Submit

IT Risk Analyst and Reporting Manager

Porto

Job description


We are looking for an IT Risk analyst & reporting manager to integrate the Group Cloud Chief Information Security Officer (CISO) team, in our office in Porto

The Group Cloud Chief Information Security Officer (CISO) team is responsible of cybersecurity and resilience of all assets in clouds across our client's group. The scope covers all cloud offerings (IaaS, PaaS, SaaS) including third party software deployed on all cloud providers (IBM Cloud, Microsoft Azure, Amazon Web Services, Google Cloud Platform…).

Missions

The IT Risk analyst & reporting manager will be actively involved in the 2 following main missions of the Cloud CISO team :

  • Maintain cloud cybersecurity risk cartography using tools such as ServiceNow.
  • Cyber risk assessments with methods based on ISO 27005.


Your role will be to analyze, report, provide a critical eye and to be source of proposal, so you will have to be strongly skilled on cybersecurity.

For this purpose, you will work in close collaboration with the Cloud CISO team based in Paris and a IT Risk Analyst based in Lisbon too.

You will, as well, provide help on the move to third party software by entities, studying & analyzing cases, being stakeholder in risk assessments, following up third party to the IT Risk Analyst & Third Party manager in Lisbon if necessary.                                

Main Responsibilities:

Maintain cloud cybersecurity risk cartography :
  • Follow-up data quality and comprehensiveness in cloud assets referential (Cloud Register) and cloud risks referential (cloud risks in the Risk Register) in ServiceNow tooling
  • Build, improve and provide risk reportings templates using ServiceNow or an external tool (such as Tableau)
  • Provide periodic cloud risk reportings
  • Active role in the preparation of quarterly cloud risk committees                    

Risk assessments:
  • Understand risk assessments already produced (based on ISO 27005/EBIOS Risk Manager) and impacts of remediations plans progresses on risks.
  • Skills to follow up/challenge remediation plans implemented by service providers or entities.
  • Contribute actively in risk assessments of cloud platforms and cloud applications.
  • Ideally, skills to lead risk assessments following on ISO 27005/EBIOS Risk Manager methods.       
                                   
Other activities:
  • Contribute in (cloud) third parties onboarding studies (risk assessment, review of cases studies, …)
  • Contribute to governance/organization topics on third party cases.
  • Contribute to governance/organization topics related to the team.
  • Contribute to follow-up of third-party governance in run


Requirements


Technical skills:
  • Certification ISO 27001                                           
  • Certification ISO 27005 Risk Manager and/or EBIOS Risk Manager                               
  • Knowledge of a risk management tool such as ServiceNow or reporting tool such as Tableau
  • Knowledge on Cloud specific Cyber Security  (such as SOC2, CSA, ISO27017)
  • Knowledge on Cyber Security control frameworks (such as NIST, CIS)
  • Knowledge in project management
  • English (Mandatory)                                  
  • French (nice to have)           
Soft skills:
  • Collaborative skills, and the ability to communicate information                     
  • Excellent written and verbal communication skills.                        
  • Ability to take pragmatic decisions in a changing world, in consistency with the strategic view.
  • Must be a critical thinker, with strong problem-solving skills.    


Want to apply?
Position
Name*
Email*
Phone number*
Country*
City*
Linkedin
Faça upload do seu CV* (max. 4MB)
Upload your photo or video (max. 4MB)
Submit