Project Security Manager (Mid level with French)

Thales is a global technology leader trusted by governments, institutions, and enterprises to tackle their most demanding challenges. From quantum applications and artificial intelligence to cybersecurity and 6G innovation, our solutions empower critical decisions rooted in human intelligence. Operating at the forefront of defence and security, aerospace and space, cybersecurity and digital identity, we’re driven by a mission to build a future we can all trust.

In Romania, we are advancing innovation through software engineering, research and development, delivering solutions in key markets in which Thales Group operates. Our engineers design, develop and integrate solutions that impact global industries – from fully operational systems and subsystems for naval warfare and maritime security operations, to air traffic management systems, satellite-based solutions, tactical indoor simulations, identity and biometric technologies and more.

Role: Project Security Manager (Mid level with French)

Ready to code the future with Thales Romania? Join a passionate global team driving front-line innovation in AI, aerospace, security, and beyond!

Do you have in-depth knowledge of tools, legislation and standards related to cyber security, OWASP rules and ISO27K01? You will be the security referent for the project and all internal and external stakeholders involved.

You are rigorous, pedagogical, pragmatic, know how to gain height and concern for Customer Service?

Join us!

As a Project Security Manager:

• Under the hierarchical direction of the Head of Discipline Cybersecurity, as a Cloud expert and secure development you intervene with the architect, the Bid and Program Manager to the implementation of technical and organizational security measures as expected by the Client and the applicable regulations.
• For some sensitive projects, you will be involved in the development of approval dossiers.
• Proposal force to continuously improve the security posture, you accompany the projects on the definition of development environments and the implementation of the SDLC. You operate the SSI controls, analyze the scan results and support projects on remediation.
• You carry out Cyber Governance, draft the cyber documentary corpus of projects, develop the KPIs, the documents required to maintain and improve when necessary the level of security of the services provided by TSN.
• You report to the Cyber channel of TSN as well as to the PM, and inform the internal SSI upon request.

You will:

• Accompany during the integration of a Prospect/Client in the CFT phase, engineering and recurring operations, he is the privileged interlocutor of the CISO (or equivalent) of the Client
• Improve and maintain the security level of trust with the client by complying with the contractual, regulatory and internal Thales Digital Services security requirements and by carrying out appropriate reporting
• Preserve the business interests of Thales Digital Services by explaining the adaptation needs and residual risks to the competent authorities based on the project’s challenges.
• Conduct training in the secure development of teams.

Depending on the project phases, the mission of the Project Security Manager includes:

CFT:

• Participate in the identification and definition of security measures during the pre-sales phase
• Encrypt all the necessary security activities
• Define in relation to the BM the organizational and technical solutions related to contractual, internal TS or regulatory requirements by integrating their description and cost. Analyze the related business risks and alert the BM
• Complete all security qualification documents.
• Draft the Security Assurance Plan if necessary and contribute to the technical memory of the response

BUILD:

• Contribute to the technical security architecture and proposed solutions with regard to requirements.
• Serve as an interface with the technical teams of Thales Digital Services to ensure compliance with security requirements
• Draft or update the Security Assurance Plan describing organizational and technical security arrangements in response to contractual and regulatory security requirements and have it approved by the Project manager
• Complete the PSSI compliance matrix and have it approved by the functional chain SSI
• Roll out the specific regulatory processes where applicable (Health, Defense, ...) based on the existing processes of Thales Group and Thales Digital Services
• Implement or pilot the implementation of security tools

RUN:

• Pilot the Maintenance in Safety Condition (MCS) of the safety devices implemented
• Ensure contractual reporting with the client (security indicators, key facts, incidents, ...), lead the safety committees with the latter and participate if necessary in the various project steering bodies
• Report to the Engineering delivery manager, the cyber product channel and the client
• Perform the reviews of authorizations and access, monitoring Security incidents, monitoring Patch Management, monitoring Customer audits, production of SSI reporting...
• Alert and accompany the functional Cyber chain on security incident/event and ensure the interface with the Client
• Produce a targeted technological watch or technical advice allowing to provide solutions or answers to the Client
• Manage the security derogations and the corresponding risk analyses
• Perform regular SSI checks and report the results and evidence
• Accompany SSI audits and pilot the corresponding remediation plan
• Follow the Security action plan
• Write the project’s security recipe workbook.

The missions of the Project Security Manager lead to permanent interactions with many internal and external actors that should be addressed with hindsight, pragmatism, and several other soft-skills.

Required competencies/experience:

• Master’s degree or engineering diploma and relevant experience.
• Mastery of the Secure Software Development Life Cycle
• Knowledge of security tools (SAST, SCA, DAST, IAST,...)  
• DevSecOps methodology
• Knowledge of cloud infrastructure, architecture, technologies and standard IS processes
• ISS governance concepts and principles,
• Referentials, regulations, standards and hygiene guides related to SSI (e.g.: GDPR, ISO27x0x, OWASP, NIS2, AI Act, NIST, CIS, ...)   
• Risk analysis methods (ideally EbiosRM) and application experience
• French minimum B2

Behavioral skills:

• Managing complexity
• Support innovation
• Share a vision
• Act with integrity
• Engage key players
• Being responsible
• Focus on customer needs
• Building trust
• Take calculated risks

At Thales, we’re committed to fostering a workplace where respect, trust, collaboration, and passion drive everything we do. Here, you’ll feel empowered to bring your best self, thrive in a supportive culture, and love the work you do. Join us, and be part of a team reimagining technology to create solutions that truly make a difference – for a safer, greener, and more inclusive world.