Consultant Cyber GRC Senior

Thales people architect identity management and data protection solutions at the heart of digital security. Business and governments rely on us to bring trust to the billions of digital interactions they have with people. Our technologies and services help banks exchange funds, people cross borders, energy become smarter and much more. More than 30,000 organizations already rely on us to verify the identities of people and things, grant access to digital services, analyze vast quantities of information and encrypt data to make the connected world more secure.

Context of the position

Within THM, the Cybersecurity Consultant is responsible for advising on various cybersecurity projects. The sought candidate will join Thales' consulting service line and will notably participate in consulting missions in several cybersecurity domains.

The candidate will also be required to participate in or lead penetration testing, vulnerability scanning, and network segmentation tests.

The candidate will also be required to assist in pre-sales projects given their expertise, particularly on technical responses and effort estimation.

The candidate may intervene on different client Cyber perimeters and in several domains: transport, industrial, telecom, and banking.

Description of missions

Within the THM team, you will work as a Senior Consultant to deliver security services for our clients.

Your main missions will consist of:

• Define and support the governance of Information System Security
• Participate in the creation and implementation of the SSI Master Plan, define monitoring indicators
• Draft information security governance documents (Information System Security Policy, IT charters, Data Governance, etc.)
• Participate in risk analyses
• Pilot the implementation of technical and organizational protection measures
• Support compliance with SSI frameworks (PCI DSS, ISO 2700x, GDPR, DNSSI, SIS Homologation)
• Definition of the certification scope, conduct of PIAs, mapping of DCPs and their processing. Risk analysis, gap analysis with respect to the framework
• White-box audit, internal audit and third-party audit, certification audit
• Lead awareness campaigns on SI security and data protection
• Perform internal and external penetration tests on networks, systems, Web/Mobile, IoT applications.
• Identify, analyze and exploit security vulnerabilities (infrastructures, applications, protocols).
• Develop and use custom tools/scripts for pentest campaigns.
• Apply standard methodologies (OWASP, OSSTMM, PTES, MITRE ATT&CK).
• Write technical and executive reports with description of vulnerabilities, proofs of exploitation and corrective recommendations.
• Advise Client technical and business teams for vulnerability correction and improvement of the security level.

Experience and profile sought

• Engineering degree or equivalent in IT security and/or Cybersecurity
• Proficiency in French and English.
• Minimum 4 years of experience in consulting
• Certifications: ISO 27001/2, ISO 27005, CEH, OSCP…
• Passion and strong motivation for Cybersecurity aspects (security watch, attack techniques and Pentesting, system vulnerabilities, integration)

Expected skills and behavior

Technical skills:

• Ability to conduct risk analyses and treatment plans

• Execution of internal/external SSI compliance audits

• Writing audit reports and corrective action plans

• Knowledge of Norms & standards (ISO 27001, ISO 27002, ISO 27005, ISO 22301, ISO 19011, PCI DSS, COBIT, ITIL, GDPR, law 05-20…)

• One or more Cybersecurity certifications (CISSP, CISM, ISO 27001, ISO 27005, CC, CISA, CEH…)

Behavioral:

• Good interpersonal skills, structured and targeted communication allowing to eventually interface with clients.

• Autonomous, ability to integrate into a team and share knowledge.

• Good writing skills

• Adaptability

• Strong interest in technology and Cybersecurity, curious to learn and understand, rigorous and reactive. Aware of information protection and discreet.

#LI-SB1

At Thales we provide CAREERS and not only jobs. With Thales employing 80,000 employees in 68 countries our mobility policy enables thousands of employees each year to develop their careers at home and abroad, in their existing areas of expertise or by branching out into new fields. Together we believe that embracing flexibility is a smarter way of working. Great journeys start here, apply now!