Cyber Security Architect

Req ID:‎437456

At Alstom, we understand transport networks and what moves people. From high-
speed trains, metros, monorails, and trams, to turnkey systems, services,
infrastructure, signalling and digital mobility, we offer our diverse
customers the broadest portfolio in the industry. Every day, more than ‎80 ‎000
colleagues lead the way to greener and smarter mobility worldwide, connecting
cities as we reduce carbon and replace cars.

OVERALL PURPOSE OF THE ROLE:

Responsible for designing, creating, and maintaining the cybersecurity aspects
of Alstom solutions

Network & Links:

Internal: Project/Program team (PM, Engineering, V&V, Safety, RAM, ..), Cyber
Engineers and CSP Leaders (as relevant), Cybersecurity Governance & Expertise,
Other Cybersecurity Architects
External: Customer representatives (as relevant), Supplier representatives (as
relevant), National authorities' representatives (as relevant).

RESPONSIBILITIES:

Key Accountabilities:

• 
  

  Responsible of Alstom solution security analysis and of the definition of its security requirements and architecture.

  
  
  
  
  • Understand the solution to be delivered and to be secured
  
  
  • Execute on the risk analysis and identify/ propose the he countermeasures to be put in place
  
  
  • Design and document reliable security architecture resilient against cyberthreats (CADRA)
  
  
  • Ensure update and upgrade delivered solution cybersecurity as needed
  
  
  • Guarantee the cybersecurity technical coverage vis-a-vis the contract
  
  
  
  


• 
  

  Lead and Contribute to activities such as:

  
  
  
  
  • Cybersecurity risks assessment
  
  
  • Cybersecurity requirement implementation
  
  
  • Cybersecurity evaluation of the developed solution(s)
  
  
  • Management of 3rd parties on Cybersecurity aspects
  
  
  • Cybersecurity Vulnerability Management
  
  
  
  


• 
  

  Provide technical guidance and supervision for the project team

  
  
  
  
  • Participate to Project Design Reviews
  
  
  • Support engineering team answer design and technical difficulties related to cybersecurity implementation,
  
  
  • be referent for management and third parties on cybersecurity architecture and technical implementation.
  
  
  • Ensure homogeneous cybersecurity implementation conform to Governance & Expertise policies.
  
  
  
  


• Respond and support to any security-related incidents and provide post-event analysis


• Ensure cyber trend watch (new threats, new techno, etc.) related to the delivered solution(s)

Key Job Authorities and Dimensions

• Responsible for cybersecurity architecture at system and sub-system level


• Cybersecurity Design Reviews


• Ensure cybersecurity control implementation in design


• Provide requested deliverable in time with adequate quality


• Alignment with Alstom cybersecurity strategy and policies


• Contribution to Peer Reviews

Performance measurements:

• No "NO GO" for Cybersecurity reasons in Gate Reviews


• Quality of Cybersecurity deliverables, in time


• Achievement of Project/Program targeted level of Cybersecurity


• Assessment findings : Low rework due to external or internal assessments


• Vulnerability management is in place


• Respect of Cybersecurity activities QCD commitment


• Cybersecurity issues : quality of impact analysis, issue resolution

Qualifications & Skills:

EDUCATION

• Engineering / University degree


• Experience with direct responsibility for hands on architecture, design, development


• Experience related to Cybersecurity in general, deployment experience of security technologies.


• Extensive experience in IT/OT security and risk management with a focus on security, performance and reliability


• Technical proficiency of Architecture concepts and techniques of systems and networks, operating systems and associated programming languages.


• Experience in embedded or industrial systems (railway / aeronautics ...)


• Experience in System Engineering

BEHAVIORAL COMPETENCIES:

You are an outstanding Team Player, with proven talent in organizing teams &
taking initiatives. You demonstrate excellent communication skills and able to
guide, influence and convince others in a matrix organization.

TECHNICAL COMPETENCIES & EXPERIENCE

• Understanding of main cybersecurity standards and regulations, such as: ISA/IEC ‎62443, TS ‎50701, ISO 2700X, NIST,


• Understanding of OT System architecture


• Knowledge of cybersecurity risk assessment methodology: ISO ‎27005, IEC ‎62443


• Knowledge of defense in depth techniques such as:
  
  
  • Network security architecture development and definition
  
  
  • Perimeter security controls such as firewalls, IDS/IPS, network access controls, and network segmentation
  
  
  • Various aspects of network security such as routers, switches, and VLAN security
  
  
  • Security concepts related to DNS, including routing, authentication, VPN, proxy services
  
  
  
  


• Capacity to address high level (system) et low level (IT, Security technologies and Software design) and to design a cyber architecture (zoning, services, …).


• Knowledge of recognized techniques for evaluating systems security and Intrusion testing techniques.


• Understanding of third-party auditing and risk assessment


• Ability to interact with a broad cross-section of personnel to explain and enforce security measures


• Dynamic, autonomous. Creativity and ability to work in a complex environment.


• Team spirit approach


• Organized & reactive;


• Strong communication skills;


• Persuasive, resilient & committed.


• Speak, read and write English.

You don't need to be a train enthusiast to thrive with us. We guarantee that
when you step onto one of our trains with your friends or family, you'll be
proud. If you're up for the challenge, we'd love to hear from you!

Important to note
As a global business, we're an equal-opportunity employer that celebrates
diversity across the ‎63 countries we operate in. We're committed to creating
an inclusive workplace for everyone.

Job Segment: Embedded, Testing, Risk Management, Technology, Finance