Haifa-Nazareth Cyber Design Mgr

At Alstom, we understand transport networks and what moves people. From high-speed trains, metros, monorails, and trams, to turnkey systems, services, infrastructure, signalling and digital mobility, we offer our diverse customers the broadest portfolio in the industry. Every day, more than 80 000 colleagues lead the way to greener and smarter mobility worldwide, connecting cities as we reduce carbon and replace cars.

Purpose of the job:

Organize and manage Cybersecurity activities during Project (contract execution) or Program (internal development).

ACCOUNTABILITIES & AUTHORITIES

Key accountabilities:

Analyze Project / Program security needs (including laws and local regulations), determine security objectives and main security risks strategy
Plan security activities within development life cycle, estimate costs and duration, their impacts related to project program execution, Identify training needs
Is responsible for Cost / Quality / Delay of Project/Program Cybersecurity deliverables, as needed per Project / program context :
Cybersecurity context, and Cybersecurity Risk Analysis
Cybersecurity Architecture definition and requirement allocation
Cascading of requirement to suppliers, Manage Third Parties Risks,
Definition of Cybersecurity Operating Procedures
Evaluation of the Project/Program achieved Cybersecurity level
Provide support during technical design meetings for cybersecurity activities
Obtain agreement from Project/Program/Customer about on the set of security measures to be implemented
Manage vulnerabilities and Cybersecurity issues and actions plan,
Manage Program / Project Cybersecurity related communication,
Report on Program / Project Cybersecurity status
In case of external Cybersecurity audit, manage the relationship with auditors Establish lessons learned
Promoting the Alstom Code of Ethics and adhering to the highest standards of ethical conduct.

Key Job Authorities and Dimensions

Responsible of the QCD of its project/program Cybersecurity Work Package
Functional animation of Cybersecurity Engineer team (typically from 1 to 5)

Performance measurements:

No "NO GO" for Cybersecurity reasons in Gate Reviews
Quality of Cybersecurity deliverables, in time
Achievement of Project/Program targeted level of Cybersecurity
Assessment findings : Low rework due to external or internal assessments
Vulnerability management is in place § Respect of Cybersecurity activities QCD commitment
Cybersecurity issues/incident resolution

EXPERIENCE PREREQUISITES & REQUIRED COMPETENCES

Educational Requirements

Mandatory: University/ Engineer in degree level

Desirable: Cybersecurity certification such as: GICSP, CISSP, GSEC, CISM

Experience

Mandatory:

Experience with direct responsibility for hands on architecture, design, development
Experience related to Cybersecurity in general, deployment experience of security technologies.
QCD Management

Desirable:

Knowledge of Alstom Products & Solution Portfolio
Experience in embedded or industrial systems (railway / aeronautics ...)

Requirements

Israeli Citizen.
Holds one of the following valid certificates: CISO, CISSP, CISM or equivalent.
At least seven (7) years of experience in managing Information Security in national and international projects (including specifically providing support in Information Security and cyber protection aspects in the planning and design, procurement, installation, integration, testing, operation and maintenance phases).
Extensive knowhow in the protection of IT and OT infrastructures and systems.
In-depth familiarity with up-to-date technologies and Information Security regulation pertaining to the field of transportation.
The PCyM shall be approved by Cyber Authority (MoT).
Qualified personnel – security clearance level 3 or 4.
Fluent in both English and Hebrew (read, write and speak).
Location: Israel.

Competencies & Skills

Engineering Background – Not mandatory
Knowledge of main Cybersecurity standards and regulations, such as: ISO 2700X, 62443, NIST, NIS, French LPM
Knowledge of some Cybersecurity solutions and areas
Methods of Cybersecurity risk analysis
Architecture concepts and techniques of systems and networks
operating systems and
Knowledge of the main techniques for evaluating systems security
Dynamic, autonomous. Creativity and ability to work in a complex environment

You don’t need to be a train enthusiast to thrive with us. We guarantee that when you step onto one of our trains with your friends or family, you’ll be proud. If you’re up for the challenge, we’d love to hear from you!

Important to note

As a global business, we’re an equal-opportunity employer that celebrates diversity across the 63 countries we operate in. We’re committed to creating an inclusive workplace for everyone.

Job Segment: Manager, Information Security, Procurement, Management, Technology, Operations