Submeter

IT Risk Analyst and Reporting Manager

Porto

Descrição da posição

We are looking for an IT Risk analyst & reporting manager to integrate the Group Cloud Chief Information Security Officer (CISO) team, in our office in Porto

The Group Cloud Chief Information Security Officer (CISO) team is responsible of cybersecurity and resilience of all assets in clouds across our client's group. The scope covers all cloud offerings (IaaS, PaaS, SaaS) including third party software deployed on all cloud providers (IBM Cloud, Microsoft Azure, Amazon Web Services, Google Cloud Platform…).

Missions

The IT Risk analyst & reporting manager will be actively involved in the 2 following main missions of the Cloud CISO team :

Maintain cloud cybersecurity risk cartography using tools such as ServiceNow.
Cyber risk assessments with methods based on ISO 27005.

Your role will be to analyze, report, provide a critical eye and to be source of proposal, so you will have to be strongly skilled on cybersecurity.

For this purpose, you will work in close collaboration with the Cloud CISO team based in Paris and a IT Risk Analyst based in Lisbon too.

You will, as well, provide help on the move to third party software by entities, studying & analyzing cases, being stakeholder in risk assessments, following up third party to the IT Risk Analyst & Third Party manager in Lisbon if necessary.

Main Responsibilities:

Maintain cloud cybersecurity risk cartography :

Follow-up data quality and comprehensiveness in cloud assets referential (Cloud Register) and cloud risks referential (cloud risks in the Risk Register) in ServiceNow tooling
Build, improve and provide risk reportings templates using ServiceNow or an external tool (such as Tableau)
Provide periodic cloud risk reportings
Active role in the preparation of quarterly cloud risk committees

Risk assessments:

Understand risk assessments already produced (based on ISO 27005/EBIOS Risk Manager) and impacts of remediations plans progresses on risks.
Skills to follow up/challenge remediation plans implemented by service providers or entities.
Contribute actively in risk assessments of cloud platforms and cloud applications.
Ideally, skills to lead risk assessments following on ISO 27005/EBIOS Risk Manager methods.

Other activities:

Contribute in (cloud) third parties onboarding studies (risk assessment, review of cases studies, …)
Contribute to governance/organization topics on third party cases.
Contribute to governance/organization topics related to the team.
Contribute to follow-up of third-party governance in run

Requirements

Technical skills:

Certification ISO 27001
Certification ISO 27005 Risk Manager and/or EBIOS Risk Manager
Knowledge of a risk management tool such as ServiceNow or reporting tool such as Tableau
Knowledge on Cloud specific Cyber Security (such as SOC2, CSA, ISO27017)
Knowledge on Cyber Security control frameworks (such as NIST, CIS)
Knowledge in project management
English (Mandatory)
French (nice to have)

Soft skills:

Collaborative skills, and the ability to communicate information
Excellent written and verbal communication skills.
Ability to take pragmatic decisions in a changing world, in consistency with the strategic view.
Must be a critical thinker, with strong problem-solving skills.

Quer se candidatar?

Cargo

Nome*

Email*

Telefone*

País*

Cidade*

Upload your CV* (máx. 4MB)

Faça upload da sua foto ou video (máx. 4MB)

Ao usar este formulário, concorda com o armazenamento e manuseio de seus dados pela Multivision de acordo com nossa Política de Privacidade

Inclusão na base de dados de candidatos da Multivision, podendo ser tratados, de acordo com a análise das equipas de recrutamento, para efeitos de processos de recrutamento atuais e futuros para qualquer oportunidade da Multivision e dos seus Clientes.

Envio de comunicações sobre divulgação de serviços, processos de recrutamento e outras iniciativas e ações de marketing desenvolvidas pela Multivision, tais como webinares, formações, eventos, entre outros.

Submeter