Company Description

Amer Sports is a sporting goods company with internationally recognized brands including Salomon, Arc'teryx, Peak Performance, Atomic and Wilson.

"The Mountain Sport Company", Salomon was born in 1947 in the heart of the French Alps and the birthplace of modern alpinism. Salomon's commitment to innovative design and passion for mountain sports created a vast range of revolutionary new concepts in bindings, boots, skis and apparel for both Alpine and Nordic skiing and brought innovative solutions to footwear, apparel and equipment for snowboarding, adventure racing, mountaineering, hiking, trail running, and many other sports.

Through performance driven design, Salomon delivers innovation and progression to mountain sports; converting new ideas into action and expanding the limits of possibility. Salomon's heritage, culture, and commitment are tied together by one simple concept: the world's leading mountain people creating the world's leading mountain products. Salomon is responsibly committed towards the outdoor through its sustainability program. Diversity is one of Salomon's five values, therefore we are committed to creating an inclusive environment for all.

Salomon is headquartered in Annecy, France.

Job Description

Join Salomon as our new Cybersecurity Specialist and be responsible for implementing the IT security strategy, managing vulnerabilities, and integrating best practices in SecDevOps and Infrastructure. You will also play a key role in managing cybersecurity risks and strategic projects aimed at ensuring the protection of the company's systems and data.

This role will for Manage an information Security Management System (ISMS) compliant with international standards such as ISO 27001.

Your missions :

Information System Security Management:

• Develop and implement the information system security strategy in alignment with the company's objectives.
• Oversee security governance by defining and applying security policies and procedures in accordance with ISO 27001, NIST standards.
• Ensure system compliance with current security standards (including ISO 27001, NIST) and regulation (GDPR, PCI DSS, ...).

Vulnerability Management:

• Lead and coordinate the company's vulnerability management program in collaboration with SecDevOps and Infrastructure teams.
• Identify and prioritize critical vulnerabilities affecting infrastructures and applications.
• Ensure proactive management of security risks and vulnerabilities across the company's IT architecture.

SecDevOps and Infrastructure:

• Collaborate with DevOps and Infrastructure teams to integrate security throughout the development lifecycle (Secure DevOps).
• Oversee the implementation of secure solutions in cloud and on-premise environments, ensuring security practices compliance in CI/CD pipelines.

Cybersecurity Project Management:

• Lead cybersecurity projects from planning to implementation, respecting deadlines, budget, and security requirements.
• Coordinate internal and external technical teams to ensure the success of cybersecurity projects.
• Monitor project progress, manage associated risks, and produce regular reports for management.

Risk Management:

• Identify, assess, and prioritize cybersecurity risks affecting the company's information systems using recognized standards and methodologies such as EBIOS and ISO 27005.
• Develop and implement risk management plans in collaboration with stakeholders and ensure follow-up on risk mitigation actions.

Monitoring, Analysis, and Reporting:

• Conduct continuous technological and strategic monitoring of new vulnerabilities and threats.
• Participate in regular audits to evaluate the effectiveness of the security policy and vulnerability management.
• Animate a community of vulnerability champions (IT and Secdevops)
• Establish vulnerability reports for the whole company and assist vulnerability champions to prioritize finding's remdiation.

Management :

• You will have a team of one to ten employees in direct or functional management

Qualifications

Education: Master's in cybersecurity, information systems security, or a similar field.

Experience: Minimum of 5 to 7 years in information system security management, with a strong focus on vulnerability management, SecDevOps, risk management, and ISMS implementation.

Technical Skills: Expertise in SecDevOps, vulnerability management, infrastructure security (Cloud, network, applications), and specialized tools (Qualys, Nessus, etc.).

Risk Management Standards: Mastery of risk management methodologies such as ISO 27005 and EBIOS, NIST methodology.

• ISO27001 lead auditor or implementor
• Risk management ISO 27005
• CISSP or equivalent

Additional Information

Located in Annecy (74), FRANCE

ASAP

Videos To Watch
https://www.youtube.com/watch?v=81kru0_UoYU