CHIEF INFORMATION SECURITY OFFICER - PARIS

DETAILS

• Role: Chief Information Security Officer (CISO)
• Department: Kepler Cheuvreux
• Duration: CDI
• Start date: asap
• Location: Paris
• Compensation: 80'000 € to 140'000 € per year (negotiable)

We are seeking a Chief Information Security Officer (CISO) to lead our cybersecurity and IT risk framework. Reporting to the Management Board, you will ensure the resilience and compliance of our financial systems across a highly regulated international environment. Based in Paris (with frequent travel to London), you will be the primary authority on cybersecurity, ensuring alignment with DORA, NIS2, EBA, and ESMA regulations. You will safeguard critical infrastructures, client data, and business continuity while working closely with Technology, Risk, and Compliance departments.

RESPONSIBILITIES

• Governance & Compliance: Maintain security indicators and manage regulatory reporting for ACPR and AMF, including delivering reporting metrics. Lead the quarterly COSSI (IT Security Committee) and drive audit readiness.
• Strategy & Risk Management: Build a risk‑based strategy focused on DORA’s critical functions (execution, payments, settlement). Maintain the IT risk register (Cloud, Third‑party, Obsolescence).
• Operational Security: Oversee threat detection, vulnerability management, and patching. Lead the Incident Response Plan and coordinate cross‑departmental crisis management.
• Operational Resilience: Manage Business Continuity (BCP) & Disaster Recovery (DRP), mapping critical functions and impact tolerances in line with EBA guidelines.
• Third‑Party Oversight: Assess security risks for outsourcing, cloud providers, and trading applications, ensuring contract compliance.
• Security Culture: Drive phishing simulations, penetration testing, and tailored cyber‑awareness training.
• Resource & Budget Oversight: Manage the security function’s budget, overseeing annual requests and contract negotiations. Ensure the cost‑effectiveness of security tools and services while maintaining a high level of operational resilience and regulatory readiness.

QUALIFICATIONS

• Regulatory Expertise: Mastery of DORA, NIS2, GDPR, and ISO 27001/NIST standards within the financial sector.
• Technical Depth: Solid understanding of trading systems, payment infrastructures, cloud security, and network segregation.
• Strategic Leadership: Ability to translate technical vulnerabilities into business impacts for the Board and Executive Committees.
• Communication: Proven track record of interacting with regulators (ACPR/AMF) and managing IT security crises.
• Language Requirements: Fluency in English is mandatory (C1/C2 level). Proficiency in French is a plus.
• Education & Experience: 10+ years of experience in Cybersecurity or IT Risk, specifically within a regulated financial environment. Relevant certifications (CISM, CISSP, or equivalent) are highly valued.

Kepler Cheuvreux promotes equal opportunity. All applications will be given due consideration.