Consultant -Public Cloud Security Risk Officer - OSM

Job Summary: 
We are seeking a Public Cloud Operations and Security Manager to join our team. In this role, you will be responsible
 for implementing and overseeing controls related to Public Cloud. You will ensure compliance with Group policies
 and security standards, perform security assessments, contribute to security audits, and communicate effectively with
 various stakeholders. Additionally, you will play a vital role in developing and maintaining the IT skills of our employees,
 participating in ISS events, and actively contributing to the overall IT function and security community within our
 organization. 
Core Responsibilities: 
1. Control and report on security by design principle of applications hosted on the public cloud (Azure and AWS) 
2. Control and report on the Landing Zone security as described and the security controls for example NIST cloud controls 
3. Control and report (with the support public Cloud CSRO lead) on the security of CSP service on the Group Catalog. 
4. Handle security alerts (Skynet) or incident.

 Manage IT risk and SSI compliance: 
Frame and plan: 
· Contribute to the drafting of policies/ Group standards on the ISS in connection with its functional scope; if necessary,
 define and maintain local procedures / good practices to meet the specificities of his department. 
· Participate in the definition of the ISS strategy and roadmap for its functional scope, in collaboration with the GTS CISO
 and the ISS sector. 
· Define and validate roadmaps for the implementation of IT risk treatment plans (application of standards, implementation
 of controls, etc.), ensuring that funding and commitment are secured from the teams involved. 
· Contribute to the updating of permanent control policies (update of the library of normative controls...) 
Implement: 
· Ensure the management of security projects initiated directly by and for its department of attachment. 
· Support the deployment of security projects initiated by the Group and/or GTS within its functional scope and participate
 in the governance of these projects. 
· In general, as a security expert, provide an advisory role vis-à-vis the projects deployed within his department of
 attachment 
· Evaluate and manage the treatment of IT risks in all new projects or infrastructures within its scope (integration of security
 in projects, ISORP processes). 
· Enforce Group policies / standards and/or procedures / good security practices within its department. 
· Validate and monitor security exemptions (exceptions, RAF...). 
· Lead the resolution of security incidents and contributeto post-mortem investigations of security incidents. 
· Lead the remediation of critical vulnerabilities in coordination with technical teams, SOC and CERT. 
· Maintain the IT security risk assessment of products / services / infrastructures of its functional scope (update ASA /
 ARA / USF ...)  and associated repositories; 
· Monitor and coordinate (project not led by the OSM) the treatment of security risks of products / services / infrastructures
 of its functional scope. 
· Monitor and coordinate the timely closure of audit recommendations (internal / regulators), if necessary, intervene in
 support of operational teams. 
Communicate: 
· Communicate regularly on the IT risks of its scope and on the mitigation plan undertaken. 
· Communicate on the status of security audits (internal audit / regulators) as well as plans for handling recommendations. 
· Communicate on its activities (definition of relevant KPIs / KRI) and on points of attention or security alerts. 
· In the event of detection of a security anomaly on its functional perimeter, exercise as soon as possible a duty of alert visà-vis the CISO GTS and his hierarchy. 
· Disseminate within the department of attachment all changes to the policies / Group standards or decision of the ISS
 sector in connection with the activities of its functional scope.