Chief Security Compliance Officer

You may not know our name, but you have surely used our innovations and solutions.

Our mission is to unlock the world and make it safer through cutting-edge identity technologies. Every day, around the globe, we are enabling citizens and consumers alike to perform their daily critical activities (such as pay, connect and travel), in the physical as well as digital space. We are transforming their lives by making the world more secure and yet also more streamlined.

We have brought together complementary know-how and technologies that have never been combined before for both the physical and digital era: secured connectivity, secured payments and secured identity management. Cybersecurity, biometrics, large scale distributed systems and Cloud computing, analytics and smart devices are at the core of both our physical products and our software and systems.

We serve our clients in 180 countries thanks to our 15,000 employees worldwide. 

Purpose

IST Chief Security Compliance Officer is in charge to globally manage security compliance for all our solutions & services ; that includes to define & execute strategy, anticipate evolutions of existing compliance frameworks as well as coming new regulations, and deploying permanent control for efficiently monitoring our compliance level.

He / she is also in charge of establishing Product Security Incident Response activity (covering both vulnerability & incident management) for all the division, in coordination with all business & engineering teams.
He / she organizes activity & priorities of the team (3 experts), with the right balance between supporting business / meeting customers needs, and progressively improving our internal frameworks & policies.

Position reports directly to IDEMIA Secure Transactions - Global Chief Security Officer.

Key Missions

• Main Missions :
  Compliance & Security Audits
  o    To contribute to IST global security strategy for security compliance activities => OK can be switched to contribute, as proposed modification 
  o    To identify & anticipate evolutions of applicable compliance frameworks, to assess impact of these evolutions on our business activities, and coordinate implementation of the actions with the teams 
  o    To support our business teams during compliance & customer audits to ensure they are properly prepared
  o    To provide security expertise during the audits & follow up execution of the mitigation plans post audit
  o    To provide expertise and guidance on security compliance topics (both for new & existing solutions)

  Product Security Incident Response (PSIRT)
  o    To define & deploy product vulnerability management & security incident management framework (policies, procedures, processes …) across the division, in coordination with IST security community, and business & engineering teams (scope : products & solutions) 
  o    Coordinates & supports product & commercial teams in regards with incident responses activities, and monitors status through KPIs
  Other missions 
  o    To contribute to the definition and implement the security strategy & roadmap of the department, report progresses and challenges
  o    To perform security assessments & waivers where relevant 
  o    To coordinate cross IST security projects (ex : CPS, key management solution)

Profile & Other Information

Technical skills :
o    Experience in security governance (policies, committees, risk management, audits …); personal certification (ex: ISO27001 lead auditor or CISSP) is a plus 
o    Knowledge of Cryptographic Algorithms and Certification Schemes, Experience in Key Management (HSM, key ceremonies …) 
o    Strong experience in compliance frameworks ; Knowledge of applicable standards (PCI CPP, PCI DSS, GSMA,) is a plus 
o    Demonstrated experience in Project Management, involving a lot of various stakeholders 
o    Previous experience in payment and telecom related projects with banks and mobile operators is considered as a plus 
Soft skills : 
o    Ability to interact with different typology of stakeholders (C-level, legal, engineering teams …)
o    Ability to report activities at the appropriate level for business/security committees
o    Excellent problem-solving and analytical skills.
o    High level of autonomy & adaptability 
o    Strong leadership & communication skills.
o    English fluent (written & spoken).

By choosing to work at IDEMIA, you can join the journey of a unique tech company. You can seize all the opportunities of our fast-paced environment. You can add your distinctive qualities to our global community. You can contribute to a safer world.

We deliver cutting edge, future proof innovation that reach the highest technological standards. We’re well established, and yet still agile. We aren’t too big, and we aren’t too small. And we’re transforming, fast, to stay a leader in a world that’s changing fast, too.

At IDEMIA, people can develop their expertise and feel a sense of ownership and empowerment, in a global environment, as part of a company with the ambition and the ability to change the world.

Our teams are close and collaborative; maintaining a dialogue and developing human connections matter to us. We are truly international and we know that diversity is a key driver of innovation and performance. We welcome people from all walks of life, regardless of how they look, where they come from, who they love, or what they think.

Each of our locations has its own advantages to offer a collaborative and friendly work environment.

IDEMIA. Expect the unexpected. Join the journey of a unique tech company.