Chief Information Security Officer-Ciso M - F H/F - 06

EDHEC BUSINESS SCHOOL

EDHEC Business School was founded in the early 20th century by industrialists in northern France. True to the humanist vision already driving the school's founders in 1906, EDHEC's raison d'être is to place business at the service of the common good. It's a project that the school is carrying out today thanks to "Générations 2050", its 2024-2028 strategic plan, built for future generations. We have campuses in Nice, Paris, Lille, London and Singapore.

Thanks to the excellence of its teaching, its policy of social openness and its privileged links with the business world, EDHEC ranks among the top 10 business schools in Europe. We are recognised for our internationalised outlook and approach, our high-quality teaching faculty and our ability to appropriate contemporary subjects like AI, sustainable finance and diversity and inclusion.As part of its development, the EDHEC Group - one of the leading research and teaching institutions in Europe - is recruiting a Chief Information Security Officer, based in Nice.

Within the IT department of EDHEC's Business Development Department (DBD), you are mainly in charge of defining, implementing, and managing the company's information security strategy. You will ensure the protection of systems, data, and users against cyber threats, while actively contributing to the continuous improvement of security levels.

The team being small (3 people), each have transversal missions widening the spec of the role.

Main Responsibilities

- Monitoring and managing security alerts

- Monitoring detection tools (SIEM, XDR, IDS/IPS, etc.)

- Analysing and qualifying security alerts

- Management of incident response and follow-up until resolution

- Pentests and vulnerability management

- Organise and coordinate intrusion testing campaigns

- Ensure weekly follow-up on pentest results

- Prioritise vulnerabilities and monitor the implementation of remediation plans

- Cybersecurity awareness and training

- Design and deploy internal phishing campaigns

- Analyse results and performance indicators

- Implement training and awareness initiatives tailored to users

- Reporting and governance

- Update and maintain monthly security report data

- Produce clear indicators for management

- Contribute to the improvement of security processes and internal policies

The candidate will also be the DPO Representative to ensure compliance with the General Data Protection Regulation. Upon taking up the position, they will be required to work towards implementing ISO 27001 certification.