métier rssi

Information Systems Security Manager (ISSM)

The CISO defines and implements security policies to protect sensitive data and ensure the continuity of information systems.
fiche metier rssi

Role of the CISO

The Information Systems Security Manager (ISSM) is responsible for defining, implementing and monitoring information systems security policy. The aim is to ensure the confidentiality, integrity and availability of the company's data, and to protect systems against internal and external threats.

In the event of an incident, it leads the crisis unit to restore security and limit the operational impact. It assesses risks and carries out vulnerability audits to adapt security measures. At the same time, part of the job involves raising staff awareness of cybersecurity issues and drawing up prevention plans.

Duties of the IS Security Officer

The tasks of the Information Systems Security Manager are based on the following principles:

Strategy implementation and operational monitoring

  • He/she assesses the risks and threats associated with information systems in order to anticipate vulnerabilities.
  • It defines and implements the IS security policy, adapted to the company's strategic and regulatory needs.
  • It draws up a risk prevention plan and sets security norms and standards (e.g. ISO 27001 compliance).
  • It monitors regulatory and technological developments to adapt security systems.
  • It designs and deploys security tools and solutions (antivirus, firewall, multi-factor authentication).
  • It ensures regular monitoring of systems via audits and KPIs.
  • It manages security incidents, analyses their causes and consolidates systems to prevent new attacks.
  • It supervises secure infrastructure implementation projects.

Awareness-raising, training and crisis management

  • It raises employee awareness of the challenges of cybersecurity and the behaviours they should adopt.
  • It distributes charters, organises training and carries out IT security awareness campaigns.
  • It prevents threats through communication actions.
  • It sets up and coordinates a crisis management system in the event of a cyber attack or major incident.
  • It draws up and tests business continuity plans (BCPs) and disaster recovery plans (DRPs) to ensure the resilience of systems.
  • It works with the CSIRT (Computer Security Incident Response Team) to respond to incidents.

Reporting and management

  • He/she regularly reports to line management and management committees on the status of risks and systems compliance.
  • He/she supervises the IS teams, defines their objectives and monitors ongoing projects.
  • He/she manages the IT security budget and evaluates subcontractors and partners to ensure their reliability.

Key contacts

métier consultant cybersecurite

Cyber security consultant

More information
Fiche métier - pentester

Pentester

More information
Fiche métier - CTO

Chief Technical Officer (CTO)

More information
Fiche métier - architecte cloud

Cloud architect

More information
Fiche métier - Ingénieur sécurité

IT Security Engineer

More information
Fiche métier - responsable infrastructure

Infrastructure manager

More information
fiche metier sdm

Service Delivery Manager (SDM)

More information
tech lead manager informatique

Tech lead

More information

CISO skills

Technical skills

  • Mastery of IS architecture, programming interfaces (APIs) and urbanisation processes.
  • Expertise in tools and technologies such as firewalls, antivirus, authentication servers, intrusion testing tools and cyber defence solutions.
  • Competence in identifying and assessing cybersecurity risks, backed up by mastery of assessment tools and associated methodologies.
  • Knowledge of international standards (ISO 27001, PCI-DSS) and data protection regulations such as the RGPD.
  • Mastery of the principles of secure architecture, cybersecurity policies and the tools associated with the ISMS (Information Security Management System).
  • Fluency in technical English.

Soft skills

  • Rigour and organisation.
  • Analytical skills.
  • Communication and teaching skills.
  • Resistance to pressure.
  • Diplomacy and negotiation skills.
Are you looking for a candidate for this job? Tell us about your needs
Get in touch I would like to find out about job offers

Education and training

The job of Information Systems Security Manager (ISSM) requires a 5-year degree, with a specialisation in cybersecurity or in the security of IT systems and networks. It is possible to do

  • Specialised Masters:
    • Masters in computer security, cryptology or information coding.
    • Specialised Masters, such as the Cybersecurity Masters (Écoles des Mines, INSA) or the IS Strategic Management Masters (École des Mines in Paris).
  • Engineering degrees with an option in cybersecurity accredited by ANSSI (Agence Nationale de la Sécurité des Systèmes d'Information).

Additional certifications and expertise

To enhance their profile, CISOs can obtain certifications :

  • ISO 27001: Information Security Management.
  • CISSP (Certified Information Systems Security Professional).
  • CEH (Certified Ethical Hacker).

Possible career paths

In large companies, the Information Systems Security Manager may become Cybersecurity Director. In industrial or product-oriented organisations, the CISO may specialise as a Product Security Officer (PSO).

Some career paths lead to positions as Chief Information Officer (CIO), with responsibility for overseeing the company's IT systems.

Externally, CISOs can take on the role of Data Protection Officer (DPO), drawing on their regulatory expertise. However, many choose to remain CISOs until the end of their careers, preferring to adapt to changes in technology without fundamentally altering their scope of responsibilities.

CISO salaries

  • Junior: from €40k gross per month
  • Expert: From €80k gross per month

Salaries vary according to reputation and company size.