Submit
IT Risk Analyst and Reporting Manager
Porto
Job description
We are looking for an IT Risk analyst &
reporting manager to integrate the Group Cloud Chief Information
Security Officer (CISO) team, in our office in Porto
The Group Cloud Chief Information
Security Officer (CISO) team is responsible of cybersecurity and
resilience of all assets in clouds across our client's
group. The scope covers all cloud offerings (IaaS, PaaS, SaaS)
including third party software deployed on all cloud providers
(IBM Cloud, Microsoft Azure, Amazon Web Services, Google Cloud
Platform…).
Missions
The IT Risk
analyst & reporting manager will be actively involved in the
2 following main missions of the Cloud CISO team :
- Maintain cloud cybersecurity risk
cartography using tools such as
ServiceNow.
- Cyber risk
assessments with methods based on ISO 27005.
Your role will be to analyze, report,
provide a critical eye and to be source of proposal, so you will
have to be strongly skilled on cybersecurity.
For this purpose, you will work in close
collaboration with the Cloud CISO team based in Paris and a IT
Risk Analyst based in Lisbon too.
You will, as well, provide help on the move to
third party software by entities, studying & analyzing
cases, being stakeholder in risk assessments, following up third
party to the IT Risk Analyst & Third Party manager in Lisbon
if
necessary.
Main
Responsibilities:
Maintain
cloud cybersecurity risk cartography :
- Follow-up data quality and comprehensiveness in cloud
assets referential (Cloud Register) and cloud risks
referential (cloud risks in the Risk Register) in
ServiceNow tooling
- Build,
improve and provide risk reportings templates using
ServiceNow or an external tool (such as
Tableau)
- Provide periodic
cloud risk reportings
- Active role in the preparation of quarterly cloud risk
committees
Risk assessments:
- Understand risk assessments already produced
(based on ISO 27005/EBIOS Risk Manager) and impacts of
remediations plans progresses on risks.
- Skills to follow up/challenge remediation plans implemented by
service providers or entities.
- Contribute
actively in risk assessments of cloud platforms and cloud
applications.
- Ideally, skills to lead risk
assessments following on ISO 27005/EBIOS Risk Manager
methods.
Other activities:
- Contribute in (cloud) third parties onboarding studies (risk
assessment, review of cases studies, …)
- Contribute to governance/organization topics on third party
cases.
- Contribute to governance/organization topics
related to the team.
- Contribute to follow-up of
third-party governance in run
Requirements
Technical skills:
- Certification ISO
27001
- Certification ISO 27005 Risk Manager and/or EBIOS Risk
Manager
- Knowledge of a risk management tool such as ServiceNow or
reporting tool such as Tableau
- Knowledge on Cloud
specific Cyber Security (such as SOC2, CSA,
ISO27017)
- Knowledge on Cyber Security control
frameworks (such as NIST, CIS)
- Knowledge in
project management
- English
(Mandatory)
- French (nice to
have)
Soft skills:
- Collaborative skills, and the ability to communicate
information
- Excellent written and verbal communication
skills.
- Ability to take pragmatic decisions in a changing world, in
consistency with the strategic view.
- Must be a
critical thinker, with strong problem-solving skills.
Want to apply?
Position
Name*
Email*
Phone number*
Country*
City*
Linkedin
Faça upload do seu CV*
(max. 4MB)
Upload your photo or video
(max. 4MB)