Chief Information Security Officer-Ciso M - F H/F - EDHEC Business School - Campus de Nice

EDHEC BUSINESS SCHOOL

EDHEC Business School was founded in the early 20th century by industrialists in northern France. True to the humanist vision already driving the school's founders in 1906, EDHEC's raison d'être is to place business at the service of the common good. It's a project that the school is carrying out today thanks to "Générations 2050", its 2024-2028 strategic plan, built for future generations. We have campuses in Nice, Paris, Lille, London and Singapore.

Thanks to the excellence of its teaching, its policy of social openness and its privileged links with the business world, EDHEC ranks among the top 10 business schools in Europe. We are recognised for our internationalised outlook and approach, our high-quality teaching faculty and our ability to appropriate contemporary subjects like AI, sustainable finance and diversity and inclusion.As part of its development, the EDHEC Group - one of the leading research and teaching institutions in Europe - is recruiting a Chief Information Security Officer, based in Nice.

Within the IT department of EDHEC's Business Development Department (DBD), you are mainly in charge of defining, implementing, and managing the company's information security strategy. You will ensure the protection of systems, data, and users against cyber threats, while actively contributing to the continuous improvement of security levels.

The team being small (3 people), each have transversal missions widening the spec of the role.

Main Responsibilities

- Monitoring and managing security alerts

- Monitoring detection tools (SIEM, XDR, IDS/IPS, etc.)

- Analysing and qualifying security alerts

- Management of incident response and follow-up until resolution

- Pentests and vulnerability management

- Organise and coordinate intrusion testing campaigns

- Ensure weekly follow-up on pentest results

- Prioritise vulnerabilities and monitor the implementation of remediation plans

- Cybersecurity awareness and training

- Design and deploy internal phishing campaigns

- Analyse results and performance indicators

- Implement training and awareness initiatives tailored to users

- Reporting and governance

- Update and maintain monthly security report data

- Produce clear indicators for management

- Contribute to the improvement of security processes and internal policies

The candidate will also be the DPO Representative to ensure compliance with the General Data Protection Regulation. Upon taking up the position, they will be required to work towards implementing ISO 27001 certification.

Required skills:

Technical:

- Strong expertise in log handling and analysis
- Knowledge of security tools (SIEM, XDR, vulnerability scanners, phishing solutions,
- pentesting, etc.)
- Strong foundation in system, network, and application security
- Knowledge of pentesting and vulnerability management methodologies
- Comfortable with the AWS environment and security

Cross-functional:

- Proactive and able to anticipate risks
- Excellent analytical and synthesis skills
- Good communication skills, both with technical and non-technical teams
- Rigorous, autonomous, and responsible
- Work closely with the system and network administrator in charge of patching hardware and application solutions
- Manage tickets related to your area of expertise
- Stay continuously informed about new threat techniques and effective solutions to fight them

With a higher education degree in IT, you have at least 10 years of experience in the IT security field.

In a multicultural and multi-site environment (Nice, Paris, Singapore, London), you are proficient in technical and professional English.

Additional knowledge about firewalls (PaloAlto), switches and servers (HP/Aruba), antivirus (Cortex XDR), patch management (BigFix), email systems (Office 365), SIEM (Logpoint), Pentest (Pentera), Bastions (Wallix), AWS Cloud would enhance your application.

After one year in the role, you will be able to work from home one day a week. Another day will be possible depending on the remote organisation.