Security Chapter Lead

Company Description

Sopra Steria is Europe’s leading digital solutions provider, employing over 56,000
employees in 30 countries. We provide tailored, end-to-end corporate technology
and software solutions. We leverage our digital tools and market expertise to help
our clients make bold choices and deliver results. Our commitment to innovation,
collaboration and value in business development is why we’re the preferred
technology partner of Europe’s most successful companies. The world is how we
shape it, so let’s shape it together.

**Job Description**:
Sopra Steria Luxembourg operates within a **consortium and matrix-driven organization**, delivering large-scale, mission-critical IT services to institutional and private-sector clients. Security is a strategic pillar of our delivery model.

To strengthen our security governance and operational excellence, we are looking for a **Security Chapter Lead - Head of Security Office** to provide leadership, structure, and strategic direction across squads and chapters.

Mission

As **Security Chapter Lead and Head of Security Office**, you will be responsible for defining, implementing, and overseeing the organization’s security strategy. You will ensure the **confidentiality, integrity, and availability** of IT systems, infrastructure, and data, while embedding **security-by-design** across the full development and operational lifecycle.

You will lead the Security Office, act as a trusted advisor to senior management, and serve as the primary point of contact for security governance within the consortium.

Key Responsibilities

1. Security Strategy & Governance
- Define, maintain, and execute the **security strategy and roadmap**, aligned with business objectives, regulatory requirements, and industry best practices.
- Lead and organize the **Security Office**, ensuring efficient delivery and strong process-based collaboration with technical squads and chapters.
- Ensure effective use of **project management, ticketing, and planning tools** to manage security activities and workloads.
- Establish, maintain, and enforce **security policies, standards, and procedures** across the organization.
- Provide **strategic security guidance** and risk-based recommendations to senior leadership.

2. Security Architecture & Engineering
- Embed **security-by-design and security-by-default** principles into development and delivery processes.
- Collaborate with architecture and engineering teams to evaluate, select, and implement appropriate security tools and technologies.
- Conduct **security architecture reviews, risk assessments, and audits**, identifying vulnerabilities and driving remediation actions.

3. Security Awareness & Enablement
- Design and deliver **security awareness and training programs** for employees, contractors, and stakeholders.
- Promote a strong **security culture** across squads and chapters.
- Provide guidance on **secure coding practices**, threat mitigation, and security best practices.
- Measure and continuously improve the effectiveness of awareness and training initiatives.

4. Security Compliance & Assurance
- Work closely with **audit, compliance, and legal teams** to ensure alignment with contractual, regulatory, and client security requirements.
- Maintain security documentation, evidence, and artifacts to support audits and compliance assessments.
- Ensure ongoing alignment with recognized frameworks and standards.

5. Security Operations & Incident Response
- Oversee **security operations**, including monitoring, detection, and incident response activities.
- Lead the **Security Incident Response Team (SIRT)** and coordinate investigations and remediation of security incidents.
- Develop and maintain **incident response plans, playbooks, and procedures**.
- Organize and lead regular **tabletop exercises and simulations** to test and improve response readiness.

**Qualifications**:
Education & Certifications
- Bachelor’s degree in **Information Security, Computer Science**, or a related field.
- Relevant certifications such as **CISSP, CISM, CISA** are a strong asset.
- Experience
- Minimum **5 years of proven experience** in information security, covering governance, strategy, operations, and compliance.
- Demonstrated experience leading **cross-functional or matrix-based security teams** in complex environments.
- Technical & Professional Skills
- Strong knowledge of security frameworks and standards (e.g. **NIST CSF, CIS Controls, OWASP Top 10**).
- Solid understanding of modern IT architectures, cloud environments, and secure development practices.
- Strong analytical and problem-solving capabilities with a **risk-based and strategic mindset**.
- Excellent communication and stakeholder management skills, with the ability to influence at all organizational levels.

Languages
- **Fluency in English (written and spoken) is mandatory**.
- Knowledge of any other **European language** is considered an advantage.

Additional Information

As