Mission
The IT Risk Analyst & Reporting Manager will be actively involved in the two main missions of the Cloud CISO team:
Maintain cloud cybersecurity risk cartography using tools such as ServiceNow.
Conduct cyber risk assessments based on ISO 27005.
His role will involve analyzing, reporting, providing critical insights, and being a source of proposals, necessitating strong skills in cybersecurity.
He will work closely with the Cloud CISO team based in Paris and an IT Risk Analyst based in Lisbon. Additionally, he will assist in the transition to third-party software by studying and analyzing cases, participating in risk assessments, and following up with the IT Risk Analyst & Third Party Manager in Lisbon if necessary.
Main Responsibilities:
Maintain Cloud Cybersecurity Risk Cartography:
Ensure data quality and comprehensiveness in cloud assets referential (Cloud Register) and cloud risks referential (cloud risks in the Risk Register) within ServiceNow.
Build, improve, and provide risk reporting templates using ServiceNow or external tools (e.g., Tableau).
Provide periodic cloud risk reports.
Play an active role in preparing quarterly cloud risk committees.
Risk Assessments:
Understand risk assessments already produced (based on ISO 27005/EBIOS Risk Manager) and the impacts of remediation plan progress on risks.
Follow up and challenge remediation plans implemented by service providers or entities.
Actively contribute to risk assessments of cloud platforms and applications.
Ideally, lead risk assessments following ISO 27005/EBIOS Risk Manager methods.
Other Activities:
Contribute to (cloud) third parties onboarding studies (risk assessment, review of case studies, etc.).
Assist in governance/organization topics related to third-party cases.
Contribute to governance/organization topics related to the team.
Support the follow-up of third-party governance during operations.
Profile
Technical Skills:
Certification in ISO 27001.
Certification in ISO 27005 Risk Manager and/or EBIOS Risk Manager.
Knowledge of risk management tools such as ServiceNow or reporting tools like Tableau.
Knowledge of cloud-specific cybersecurity (e.g., SOC2, CSA, ISO27017).
Knowledge of cybersecurity control frameworks (e.g., NIST, CIS).
Knowledge in project management.
English (Mandatory)
French (nice to have)
Soft Skills:
Collaborative skills and the ability to communicate information effectively.
Excellent written and verbal communication skills.
Ability to make pragmatic decisions in a changing environment, consistent with strategic objectives.
Strong critical thinking and problem-solving skills.
Présentation du groupe
Acteur de référence des systèmes d'information augmentés par l'intégration stratégique de la data, Consort Group accompagne depuis plus de 30 ans les entreprises pour leur permettre de valoriser leurs patrimoines données et informatiques à leur plein potentiel.
Intégrer Consort Group, c'est faire partie de communautés d'experts où partage, développement, transmission et entraide riment avec engagement et accompagnement.
Consort Portugal
En 2021, Consort Group crée Consort Portugal et s'installe à Porto, en plein centre-ville pour :
Accompagner les stratégies d'offshoring de ses clients, notamment européens ;
Proposer aux acteurs économiques portugais les expertises de ses 2 communautés : Consortis, leader des services managés aux infrastructures et Consortia, expert Data, Développement digital et Ingénierie Médias.
Les équipes bénéficient d'un environnement d'excellence, tant en termes d'infrastructure que de formation, les standards étant ceux d'offres en offshoring de référence (Digital Workplace, Sécurité, Supervison, Virtualisation...).
Une ambiance conviviale règne au sein de l'agence, favorisant proximité, partage, apprentissage et implication dans une organisation résolue engagée dans la société portugaise.
Pour en savoir plus, visitez www.consort-group.com/portugal/.
#J-18808-Ljbffr