Senior Information Security Compliance Officer

Founded in Marseille in 1966 by Pierre Bellon, Sodexo is the global leader in sustainable food and valued experiences at every moment in life: learn, work, heal and play.

Operating in 45 countries, our 430,000 employees serve 100 million consumers each day. The Sodexo Group stands out for its independence and its founding family shareholding, its responsible business model and its portfolio of activities including Food Services, Facilities Management Services and Employee Benefit Solutions.

Our mission: to improve the quality of life of our employees and those we serve, and contribute to the economic, social and environmental progress in the communities where we operate
.

For Sodexo, growth and social commitment go hand in hand.

Our purpose is to create a better every day for everyone to build a better life for all.

We are looking for a Senior Information Security Compliance expert to join our Global Cybersecurity team and play a key role in ensuring that risk management processes are properly followed across the TDDI function and among business stakeholders.

Your main assignments will be :

• Build an annual consolidated Information Security Compliance Programme that provides the business, IT visibility of internal and external Audit & Assurance activity to allow appropriate demand & resource planning
• Deliver effective Security Compliance reporting to inform Risk & Issue reporting to the CISO, IT & Business Senior Leadership
• Ensure Audit & Assurance actions are managed, tracked, and reported through to mitigation

ISO27001

• Ensure the ISMS is managed and maintained in alignment with the Statement of Applicability and ISO27001/2 framework
• Define requirements for the ISMS, document and implement security policies to develop and maintain the ISMS
• Manage and maintain the ISMS documentation
• Conduct and supervise Sodexo Group's regular audits and review the implemented controls covered by the ISMS scope to align to the business need
• Develop a plan to scale up ISO27001 practices to a wider scope to improve overall security maturity
• Explore opportunities for consolidation of ISMS where practical and appropriate
• Manage ISO22301 compliance improvements and coordinate annual testing requirements
• Build and maintain IT business continuity and the disaster recovery plan aligned to business needs
• Ensure annual recovery testing coordination of IT environment and revise requirements for critical recovery strategy aligns with business requirements

Information Security Third Party Assurance

• Manage and maintain questionnaires within the Third Party Risk Management platform used by internal and external stakeholders, enhancing the product and supporting processes where applicable.
• Conduct risk-based information security due diligence activities against vendors to provide appropriate levels of assurance to key stakeholders
• Enhance Information Security Third Party Assurance processes and engagement activities across IS&T,transversal functions and the wider business

PCI DSS, NIS2, AI Act and relevant regulations

• Coordinate and report on PCI-DSS, NIS2, AI Act compliance programmes to provide direction and assurance of operational controls and meet Sodexo's compliance requirements

Your profile and competencies :

• 6+ years of experience in Information Security and related fields
• Expert knowledge and practical experience of ISO27001 certification requirements and ISMS
• documentation
• Expert knowledge and practical experience in implementing compliance action plans regarding applicable
• regulations (i.e: NIS2, AI Act, PCI-DSS etc)
• Experience of leading and performing internal or external IT audits
• Experience of dealing with third party supplier audits
• Experience of negotiating with stakeholders in designing relevant action plans
• Experience of comprehensive IT internal audit program design and development
• General knowledge of IT environments and technologies
• General Knowledge of Security Architecture or Enterprise Architecture
• Desirable Certifications: CISA, CRISC, QSA, ISO27001 LI, ISO27001 LA.
• Ability to communicate effectively in French and in English, both written and verbally
• Analytical and problem-solving capabilities
• Strong minded
• Rigorous and organised
• Ability to gain Government Security Clearance

What we offer :

Competitive employee benefits
: 13th month salary, works council (CSE), health insurance, 50% reimbursement of public transport subscription, additional leave for family events (wedding, birth, etc.), PERECO ...

Position based in Issy-les-Moulineaux
, easily accessible via Tram T2 and RER C

if you are interested, do not hesitate to apply