Project Security Manager with Cloud - MID Level

Descrizione del lavoro:

Location: Bucharest, Romania

Thales is a global technology leader trusted by governments, institutions, and enterprises to tackle their most demanding challenges. From quantum applications and artificial intelligence to cybersecurity and 6G innovation, our solutions empower critical decisions rooted in human intelligence. Operating at the forefront of defence and security, aerospace and space, cybersecurity and digital identity, we're driven by a mission to build a future we can all trust.

In Romania, we are advancing innovation through software engineering, research and development, delivering solutions in key markets in which Thales Group operates. Our engineers design, develop and integrate solutions that impact global industries - from fully operational systems and subsystems for naval warfare and maritime security operations, to air traffic management systems, satellite-based solutions, tactical indoor simulations, identity and biometric technologies and more.

Project Security Manager - MoveToCloud Activities

Ready to code the future with Thales Romania? Join a passionate global team driving front-line innovation in AI, aerospace, security, and beyond!

Within an outsourcing or MoveToCloud project, in the CFT, implementation, or RUN phase, and under the direction of the HoD Cybersecurity, in cooperation with the CISO and the Security Officers, the Project Security Manager MoveToCloud intervenes respectively at the request of the Bid Manager or the Program Manager in order to ensure compliance with the IT security requirements stemming from the contract, the regulations in force, the rules of the Group Product Security Office and the Thales Digital Information Systems Security Policy.

In order to demonstrate good security governance, you develop the KPIs, the documents required to maintain and improve when necessary the level of security of the services provided by Thales.

As a Project Security Manager you will:
* Accompany during the integration of a Prospect/Client in the CFT phase, engineering and recurring operations, he is the privileged interlocutor of the CISO (or equivalent) of the Client
* Improve and maintain the security level of trust with the client by complying with the contractual, regulatory and internal Thales Digital Services security requirements and by carrying out appropriate reporting
* Preserve the business interests of Thales Digital Services by explaining the adaptation needs and residual risks to the competent authorities based on the project's challenges.

Depending on the project phases, the mission of the Project Security Manager includes:

CFT:
* Participate in the identification and definition of security measures during the pre-sales phase
* Encrypt all the necessary security activities
* Define in relation to the BM the organizational and technical solutions related to contractual, internal TS or regulatory requirements by integrating their description and cost. Analyze the related business risks and alert the BM
* Complete all security qualification documents.
* Draft the Security Assurance Plan if necessary and contribute to the technical memory of the response

BUILD:
* Contribute to the technical security architecture and proposed solutions with regard to requirements.
* Serve as an interface with the technical teams of Thales Digital Services to ensure compliance with security requirements
* Draft or update the Security Assurance Plan describing organizational and technical security arrangements in response to contractual and regulatory security requirements and have it approved by the Project manager
* Complete the PSSI compliance matrix and have it approved by the functional chain SSI
* Roll out the specific regulatory processes where applicable (Health, Defense, ...) based on the existing processes of Thales Group and Thales Digital Services
* Implement or pilot the implementation of security tools

RUN:
* Pilot the Maintenance in Safety Condition (MCS) of the safety devices implemented
* Ensure contractual reporting with the client (security indicators, key facts, incidents, ...), lead the safety committees with the latter and participate if necessary in the various project steering bodies
* Report to the Engineering delivery manager, the SSI and the client
* Perform the reviews of authorizations and access, monitoring Security incidents, monitoring Patch Management, monitoring Customer audits, production of SSI reporting...
* Alert and accompany the functional Cyber chain on security incident/event and ensure the interface with the Client
* Produce a targeted technological watch or technical advice allowing to provide solutions or answers to the Client
* Manage the security derogations and the corresponding risk analyses
* Perform regular SSI checks and report the results and evidence
* Accompany SSI audits and pilot the corresponding remediation plan

Example of an Project Security Manager contribution to SSI Services subscribed by the Client:
* Approval
* Analysis of Antivirus reports
* Analysis of Vulnerability Audits
* Analysis of CERT-IST bulletins
* Monitoring of remediation plans following audit
* Monitoring of specific security controls of the Client
* Raising awareness among THALES Digital Services stakeholders and the Client
* Network flow management, hardening of platforms
* Management of personal data

The missions of the Project Security Manager lead to permanent interactions with many internal and external actors that should be addressed with hindsight, pragmatism, and several other soft-skills:

Required competencies/experience:
* Cloud Security Technical Expertise
* Standard information systems security infrastructure, architecture, technologies and processes
* ISS Governance Concepts and Principles
* Principles of Maintenance in Security Condition and means for project managers and secure architectures
* CloudOps and DevSecOps
* Referentials, regulations, standards and hygiene guides related to SSI (e.g.: GDPR, ISO27x0x, NIST, Cyber Resilience Act, AI Act, DORA, PCI-DSS, ...
* Risk analysis methods (ideally EbiosRM) and application experience

Behavioral skills:
* Managing complexity
* Support innovation
* Share a vision
* Act with integrity
* Engage key players
* Being responsible
* Focus on customer needs
* Building trust
* Take calculated risks

At Thales, we're committed to fostering a workplace where respect, trust, collaboration, and passion drive everything we do. Here, you'll feel empowered to bring your best self, thrive in a supportive culture, and love the work you do. Join us, and be part of a team reimagining technology to create solutions that truly make a difference - for a safer, greener, and more inclusive world