Are you looking for a new opportunity in a fast-moving global company with a family feel? A job where you could have an impact?

We are looking for a PASSI Advisor/Senior Cybersecurity Consultant to work in Toulouse, France.

This position is available for hybrid working.

Tasks and Activities

The scope of work will include:

• Leading and performing PASSI RGS and LPM certification audits on the different PASSI scopes: physical and organizational security, technical infrastructure and configuration.
• Supporting RHEA in its ANSSI qualification objectives.
• Supporting the development of the business by actively contributing to the pre-sales process (in response to specifications) and participating in the continuous improvement of the service offer and tools of RHEA France and the rest of the Group.
• Contributing to and supporting the governance (GRC) of Information Systems Security in the context of defence projects as well as French and European space programmes:
  • Participating in the definition and implementation of Cyber Master Plan in space, as well as monitoring indicators and associated action plans.
  • Writing the information security governance documents in the framework (Security Policy and ISO27001/31000 documentation).
  • Accompanying our clients in compliance with SSI benchmarks (e.g. PCI DSS, ISO 2700x, RGPD, NIST, NIS, LPM).
  • Accompanying, piloting and producing security approval files (France, NATO, EU) for complex and critical systems (note: proven experience of risk analysis methods such as EBIOS/27005 are essential).
• Conducting IS security awareness and training campaigns.

Skills and Experience

The following skills and experience are mandatory:

• Degree in engineering or university Bac+5 in a relevant subject (network security or cybersecurity) from a recognized institution.
• At least 5-7 years of relevant experience in a consulting firm in the tasks mentioned above.
• Significant experience in developing security policies, governance and technical and normative audits in IT and critical/industrial systems.
• Practical experience in writing security requirements and standards, processes and procedures.
• Excellent knowledge of IT and OT technologies (network and security infrastructure, IoT, industrial systems).
• Excellent knowledge and experience of ISO 2700x.
• Curiosity, ability to analyze, summarise and adapt (human, technological and normative).
• Excellent interpersonal skills and ability to manage a team operationally.
• An organized, dynamic, proactive and solution-oriented attitude.
• The ability to travel mainly in France, Europe and North America.
• French and English (C1).

The following skills and experience would be highly desirable:

• Qualifications: Experience as PASSI auditor (all scopes appreciated).
• Certifications: CISSP, CISA, CISM, ISO, CRISC, CHFI, CEH, OSCP, PMP.
• Previous working environment: Defence, Space and Industry.
• Methods and standards: ISO15408, MEGERIT, MEHARI, CRAMM, OCTAVE, ISO 31000, Common Criteria and NIS.
• Regulations: IGI1300, II 901, IGI6600 (SAIV).
• Technologies: xDR, SIEM, Cloud, 5G/6G Security, CTI, SOC, OSINT, Quantum Key Distribution, R/F Security, Zero Trust.
• Skills: Pentest and forensics analysis.
• Excellent cyber awareness and versatility.

Why should you apply?

• You will have the opportunity to work within a major institution.
• We encourage everyone to think outside the box and to push the boundaries of traditional knowledge. This role is an opportunity to join a forward-thinking company and allows for a deeper understanding of the industry.
• Benefits include: competitive remuneration packages; unique career opportunities, including working in other countries; personalized training and development programmes; flexible relocation support.

We welcome applications from people with disabilities, members of ethnic minorities, all genders, LGBTQ+ individuals and ex-service personnel.