CISO

Monaco Cloud operates the world's first sovereign cloud, within the Principality of Monaco. By providing state-of-the-art services while guaranteeing complete data sovereignty, Monaco Cloud solves the dilemma of Monegasque and French companies wishing to take advantage of the benefits of cloud technology while maintaining control over their data.

 

Job description

Within the Monaco Cloud team, the Chief Information Security Officer must implement Monaco Cloud’s policies, rules, procedures and operating methods, in accordance with the strategy and requirements of the Sovereign Cloud project.

As such, they ensure the security of Monaco Cloud by identifying the operator's vitally important information systems and the technical and organisational means to achieve the set security objectives.

Based on their experience, they advise the CEO on the implementation of a governance and organisation adapted to the operation of the operator and ensures their effectiveness.

 

Key responsibilities

• Participating in the security of projects carried out by Monaco Cloud and its partners, for all activities carried out by the operator, using a security by design approach and providing a functional link for steering the technical security architecture.
• Steering the system security approval processes and participating in approval committees.
• Steering the Monaco Cloud security audit programme and following up on remediation action plans.
• Contributing to obtaining the qualification of the operator as a cloud computing service provider hosted at different levels (essential and advanced).
• Monitoring the implementation of vulnerability remediation actions.
• Keeping a technological and regulatory watch on IT security and being aware of developments in cyber security in the face of new threats.
• Being the preferred working interface with the Monegasque Cyber Security Agency and the CISO and the government's ISD concerning the security of services.
• Ensuring the qualification of security incidents and the management of their processing in close collaboration with the Monegasque Cyber Security Agency.

 

Required profile

Qualifications

• You must have an engineering degree or a national diploma attesting to five years of higher education or a diploma recognised as equivalent by a competent authority in the field of Information Systems, Telecommunications or Networks.
• You must have professional experience of at least ten years in the field of Information Systems Security (ISS).
• You must be familiar with the rules governing Information Systems Security audits (PASSI, ISO 27k, etc.).
• You must be familiar with ISS risk analysis processes (ISO 27k, EBIOS, etc.) and system security certification procedures.
• You must have knowledge of urbanisation, architecture and configuration of Information Systems on application layers, systems and networks.
• You must have expertise in technical and functional cybersecurity topics (logical and physical access control, filtering, segmentation, log management and analysis, patch management, security watch, security incident management?).
• You must have knowledge of GDPR and Monegasque regulations in terms of cyber security and personal data protection.

 

Competences

• You must be able to popularise technical language for a lay audience.
• You must have skills in task coordination and project management.
• You must have experience in leading a team without a hierarchical link.
• You must be proactive and independent; you must have the ability to summarise and analyse.
• You must have good team spirit and the ability to adapt.
• You must demonstrate professional discretion and absolute respect for confidentiality.
• You must be fluent in French and English (read, written, spoken).
• The attention of the candidates is drawn to the fact that the successful candidate will be interviewed in order to be authorised, in accordance with Ministerial Order No. 2016-723 of 12 December 2016 implementing Article 18 of Law No. 1.430 of 13 July 2016, as amended.