IT Security Manager

The IT Security Manager ensures the operational implementation of the organization's cybersecurity strategy. He acts as the key interface between the IT operational teams (Infrastructure, Support, Applications) and the Governance and Compliance roles (CISO Advisor). The ITSM oversees the detection, protection, and response layers of the IT environment, ensuring technical security controls are correctly implemented, monitored, and continuously improved.
He is responsible for translating and operationalizing the organization's cybersecurity policies and standards into day-to-day IT processes, tools, and behaviors, in collaboration with all IT teams. He contributes to the management of the security-related budget and oversees internal or external security resources operating from headquarters or remote sites.
The ITSM has direct managerial responsibility over a team of Cybersecurity Analysts, and ensures their development, performance, and alignment with operational security objectives. He supports a "Shift Left" approach by promoting the delegation of low-complexity or recurring security operations (e.g., password resets, basic alerts, endpoint maintenance) to first-level support teams where feasible. He does not manage infrastructure components (such as firewalls, switches, or servers) directly, which remain under the responsibility of the Infrastructure & Digital Platforms team. Instead, he focuses on strengthening the organization's cybersecurity posture and resilience.

• Organize and support internal and external penetration testing activities, track remediation plans, and report on closure;
• Design and lead cybersecurity improvement plans to continuously strengthen EVS's resilience against evolving threats;
• Deploy and operate tools for vulnerability management and security monitoring (e.g., scanning platforms, SIEM);
• Operationalize cybersecurity policies by integrating security requirements into IT workflows and daily operations;
• Supervise the SOC or security event monitoring activities and ensure proper incident escalation;
• Coordinate incident response efforts and participate in post-incident reviews and forensic analysis;
• Ensure operational compliance with relevant regulations and frameworks (e.g. NIS2, CRA, ISO/IEC 27001);
• Act as a bridge between IT operations and governance in implementing security best practices and policies;
• Maintain security dashboards, KPIs, and compliance indicators;
• Contribute to the security awareness efforts and technical training for IT staff;
• Manage and follow up on third-party providers (SOC, MSSP, penetration testers);
• Oversee internal and external resources assigned to security operations, including staffing, onboarding, task prioritization, and performance follow-up;
• Collaborate with Infrastructure (TST) and Support (SST) teams to ensure secure configuration baselines and coordinated incident response.

• Minimum 5 years' experience in security policy implementation
• ISO27k Lead Implementor Certification and NIS2 knowledge
• Proven experience in People Management
• Basic knowledge of Project (Agile approach) & Change Management
• ITIL Principle – Certification (nice to have)
• Ability to work in a technological and international environment
• Good communicator and committed to finding compromises
• Fluent in English, French or any other language is an asset

Becoming Part of the EVS Team not only means that you will receive a competitive salary in line with your skills and the market, but also a range of other additional wellness and healthcare benefits. Our flexible schedules and hybrid way of working (homeworking) policies will help you preserve your work-life balance. EVS will give you the tools to develop your skills and your career by giving you the opportunities of internal mobilities and a wide range of trainings. We encourage our motivated talents with a friendly, lively, and inclusive environment.

Check out our website if you want to know more about why you should join EVS