Cyber Product Owner (TGS / TGITS / CRC / PRJ) - 2026

Main scope of the role

The candidate will be part of the CRC department (Cybersecurity Risk & Compliance), the

main role of which is to ensure cybersecurity missions and internal & compliance missions

for the TGITS activity perimeters.

The Cyber Coach Project is responsible for the cybersecurity of a portfolio of very varied

application and technical projects (network, infrastructures, on-premise, cloud, business

applications, web applications, etc.). The candidate will be part of a team of 8 people who

share approximately 250 projects per year. The scope is all major TGITS IS transformation

projects and programs worldwide including the AMAS (America) and APAC (Asia)

geographic areas.

Responsibilities & tasks (additional information)

Cybersecurity in Projects

• Prescribe the cyber support approach for projects and the content of the Project

Security Plan (PSP) by analyzing the context and criticality of each project: risk

analysis, penetration tests and cybersecurity reviews, signing a Security Assurance

Plan (PAS), and SOC (Security Operation Center) supervision

• Independently ensure the cybersecurity of the project portfolio by validating

cybersecurity risks and associated action plans, as well as all deliverables produced by

the team's various service providers

• For the most strategic programs, assess cyber issues and have them reviewed by

TGITS/CRC management and DSI/CYB management, including the Global CISO.

Arbitration presentation in Global Cybersecurity Committee (COCYB)

• Manage the cybersecurity budget for each project under his/her responsibility,

validating all quotes related to cybersecurity services

• Co-construct, with architects, secure architecture for the infrastructures and

applications built by TGITS for the benefit of all branches, validating architecture and

providing a “cyber flag” to be presented to the OneSI committee (PPMC, ITReview,

ITBoard)

• Propose technical solutions to correct potential vulnerabilities and/or reduce

cybersecurity risks

• Monitor the implementation of project-related cybersecurity action plans and provide

cyber approval for the project’s GO LIVE, with support from the service center

RFP

• Contribute to the specifications of TGITS RFPs with cybersecurity-related

requirements

• Participate in presentations and conduct technical workshops, as needed, to assess the

cyber maturity of the solutions proposed by bidders

• Participate in bidder scoring from a cyber perspective

• Validate deviations from the standard in contracts on cybersecurity-related elements

during contract negotiations

• Provide support for the drafting, validation, and signing of Security Assurance Plans

(PAS)

Operational Management

• Manage the various service centers from an operational perspective operating within

the department

• Ensure the quality of deliverables delivered by various service providers

• Participate in the continuous improvement of the team's processes and draft and

validate the content of operational security guides (Knowledge Base)

Internal stakeholders

• Project Managers & TGITS internal teams

• Business teams

• Cybersecurity teams (first and second line of defense, including Global CISO)

• Legal, Contract Management & Procurement for RFPs

Contracts (outsourcing and services) / external resources management

• Outsourced Competence Center for risk analysis production and support for cyber

assessment of bidders for RFP (France-based)

• Outsourced Competence Center for project managers support in their cyber process

and cyber action plan follow-up (France-based)

On call duty (yes/no)

No

Candidate's profile

• At least 5 years of experience in cybersecurity, in particular in designing secure IT

architectures

Certifications: Ideally, CISSP, CCSP, or equivalent

Educational Background

Master Degree (engineering, business or university)

echnical skills – tools & technologies

• Strong IT technical skills (cloud Azure & AWS, network, infrastructure, identity –

Active Directory, EntraID)

• Knowledge in development

• Strong cybersecurity knowledge (software development security – OWASP, network

security, security architecture, IAM, Cyber Risk Management, Third-Party Risk

Management, etc.)

• Knowledge in OT / ICS security (Purdue Model, etc.)

• Knowledge of AI security (guardrails, etc.)

• Strong knowledge of cybersecurity state of the art and cybersecurity market solutions

• Strong knowledge of cybersecurity regulations (GDPR, IA Act, etc.) and reference

texts (NIST, CISA, etc.)

Core softskills

• Assertiveness, ability to convince

• Decision-maker

• Ability to coordinate various profiles (project managers, pentesters, procurement,

legal, developer, etc.)

• Ability to take a step back and have a risk-based approach

• Capacity to multitask and organize the work

Language skills

EN mandatory – FR (be able to understand)