Senior Information Security Compliance Officer

Founded in Marseille in 1966 by Pierre Bellon, Sodexo is the global leader in sustainable food and valued experiences at every moment in life: learn, work, heal and play. Operating in 45 countries, our 430,000 employees serve 100 million consumers each day. The Sodexo Group stands out for its independence and its founding family shareholding, its responsible business model and its portfolio of activities including Food Services, Facilities Management Services and Employee Benefit Solutions.Our mission: to improve the quality of life of our employees and those we serve, and contribute to the economic, social and environmental progress in the communities where we operate.For Sodexo, growth and social commitment go hand in hand.Our purpose is to create a better every day for everyone to build a better life for all. We are looking for a Senior Information Security Compliance expert to join our Global Cybersecurity team and play a key role in ensuring that risk management processes are properly followed across the TDDI function and among business stakeholders. Your main assignments will be :Build an annual consolidated Information Security Compliance Programme that provides the business, IT visibility of internal and external Audit & Assurance activity to allow appropriate demand & resource planningDeliver effective Security Compliance reporting to inform Risk & Issue reporting to the CISO, IT & Business Senior LeadershipEnsure Audit & Assurance actions are managed, tracked, and reported through to mitigationISO27001Ensure the ISMS is managed and maintained in alignment with the Statement of Applicability and ISO27001/2 frameworkDefine requirements for the ISMS, document and implement security policies to develop and maintain the ISMSManage and maintain the ISMS documentationConduct and supervise Sodexo Group’s regular audits and review the implemented controls covered by the ISMS scope to align to the business needDevelop a plan to scale up ISO27001 practices to a wider scope to improve overall security maturityExplore opportunities for consolidation of ISMS where practical and appropriateManage ISO22301 compliance improvements and coordinate annual testing requirementsBuild and maintain IT business continuity and the disaster recovery plan aligned to business needsEnsure annual recovery testing coordination of IT environment and revise requirements for critical recovery strategy aligns with business requirementsInformation Security Third Party AssuranceManage and maintain questionnaires within the Third Party Risk Management platform used by internal and external stakeholders, enhancing the product and supporting processes where applicable.Conduct risk-based information security due diligence activities against vendors to provide appropriate levels of assurance to key stakeholdersEnhance Information Security Third Party Assurance processes and engagement activities across IS&T,transversal functions and the wider businessPCI DSS, NIS2, AI Act and relevant regulationsCoordinate and report on PCI-DSS, NIS2, AI Act compliance programmes to provide direction and assurance of operational controls and meet Sodexo’s compliance requirements⚒️ Your profile and competencies :6+ years of experience in Information Security and related fieldsExpert knowledge and practical experience of ISO27001 certification requirements and ISMSdocumentationExpert knowledge and practical experience in implementing compliance action plans regarding applicableregulations (i.e: NIS2, AI Act, PCI-DSS etc)Experience of leading and performing internal or external IT auditsExperience of dealing with third party supplier auditsExperience of negotiating with stakeholders in designing relevant action plansExperience of comprehensive IT internal audit program design and developmentGeneral knowledge of IT environments and technologiesGeneral Knowledge of Security Architecture or Enterprise ArchitectureDesirable Certifications: CISA, CRISC, QSA, ISO27001 LI, ISO27001 LA.Ability to communicate effectively in French and in English, both written and verballyAnalytical and problem-solving capabilitiesStrong mindedRigorous and organisedAbility to gain Government Security Clearance What we offer : Competitive employee benefits: 13th month salary, works council (CSE), health insurance, 50% reimbursement of public transport subscription, additional leave for family events (wedding, birth, etc.), PERECO Position based in Issy-les-Moulineaux, easily accessible via Tram T2 and RER Cif you are interested, do not hesitate to apply