When you come to work at Davidson, you won’t just be joining a group of 3,000 consultants in 8 countries and 3 continents, you’ll be joining “the” company named by its employees as Great Place To Work France and Europe for four years, as well as the largest B Corp in France.
“B Corps” form a community of companies that have decided that, rather than being the best in the world, they’ll be the best *for* the world.
Our growth is based on strong principles:
Deep respect for all our stakeholders: consultants, customers and suppliers, because although work can’t “buy happiness”, it can “cause unhappiness”. We’re therefore committed to listening, acting honestly and promoting equality
A minimum environmental footprint and a maximum societal footprint. This is why, aside from the assignments you’ll be working on, you’ll also have the chance to contribute to the projects Davidson supports: international solidarity assignments (with Planète Urgence), supporting students from disadvantaged backgrounds (with Article 1) and investing in start-ups that develop innovative solutions.
Adhocratic management based on implementing “horizontal company” and “tribal management” principles.
One important point about the latter: well-being at work is a luxury you need to have as a “solid” company. For the Davidson teams, this means marrying initiative, commitment and professionalism, as “without work, talent is just a dirty habit”. It drives us to recruit components that are better than we are. In a classic hierarchical organisation, it can be beneficial to have an army of people who work for you. In an adhocracy, that doesn’t work.
Mission / Profile
Working with the CISO’s teams, you will have the vital task of securing environments that belong to our customers in the telecoms, banking, industrial and automotive sectors, among others. We work on projects that span across functions, including: the Network Department, the Information Systems Department, the Business Department.
As a project manager/consultant for IT & Cyber Security Risks, you will mainly be required to provide security-related project owner assistance for our customers’ projects, in compliance with the applicable regulations and standards: LPM (French Loi de programmation militaire), GDPR, PCI DSS.
As such, you will be required to specify milestones and associated risks, particularly using methodologies inspired by EBIOS or Mehari / ISO 27005.
We are also working to adapt/modify security policies and formalise the processes required to control the correct implementation of these policies. Consequently, we are working on the challenges posed by suppliers and the increasingly restrictive security annexes contained in contracts.
For this reason, we are also managing audits with our customers’ external partners and following up recommendations internally with asset managers.
Depending on the specific case, you may also be required to take part in ISO 27001 / HDH (health data hosting) certification or post-certification audit control projects.
Skills (pre-existing or to be acquired)
- You’ll have a postgraduate degree and two successful years in similar positions, or can demonstrate a more operational background and would like to move towards GRC (governance, risk management and compliance) roles
- You’re aware of the importance of explaining things using plain language, and you have interpersonal skills that make you well-suited to all types of roles. Our goal: to improve our customers’ security! ISO27001/CISSP/CISA/CISM certification would of course be a bonus, but that’s also something you could obtain here at Davidson!
- If you can be creative, and still thorough
- If you can explain clearly, without patronising
- If you can be reliable, while keeping your ambition
- If you can be pragmatic, while defending your ideas
Then there’s a role for you at Davidson (we hope!)
Description of the segment's business
IT security trade
Most companies’ financial health increasingly relies on their ability to reduce IT risks. If a large group is hacked it can lose millions of euros in just a few days. Davidson helps its customers to protect their infrastructures, networks and applications by delivering the expertise it has gained since 2005.
One of the ways we’ve achieved this is by creating the Hack n’Safe practice, which involves consultants and managers:
- Discussing news and cybersecurity solutions
- Participating in internal IS security projects alongside the CISO
- Completing cybersecurity challenges using the in-house lab
- Training and obtaining the latest security certifications
The unit’s business lines:
- CISO support for defining and implementing a security policy
- Steering security projects
- SMSI implementation
- SMSI audit
- Security solution architecture (monitoring, studies, specifications)
- Configuration of security supervision systems (SIEM, probes, honeypots, filtering equipment, etc.)
- Operation (detection, investigation and response to security incidents)
- Security solution administration (antivirus, antispam, IPS, etc.)