Veolia Group aims to be the benchmark company for ecological transformation. With nearly 220,000 employees worldwide, the Group designs and provides game-changing solutions that are both useful and practical for water, waste and energy management. Through its three complementary business activities, Veolia helps to develop access to resources, preserve available resources and replenish them. In 2021, the Veolia group provided 79 million inhabitants with drinking water and 61 million with sanitation, produced nearly 48 million megawatt hours and recovered 48 million tonnes of waste. Veolia Environment (Paris Euronext: VIE) achieved consolidated revenue of 28,508 billion euros in 2021. www.veolia.com
Position Purpose
Implement and maintain an information security program covering the entire organization. Evaluates risks, threats and consequences in order to establish an appropriate prevention plan. Establish policies and standards as necessary for governance of the information security program. Provide an advisory role, support, information, training, and alert to other departments.
Primary Duties / Responsibilities
-
Lead the Enterprise Information Security Group. Drive the design and execution of the information security strategy, work in partnership with various key stakeholders (Risk Management, Technology, Legal, Human Resources, Lines of Business Management, etc.)
-
Serve as the senior spokesperson for information security, including communicating key issues, risks, and progress to governance committees, business executives, Regulators, and the Board of Directors.
-
Build and Lead the Information Security Steering Committee.
-
Monitor and measure progress and highlight/escalate issues.
-
Build, retain and develop a team of top cyber security talent.
-
Design and operate a Security Operations Center to promptly identify and respond to security issues/anomalies. Execute and maintain response processes to ensure timely response to detected cybersecurity events. Contain and mitigate incidents and newly identified vulnerabilities.
-
Build and run a risk assessment program that includes comprehensive technical assessments of applications and infrastructure, penetration tests, and security architecture assessments. Ensure the provision of data security subject matter expertise to project teams to ensure early identification of data security requirements. Categorize and prioritize assessment risks for remediation.
-
Design and run an information security metrics/reporting program. In addition, produce information security reports as required, including Regulatory reports.
-
Ensure readiness for regulatory and internal audit examinations. Timely respond to inquiries and ensure suitability and timely execution of corrective action plans.
-
Build and run training and awareness programs to educate and alert staff, third parties, and clients to key risks and the behaviors and actions required to mitigate risks.
-
Build strong and effective relationships with key staff and support initiatives to advance information security capabilities.
-
Actively engage with industry associations and develop industry relationships. Stay abreast of evolving threats/risks.
-
Oversee the Enterprise Information Security Group’s projects and guide the projects to on-time and on-budget delivery. Ensure transparency of key project risks.
-
Serve as the owner of the information security policy and oversee the policy exception management process. Evolve policy and standards to account for new technologies, changing regulations, threats, and risks.
-
Contribute to the leadership team’s success by influencing decisions, leading, and supporting initiatives.
-
Conduct career planning with assigned staff.
-
Mentor staff members to ensure their goals align with BU/Domain goals and the staff members are growing
-
Execute projects in Agile (or at appropriate times Waterfall) methodologies.
-
Function as PM or Scrum Lead to ensure projects are delivered on time, on budget with the desired outcomes
-
Implement analytics to measure and ensure adoption, taking corrective action when required.
Education / Experience / Background
- Bachelor’s degree in Computer Science, Information Systems or a related field required; Related Master’s degree, preferred
-
10+ years’ experience in a production IT environment managing enterprise IT infrastructure, hardware, hosting service and network areas.
-
8+ years designing and building a conforming cyber security posture that aligns with the Group’s mission and strategy
-
5+ years of leadership experience, with a focus on cybersecurity
Knowledge / Skills / Abilities
-
Experience managing and architecting components of cyber-secure positions
-
Experience with cyber remediation and reporting
-
Ability to understand business drivers in order to organize and prioritize multiple competing deadlines and assign resources accordingly
-
Strong communication, analytical and problem-solving skills with the ability to drive actionable changes
Required Certification / Licenses / Training
Physical Requirements / Work Environment
- Prolonged periods sitting at a desk and working on a computer or tablet
- Travel 35% of the time (domestic and international)
BENEFITS
Veolia’s comprehensive benefits package includes paid time off policies, as well as health, dental and vision insurance. In addition, employees are also entitled to participate in an employer sponsored 401(k) plan, to save for retirement. Pay and benefits for employees represented by a union are outlined in their collective bargaining agreement.
A subsidiary of Veolia group, Veolia North America (VNA) offers a full spectrum of water, waste and energy management services, including water and wastewater treatment, commercial and hazardous waste collection and disposal, energy consulting and resource recovery. VNA helps commercial, industrial, healthcare, higher education and municipality customers throughout North America. Headquartered in Boston, Mass., Veolia North America has more than 10,000 employees working at more than 350 locations across the continent. www.veolianorthamerica.com
We are an Equal Opportunity Employer! All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.
Disclaimer: The salary, other compensation, and benefits information is accurate as of the date of this posting. The Company reserves the right to modify this information at any time, subject to applicable law.