Get introduced to vetted companies that are still hiring

Date de publication : Jan 06, 2026, 12:00AM

The Security Policy and Compliance Expert contributes to the design, deployment, and governance of Group Security Policy principles tailored to the country, within a local ISMS framework aligned to ISO 27001. The role ensures regulatory compliance (GDPR, NIS2, DORA) and drives ISO certification lifecycle for ISO27001 and ISO 22301 (BCMS), participating to centralized governance to promote resilience and secure operations across the telecom operator’s fixed and mobile networks.

1. Policy framework development and maintenance Define, update, and enforce group security policy principles aligned with ISO 27001/27005 and country-specific requirements; establish governance processes for policy decisions.
2. Compliance enforcement Manage regulatory and contractual compliance (GDPR, NIS2, DORA). Ensure our risk management governance is compliant with our regulatory or ISO 27005 obligations.
3. ISMS governance and integration Lead centralized governance of the Information Security Management System, ensuring cohesive integration across functions and driving continuous improvement of security practices.
4. ISMS ISO27001 certification lifecycle management and regulatory projects Define and lead projects needed to maintain ISO27001 certification and ensure ongoing compliance with regulatory frameworks (e.g., NIS2); coordinate scope extensions and governance around certifications. Role may be accountable for specific project deliverables as delegated by the manager; overall accountability remains with the Manager.
5. BCMS ISO22301 certification maintenance Define and lead governance and activities to maintain ISO22301 certification (Business Continuity Management System); coordinate BCMS scope, audits, and improvements in alignment with ISO22301 requirements.
6. Audit, assurance and corrective actions. Coordinate internal and external audits, manage non-conformities, track corrective actions, and monitor performance against security and compliance objectives.

• Master degree (or equivalent) in Computer sciences
• 3 years’ experience working in an ITN environment with focus on ITN Security and Continuity within a large and complex organization.
• Professional certifications such as CISSP, CISM, or CompTIA highly desirable.
• Proven experience in a security role, ideally within a complex organization.

Seules vos compétences comptent

Quel(s) que soient votre âge, votre sexe, vos origines, votre religion, votre orientation sexuelle, votre neuro-diversité, votre handicap ou votre apparence, nous encourageons activement la diversité au sein de nos équipes, car elle est à la fois une force collective et un moteur d'innovation. Orange est une entreprise accessible aux personnes en situation de handicap : n'hésitez pas à nous faire part de vos besoins spécifiques.