IT risk and Cybersecurity project manager (M/F)

Joining Davidson not only means joining a group of 3,000 consultants in 6 countries and 2 continents, but also joining a company that has been voted a Great Place To Work France and Europe by its employees for no less than 4 years , as well as one of the largest B Corps in France, named Best in the World in the "employees" category in 2022! ("B Corps" form a community of companies that have decided not to be the best in the world but the best FOR the world).


Because our development is based on strong principles:

• Deep respect for all our stakeholders: consultants, customers and suppliers. Because if work "can't buy you happiness", it can however cause unhappiness. Therefore, we are committed to listening and acting honestly.
• Equal opportunities in the processing of our applications and in the career management of our employees. We believe in a workplace where gender equality, inclusion and diversity are the norm.
• A minimal environmental impact and a maximum societal impact. That's why, beyond the work you'll be carrying out, you'll also be able to contribute to projects that Davidson supports: international solidarity work (with Planète Urgence), volunteering with charities (each Davidsonian has 3 days a year to work with them), supporting students from underprivileged backgrounds (with Article 1), investing in startups developing innovative solutions, collective and individual actions to reduce our carbon footprint, etc.
• Adhocratic management based on the implementation of the principles of "horizontal company" and "tribal management". One important detail on this last point: well-being at work is a luxury that we must be able to grant ourselves by being a "solid" company. For Davidsonians, this means combining initiative, commitment and professionalism. Because "talent without work is nothing". And it encourages us to recruit .. who are better than us...

We encourage applications from people with disabilities, and we are committed to meeting their specific needs in the best possible way.



Mission / Profile

Working with the CISO's teams, you will have the vital task of securing environments that belong to our customers in the telecoms, banking, industrial and automotive sectors, among others. We work on projects that span across functions, including: the Network Department, the Information Systems Department, the Business Department.


As a project manager/consultant for IT & Cyber Security Risks, you will mainly be required to provide security-related project owner assistance for our customers' projects, in compliance with the applicable regulations and standards: LPM (French Loi de programmation militaire), GDPR, PCI DSS.


As such, you will be required to specify milestones and associated risks, particularly using methodologies inspired by EBIOS or Mehari / ISO 27005.


We are also working to adapt/modify security policies and formalise the processes required to control the correct implementation of these policies. Consequently, we are working on the challenges posed by suppliers and the increasingly restrictive security annexes contained in contracts.


For this reason, we are also managing audits with our customers' external partners and following up recommendations internally with asset managers.


Depending on the specific case, you may also be required to take part in ISO 27001 / HDH (health data hosting) certification or post-certification audit control projects.

Skills (pre-existing or to be acquired)

• You'll have a postgraduate degree and two successful years in similar positions, or can demonstrate a more operational background and would like to move towards GRC (governance, risk management and compliance) roles
• You're aware of the importance of explaining things using plain language, and you have interpersonal skills that make you well-suited to all types of roles. Our goal: to improve our customers' security! ISO27001/CISSP/CISA/CISM certification would of course be a bonus, but that's also something you could obtain here at Davidson!

Talents/Soft skills

• If you can be creative, and still thorough
• If you can explain clearly, without patronising
• If you can be reliable, while keeping your ambition
• If you can be pragmatic, while defending your ideas

Then there's a role for you at Davidson (we hope!)

Description of the segment's business

IT security trade

Most companies' financial health increasingly relies on their ability to reduce IT risks. If a large group is hacked it can lose millions of euros in just a few days. Davidson helps its customers to protect their infrastructures, networks and applications by delivering the expertise it has gained since 2005.


One of the ways we've achieved this is by creating the Hack n'Safe practice, which involves consultants and managers:

• Discussing news and cybersecurity solutions
• Participating in internal IS security projects alongside the CISO
• Completing cybersecurity challenges using the in-house lab
• Training and obtaining the latest security certifications

The unit's business lines:

1. CISO support for defining and implementing a security policy
2. Steering security projects
3. SMSI implementation
4. SMSI audit
5. Security solution architecture (monitoring, studies, specifications)
6. Configuration of security supervision systems (SIEM, probes, honeypots, filtering equipment, etc.)
7. Operation (detection, investigation and response to security incidents)
8. Pentest
9. Security solution administration (antivirus, antispam, IPS, etc.)