As one of the leading websites for sharing videos, Dailymotion attracts hundreds of millions of unique monthly visitors and streams billions of videos views worldwide every month. The platform offers the best content from independent content creators to premium partners, being the 35th website worldwide. With 45 localized versions our mission is to provide the best possible entertainment experience for users and the best marketing opportunities for advertisers, while respecting content protection.This is a unique opportunity to combine a fun start-up environment with the massive scale of one of the largest players in the online video industry.The information systems security manager has a very important role within the company as he create and institute measures to safeguard sensitive information and make sure that all private data belonging to the company, its employees, and its customers, remains confidential. The CSO is tasked with anticipating new threats and actively working to prevent data breach or security incident from occurring.
Within the Engineering team, the overall objective of this responsibility is to work with other executives across different departments to ensure that security systems are working smoothly to reduce the organization's operational risks in the face of a security attack.CSO assess the organization’s infrastructure and data to identify vulnerabilities caused by weaknesses or flaws in software and hardware that could expose the infrastructure to a security breach. They also evaluate the effectiveness of existing security measures, such as firewalls, password policies and intrusion-detection systems. They make recommendations to improve security based on their assessments and knowledge of current and emerging threats.
Compliance: • Develop the list of interested parties related to information security • Develop the list of requirements from interested parties • Remain in continuous contact with authorities and special interest groups • Coordinate all efforts related to personal data protection
Documentation • Propose the draft of main information security documents – e.g., Information security policy, Classification policy, Access control policy, Acceptable use of assets, Risk assessment and risk treatment methodology, Statement of Applicability, Risk treatment plan, etc. • Be responsible for reviewing and updating main documents
Risk management • Teach employees how to perform risk assessment • Coordinate the whole process of risk assessment • Propose the selection of safeguards • Propose the deadlines for safeguards implementation
Human resources management • Prepare the training and awareness plan for information security • Perform continuous activities related to awareness raising • Performing induction training on security topics for new employees • Propose disciplinary actions against employees who performed the security breach
Relationship with top management • Communicate the benefits of information security • Propose information security objectives • Report on the results of measuring • Propose security improvements and corrective actions • Propose budget and other required resources for protecting the information • Report important requirements of interested parties • Notify top management about the main risks • Report about the implementation of safeguards • Advise top executives on all security mattersImprovement • Ensure that all corrective actions are performed • Verify if the corrective actions have eliminated the cause of nonconformities
Asset management • Maintain an inventory of all important information assets • Delete the records that are not needed any more • Dispose of media and equipment no longer in use, in a secure way • Perform risk assessment for activities to be outsourced • Perform background check for candidates for outsourcing partners • Define security clauses that must be part of an agreementCommunication: • Define which type of communication channels are acceptable and which are not • Prepare communication equipment to be used in case of an emergency / disasterIncident management • Receive information about security incidents • Coordinate response to security incidents • Prepare evidence for legal action following an incident • Analyze incidents in order to prevent their recurrenceBusiness continuity • Coordinate the business impact analysis process and the creation of response plans • Coordinate exercising and testing • Perform post-incident review of the recovery plansTechnical: • Approve appropriate methods for the protection of mobile devices, computer networks and other communication channels • Propose authentication methods, password policy, encryption methods, etc. • Propose rules for secure teleworking • Define required security features of Internet services • Define principles for secure development of information systems • Review logs of user activities in order to recognize suspicious behavior.
• Minimum of 5 years experience in a related role with proven ISS experience • Strong understanding of information technology and security • In-depth experience with large audience website • Up-to-date with the latest trends and best practices in ISS • Experience with risk management and auditing • Bachelor's degree in computer science, mathematics, engineering • Highly analytical • Effectively able to troubleshoot and prioritize needs, requirements and other issues • Strong organizational skills with the ability to multi-task • Excellent communications, teamwork, leadership and conflict management skills • Ability to work in an international environment and across multiple departments (legal, Engineering, finance, content, …) • Curious, independent and a solution-oriented thinkers to solve problems efficiently in a scalable manner • English speaking or English native
Information about the job
Location: Paris Start date: ASAP Contrat: Full-time