Accountability:

Act as the Cybersecurity point of contact for the 'Region'

For the Group CISO (Chief Information Security Officer) and the Cybersecurity organization

For the legal representatives

For the customers

For the partners and suppliers

Functionally manage the Sites Cybersecurity Officers

KRAs:

- Organize and lead the regular Cybersecurity meetings with the Sites Cybersecurity Officers of the 'Region'

- Relay the Cybersecurity communications and actions to the Sites Cybersecurity Officers of the 'Region'

- Coordinate the translations performed by the Sites Cybersecurity Officers regarding the Cybersecurity communications, eLearning, TIPs.

- Deploy the Valeo ISSP (Information Systems Security Policy) within the 'Region', assess and improve the level of Cybersecurity of the different sites

- Disseminate Group standards, rules and best practices to the Sites Cybersecurity Officers

- Control and validate the Valeo ISSP compliance for all the sites of the 'Region'.

- If mandated by the Group CISO, act as delegate to provide exemptions.

- Alert Sites Cybersecurity Officers/Group CISO in case of deviation

- Manage the Cybersecurity action plans of the 'Region'

- Coordinate the Cybersecurity incidents in the 'Region'

- Ensure capitalization within the 'Region' following Cybersecurity events and incidents

- Provide reporting of the 'Region'

- Provide regular and on-demand reporting to the Group

- Follow and report the OEMs Cybersecurity requirements of the 'Region'

- Contribute to the evolution of the Valeo ISSP (Information Systems Security Policy) and some Group Cybersecurity programs

- Upon request, act as Group CISO (Chief Information Security Officer) delegate to perform some specific missions

Responsibility:

- Act as the Cybersecurity point of contact for the 'Region'

- Participate to the external security assessments (customer mandated audit) and act as delegate of Group CISO

- Functionally manage the Sites Cybersecurity Officers

- Develop knowledge of the Sites Cybersecurity Officers

- Manage their training

- Deploy the Valeo ISSP (Information Systems Security Policy) within the 'Region', assess and improve the level of Cybersecurity of the different sites

- Define and follow improvement plans with the Sites Cybersecurity Officers

- Perform or control, by Group CISO delegation, risk assessments for, but not limited to, projects, sites, third parties

- Coordinate the Cybersecurity incidents in the 'Region'

- Ensure that all non-compliances, abnormal Cybersecurity events, and Cybersecurity incidents are raised by the Sites Cybersecurity Officers

- Ensure swift resolution of Cybersecurity incidents with the Sites Cybersecurity Officers and the Group CIRT (Cybersecurity Incident Response Team)

- Provide the reporting of the 'Region'

- Inform the Continental IS Director(s) of the 'Region' for all aspects related to Cybersecurity non-classified as 'Secret'

- Request the authorization to have an exemption to the Valeo ISSP whenever it is mandatory to fulfill a law/regulation linked to the 'Region' activity

Others:

- Upon request, act as Group CISO delegate to perform some specific missions

- Act as internal Cybersecurity risk auditor for the other 'Regions'

Contribution:

- Contribute to the evolution of the Valeo ISSP (Information Systems Security Policy) and some Group Cybersecurity programs

- Contribute to Group Cybersecurity programs

- Propose, to Group CISO, initiatives to improve:

- Cybersecurity of the 'Region'

Valeo ISSP, Group standards and rules

Cybersecurity KPIs