Director of Security and Cybersecurity

Soitec is a company listed on the SBF 120 index of the Paris Stock Exchange and operates upstream in the microelectronics value chain. Our innovative semiconductor materials are essential for the operation of smartphones and the deployment of 5G. They also offer numerous opportunities for connected cars, electric and autonomous vehicles, and embedded intelligence in connected devices. 

This position gives us an incredible responsibility, which inspires us daily: to make the mass adoption of technological innovations possible while considerably limiting their environmental impact, in a logic of responsible innovation and sustainable development.

Reporting directly to the Secretary General, the Director of Security and Cybersecurity is responsible for the strategy, governance and implementation of all security measures within the organization and in particular those aimed at ensuring the security of sites and assets (security), people (personal security) and information and systems (cybersecurity) against all threats on a global scale, whether digital or physical, and especially on critical environments (IT, OT, Cloud and R&D).

They are responsible for protecting the company’s physical, informational, and intangible assets and those of its employees, ensuring the definition, suitability, consistency, and management of all means of protecting sites, assets, people, information systems, and industrial systems. Working closely with the company’s departments, they are responsible for protecting the overall attack surface and fostering a strong security culture.

Governance and Strategy:

• Define and implement the Group’s Information Systems Security Policy (ISSP), adapting it to regulatory requirements and the specificities of different countries (e.g., local regulations, customer requirements, industry standards).
• Supervise operational security teams (SOC, incident response, vulnerability management).
• Ensure compliance with data protection regulations (e.g., GDPR).
• Implement technical measures (firewalls, EDR, IAM, etc.) to protect the network, applications, and data.
• Define and monitor an information protection and prevention plan (based on standards such as ISO 27001, NIST, ANSSI) and manage its certification/compliance.
• Follow and adapt the Group’s Information Security Charter and promote it internationally.
• Validate the use of generative AI and ensure that company data does not “leak” into public models.
• Define and implement the security policy for sites (headquarters, factories, warehouses, etc.) and assets.
• Manage physical access systems (badges, video surveillance, alarms, fences).
• Manage the security of the supply chain and critical partners.
• Protecting sensitive physical assets, intellectual property and facilities against theft, vandalism or industrial espionage.
• Follow and implement the policy for the security of people and their travel and missions abroad (Travel Security).
• Ensuring the safety of employees on site and during company events.
• Managing the security of executives and managers (Executive Protection).
• Coordinate evacuation plans and personal safety drills.

Risk Management and Compliance:

• Analyze, map and assess information system (IT and OT) and physical risks within the company on a global scale, define urgencies and priorities (Risk Assessment) and ensure follow-up.
• Ensure compliance with international standards and regulations and draw inspiration from best practices in information security (ANSSI, NIST, CISA, etc.).
• Identification of potential points of vulnerability (technical, organizational, human) on industrial sites and offices.
• Develop and test Business Continuity Plans (BCPs) and Disaster Recovery Plans (DRPs).
• Lead the crisis cell in the event of a major incident (cyberattack, natural disaster, security emergency).
• Manage the budget, the Security team and the security service providers (guarding, auditing).

Operations and Monitoring:

• Address and ensure the remediation plan for major IT and cyber incidents (crisis management).
• To ensure continuous technological and regulatory monitoring of risks, equipment, solutions and potential countermeasures.
• Manage the evolution and integration of security projects in IT and OT infrastructures (Cloud Security, EDR/XDR, IAM, Industrial Network Security).

Awareness and Training:

• Implement and deploy a training and awareness plan on information systems security that is appropriate and mandatory for all employees and third parties worldwide.

Responsibilities

• Management
  • Management of the Global Security Office team
• Leadership and Consulting:
  • To be the guarantor, advisor and recommender of compliance with security to the Management Committee, the Global IT department, the Business Departments (Operations, R&D, Finance, Purchasing, HR, etc.) and local entities.
  • Organize your activities according to the priorities defined by operational needs and the criticality of the issues.
• Cross-cutting:
  • Ensure consistency of actions undertaken with other support functions of the company (General Secretariat, IP, HSE, Facilities, HR).
  • Manage the Cybersecurity budget and the management of specialized external service providers.

Knowledge (theoretical and practical)

• Education: BAC +5, computer engineering or cybersecurity risk management, or equivalent.
• Experience: Significant experience of at least 10 years in a similar role, ideally in an industrial (OT) or R&D (Intellectual Property) environment with a strong international dimension.

Technical skills:

• General knowledge of the components of an information system (IT and OT).
• In-depth knowledge of cybersecurity standards (ISO 27001, NIST).
• Excellent understanding of threats specific to the semiconductor industry and economic espionage.
• Mastery of security concepts (environmental analysis, access control, physical risk management). Mastery of major security standards (ISO 27001, ISO 27032, ISO 27005, NIST CSF).
• Fluent English is essential (working in a global context).
• Mastery of security concepts (environmental analysis, access control, physical risk management).
• Experience in managing emergency situations (cyber crisis and physical crisis).

Workplace relationships

• Interact, inform, recommend, collaborate with the IT Department at group level and stakeholders involved with the information system.
• Communicate with cybersecurity specialists and key internal (Finance, Innovation, Operations, R&D, HR) and external (ANSSI, CISA, experts, insurers) stakeholders.
• Facilitating cross-functional international working groups (ISO 27001, Secure Cloud, IT protection equipment, third-party monitoring).
• Represent the company at events and trade shows related to cybersecurity.