Valeo ist ein globales Technologieunternehmen, das innovative Lösungen entwickelt, um die Mobilität neu zu erfinden. Wir sind ein Partner von Automobilherstellern und Akteuren der neuen Mobilität weltweit. Unsere Vision? Eine grünere und sicherere Mobilität zu erfinden, dank Lösungen, die sich auf intuitives Fahren und die Reduzierung von CO2-Emissionen konzentrieren. Wir sind führend in unseren Geschäftsbereichen und werden als eines der weltweit größten innovativen Unternehmen anerkannt.AccountabilityProvide Cybersecurity architecture best practices and Cybersecurity requirements in the other fieldsDefine/update Cybersecurity architecture best practices based on Valeo CSMS (CyberSecurity Management System), Cybersecurity standards, Valeo Information Systems environment and other product disciplines when applicable.Design, support the implementation and control the Cybersecurity of architecturesDetermine Cybersecurity requirements in a way to fulfill business objectives and Valeo Cybersecurity requirementsPlan, research and design robust Cybersecurity architectures Including full product or information management covering the full lifecycle as detailed in the CSMS, whenever applicableIncluding DRP (Disaster Recovery Plan), log management, potential integration issues and cost constraints, when applicableAnalyze and assess external components (e.g. libraries, software, hardware) and internal item (e.g. IS/IT solutions) in his/her scope of responsibility, according to Valeo Cybersecurity standardsEnsure the Cybersecurity of some Valeo critical systems (e.g. platform, solution, service) Anticipate possible Cybersecurity risks, identify areas of weakness, and respond effectively to possible Cybersecurity breachesControl final Cybersecurity structures to ensure they behave as expected (including design review)Plan Cybersecurity breach tests (e.g. stress tests, pentests)Cybersecurity watchRemain up to date with the latest Cybersecurity systems, standards, authentication protocols, Cybersecurity solutions, software/component vulnerabilities and threatsResponsibilityDesign, support the implementation and control the Cybersecurity of architecturesAcquire a deep understanding of technology (from modules up to the vehicle in its communicating environment, Information Systems, and/or other related domains)Perform risk assessments related to the context:Third-Party Risk AssessmentProject Information Risk AssessmentProduct and/or Service Risk AssessmentDepending on the project or product, design concept / software / components/ infrastructure / Cloud based Cybersecurity architecturesUpdate the risk assessment whenever it is required (e.g. by an evolution of the requirements/context/product or service use case)Control that the Cybersecurity requirements are fulfilled during all the phases of the BCP (Business Continuity Plan) and DRP (Disaster Recovery Plan) when applicableEnsure the Cybersecurity of some Valeo critical systems (e.g. platform, solution, service)Follow the critical systems (platform, solution, service) during their whole life cycle:Ensure Cybersecurity has been taken into account in the RFIs/RFQs/RFPs (Request For Information/Quotation/Proposal) Advise on the architectureWrite/validate the Cybersecurity requirementsPerform the Third-Party Risk Assessments (when applicable)Participate to the bidders’ defense (when applicable)Contribute to and check the contractual Cybersecurity clauses. Liaise with the Legal department whenever it is needed. Report to the project manager or to the management the risks of clause non-execution.Perform Project Information Risk Assessments (when applicable)Perform the Product, platform and/or Service Risk Assessment (when applicable)Advise on the detailed architecture (e.g. review, reuse, change)Control the Cybersecurity requirementsBefore the Go-Live and during the RunBefore the SoP (Start of Production)Whenever contractual obligations require itFollow or audit specific projects upon request of the Group Cybersecurity VP or delegatesReport any situation that would put Valeo at riskCybersecurity watchShare his/her Cybersecurity watch within the Cybersecurity organizationUpon request, provide assistance on other critical topics (e.g. incidents, vulnerabilities)Provide technical expertiseContributionEnsure the Cybersecurity of some Valeo critical systems (e.g. platform, solution, service) Advise on possible evolutions. Propose/contribute to a roadmap for improvement. Propose subjects for research activities with universities or within funded projects (when applicable).Assist in the Supplier selection.Assist the other Cybersecurity Officers for the projects, products, platforms, services whenever neededUpon request, provide assistance on other critical topics (e.g. incidents, vulnerabilities)Advise on actions to be doneAssist in post-event analysisOtherReport any situation that would put Valeo at riskEducation/TrainingRequired: Master’s degree in Computer Science and/or CybersecurityOptional: Certification(s) related to architecture such as:SABSA (Sherwood Applied Business Security Architecture)CISSP-ISSAP (Information Systems Security Architecture Professional)CISSP (Certified Information Systems Security Professional)CSSA (Certified SCADA Security Architect)Professional Experience>10 years of relevant experience in Cybersecurity, in-depth knowledge of security strategies and architecturesExtensive experience in information or embedded Cybersecurity and/or Information Systems / IT risk management with a focus on Cybersecurity, performance and reliability Solid understanding of security protocols, cryptography, authentication, authorisation and securityExperience in web / mobile and application developmentExperience implementing multi-factor authentication, single sign-on, identity management or related technologiesDevelopment skills to automate security toolingEmbedded software or electronics design skillsFor IS/IT/ICS, knowledge in:Windows, Unix-like operating systemsPerimeter security controls: firewall, IDS/IPS, network access control and network segmentationRouter, switch and VLAN securityWireless securitySecurity concepts related to DNS, routing, authentication, VPN, proxy services and DDOS mitigation technologiesCloud platforms: Amazon, Google, AzureServerless functions, Cloud architectureSoftware security standardsFor product/platform/service, knowledge in:Understanding of ISO/SAE 21434 and UN R155 automotive cybersecurityOperating systems: Autosar, Automotive Linux, other real-time OS or hypervisors for embedded productsCloud platforms: AmazonCryptography usageNetwork architecture, including gateways, firewalls, IDPS (Intrusion Detection/Protection System), switches mainly for automotive protocols such as automotive Ethernet, CAN, LIN (vehicle communication bus/protocol).Telecommunication architecture and protocols, including V2X (vehicle to vehicle or to infrastructure), 3G-5G, wi-fi, Bluetooth, etcProduction: key management, flashing machines, HSM (hardware security module), server architectureElectronics: microcontrollers (ARM architecture, Trusted Zone), embedded memory storage, PCB high level designAbility to interact with a broad cross-section of personnel to explain and enforce Cybersecurity measuresExcellent written and verbal communication as well as business acumen and commercial outlookClient focus, and ability to work independently or as part of a collaborative teamKnowledge of risk assessment methodologies:Third party auditingCloud risk assessment methodologiesArchitecture design auditingJob:Cybersecurity Architect/ SpecOrganization:RO/PL R&DSchedule:VollzeitEmployee Status:UnbefristetJob Type:Job Posting Date:2024-03-31Join Us !Being part of our team, you will join: one of the largest global innovative companies, with more than 20,000 engineers working in Research & Development a multi-cultural environment that values diversity and international collaboration more than 100,000 colleagues in 31 countries... which make a lot of opportunity for career growth a business highly committed to limiting the environmental impact if its activities and ranked by Corporate Knights as the number one company in the automotive sector in terms of sustainable developmentMore information on Valeo: https://www.valeo.com