CISO / RSSI

XWiki is a remote-first company contributing for more than 20 years to an Open World by having created and continuously building two 100% Open Source projects: XWiki and CryptPad, that respond to two important society needs: Knowledge Sharing and Individual Privacy.

XWiki believes in Open Source, independence and social achievement more than in financial success. We value transparency, openness, meritocracy and collaboration, knowledge and privacy. We focus on ensuring employee happiness and work-life balance.

Join us to contributing to Open Source, European Digital Sovereignty and a Human Centric Technology world!

Mission

Being a CISO at XWiki means working closely with the CEO and other executives and IT experts, to ensure the company’s data is secure and protected from cyber threats, including hacking, data breaches, and malware.

The CISO also plays a crucial role in ensuring compliance with relevant laws, regulations, and industry standards related to data privacy and security.

CISO focuses on developing and leading the information security program. This involves protecting the organization's assets, applications, systems, and technology while enabling and advancing business outcomes.

Responsibilities

• You set priorities for the global information security program which are mission-critical for the company.
• You develop, implement, and monitor a strategic and comprehensive information security risk management program, in line with the corporate risk management framework.
• You manage the corporate-wide information security management program and serve as the process owner of all central security activities related to the availability, integrity and confidentiality of information assets
• You provide leadership to the information security organization and guide it to ensure consistent, high-quality information security management supporting business goals
• You contribute to current knowledge and create a future vision for structure, people, processes and technology to ensure data and system security.
• You engage and represent the company central information security function in external committees and networks, towards government and law enforcement authorities.
• You participate in the drafting of security rules in line with current legislation (GDPR...) and standards (ISO 27000 series, NIST).
• You interact with cross-functional stakeholders to ensure the consistent application of policies and standards across all relevant projects, systems, and services
• You design prevention programs for threats and exposures (support the organization in preparation on how to respond to information security incidents, and guide in an actual crisis with the technical expertise)
• You are responsible for supervising the analysis of risks, threats, and consequences with regard to IT systems and information flows, with the aim of informing the departments involved and proposing solutions to minimize risks.
• You coordinate at operational level crises related to information security issues, monitoring the implementation of recovery plans, and providing mitigation solutions.
• You stay up-to-date with the latest security threats and best practices, and adapt the company’s security strategy accordingly
• You report to the most senior levels of the organization (the CEO and board of directors)
• You are the trusted advisor and in-depth investigator on all security related topics and act as trusted interface with the whole security ecosystem of the company.

Expected skills:

A passion for information technology and a commitment to continuous learning are essential for success as a CISO, but so are the communication skills. Business acumen is a valuable skill as well, as it helps the CISO better understand how technology and security support business goals.

The CISO also needs to understand cloud and application security. They also need to be aware of the potential security risks associated with emerging technologies like automation and machine learning.

• Higher education in IT or equivalent
• Relevant certifications in cyber security (CISSP, CISM, etc.)
• Minimum 3 years’ experience in a similar position or in the IT security field
• Sound knowledge of information security principles and practices, including applicable legislation and standards
• Experience with Project Management and Get things done attitude
• Excellent communication, analytical and problem-solving skills
• Adaptability and high disponibility for learning
• Team spirit, initiative, and results orientation
• Advanced level of English

The way we work:

At XWiki you’ll have the opportunity to work within an international team-based culture where authenticity, creativity and personal development are encouraged. We like to always function as a team, regardless of our locations. We work hard, but we also have a lot of fun!

Some of the things you'll find at XWiki:

• Rewarding company goals
• A friendly team and a relaxed environment
• Flexibility of your schedule and remote work
• Working time: 35h/week in France & Co, 40h/week in Romania
• Extra holidays based on seniority
• Bonuses based on performance and loyalty
• Benefits packages
• The 4 day-week every 2 weeks
• Team activities and team building events

Get more details about how working at XWiki is like !

Apply for this position!

Interested in this job position? Need more information about it? Come talk to us!