to an acceptable value
Specify the platform cybersecurity requirements and validate their implementation
Perform technological watch and vulnerability analyses for program.
Participate to implementation of cybersecurity within Alstom processes
Verify that all parts of the program organisation, including subcontractors, perform their work according to the applicable security requirements, security rules, security guidelines, security information
Support mainline platform cybersecurity manager in joint programs tackling the issue of the cybersecurity in the railway with a specific focus on PKI implementation and cybersecurity tests
Mentor the cybersecurity test platform program, provide the main guideline for the research program and help to tackle technical implementation issues.
SKILLS & EXPERIENCE
Education : Master’s degree in Engineering / Technology or related field
Desired knowledge / Experience :
Minimum 5 years of experience in Railway systems with some experiences in industrial cyber security, OR
Minimum 7 years of relevant IT / OT cybersecurity experience
Technical skills & competencies :
Fluent with Linux OS (Kali distribution is a must)
Fluent in English (spoken and written)
Experience in cybersecurity test is a must
Professional industry standard certifications like CISSP, CEH, GPEN, OSCP, etc is a must
Knowledge of Penetration testing methodologies; OWASP, OSSTMM, PCIDSS would be a beneficial
Ability to drive change through innovation & process improvement
Strong analytical skills with demonstrated problem solving ability
Proven planning, prioritization and organizational skills
Professional & concise communication (written & verbal)
Knowledge of Mentor Expedition is a plus
We believe that a diverse and inclusive workforce is a lever to running a sustainable and successful business. We are dedicated to creating an inclusive environment where all our employees are encouraged to reach their full potential, and individual differences are valued and respected.
Job Type : Experienced