Sodexo
Website:
sodexo.com
Job details:
Contribute to Sodexo’s Information Security Management System (ISMS)’s update to improve ISO27001 compliance
Manage the delivery of Information Security compliance activities to support and follow-up on Sodexo’s
pathway to compliance on applicable regulations (i.e: NIS2, AI Act, PCI-DSS, etc…)
Conduct Information Security Third Party Assurance on Sodexo suppliers to mitigate Risk throughout the
lifecycle of supplier relationships
Conduct Integration of Security in Projects risk assessments
Support the Legal teams to ensure appropriate Information Security clauses are in contracts
- Deliver technical compliance audits across a complex technology landscape
- Influence stakeholders to develop timely and appropriate action plans and to mitigate risk within tolerances
- Maintain Sodexo’s ISMS, whilst expanding the scope of ISO27001 coverage
- Coordinate, implement and follow-up on applicable regulations (i.e: NIS2, AI Act, PCI-DSS, etc…) Information Security compliance activities across a multi-tiered acquirer and merchant payments estate
Key Responsibilities
- Build an annual consolidated Information Security Compliance Programme that provides the business, IT of visibility of internal and external Audit & Assurance activity to allow appropriate demand & resource planning
- Deliver effective Security Compliance reporting to inform Risk & Issue reporting to the CISO, IT & Business Senior Leadership
Government Accreditation & European Regulations
- Manage, maintain, and deliver Risk Management of Sodexo’s IT systems and applications
- Create and maintain Risk Management Accreditation Documents Sets (RMADS)
- Demonstrate the use of DART and an effective understanding of alternative risk management methodologies
- Coordinate NIS2 Information Security compliance activities across several regions
ISO27001
- Ensure the ISMS is managed and maintained in alignment with the Statement of Applicability and ISO27001/2 framework
- Define requirements for the ISMS, document and implement security policies to develop and maintain the ISMS
- Manage and maintain the ISMS document set
- Run regular audits of the activities on locations covered by the ISMS scope
- Develop a plan to scale up ISO27001 practices to a wider scope to improve overall security maturity
- Explore opportunities for consolidation of ISMS where practical and appropriate
Applicable regulations
- Coordinate, implement and follow-up on applicable regulations (i.e: NIS2, AI Act, PCI-DSS, etc…) Information Security compliance activities across a multi-tiered acquirer and merchant payments estate
- + compliance efforts in performing and/or coordinating targeted CE+ compliance monitoring across applicable segments and related Sodexo infrastructure
- Work with internal and external stakeholders to deliver CE+ certifications and recertifications
Information Security Third Party Assurance
- Manage and maintain questionnaires within the Third-Party Risk Management platform used by internal and external stakeholders, enhancing the product and supporting processes where applicable.
- Conduct risk-based information security due diligence activities against vendors to provide appropriate levels of assurance to key stakeholders.
- Enhance Information Security Third Party Assurance processes and engagement activities across IS&T, transversal functions and the wider business
Required Skills
- Minimum 10+ years of experience in IT Security Compliance.
- Expert knowledge and practical experience of ISO27001 certification requirements and ISMS
- documentation
- Experience of leading and performing internal or external IT audits
- Experience of dealing with third party supplier audits
- Experience of negotiating with stakeholders in designing relevant action plans
- Experience of comprehensive IT internal audit program design and development
- General knowledge of IT environments and technologies
- General Knowledge of Security Architecture or Enterprise Architecture
- Desirable Certifications: CISA, CRISC, QSA, ISO27001 LI, ISO27001 LA.
- Ability to communicate effectively in French and in English, both written and verbally
- Analytical and problem-solving capabilities
- Strong-will minded
- Rigorous and organised
Click on Apply to know more.