IT Risk Analyst and Reporting Manager

Job Description

Main Responsibilities:

 Maintain cloud cybersecurity risk cartography :

• Follow-up data quality and comprehensiveness in cloud assets referential (Cloud Register) and cloud risks referential (cloud risks in the Risk Register) in ServiceNow tooling
• Build, improve and provide risk reportings templates using ServiceNow or an external tool (such as Tableau)
• Provide periodic cloud risk reportings
• Active role in the preparation of quarterly cloud risk committees

Risk assessments:

• Understand risk assessments already produced (based on ISO 27005/EBIOS Risk Manager) and impacts of remediations plans progresses on risks.
• Skills to follow up/challenge remediation plans implemented by service providers or entities.
• Contribute actively in risk assessments of cloud platforms and cloud applications.
• Ideally, skills to lead risk assessments following on ISO 27005/EBIOS Risk Manager methods.

Other activities:

• Contribute in (cloud) third parties onboarding studies (risk assessment, review of cases studies, …)
• Contribute to governance/organization topics on third party cases.
• Contribute to governance/organization topics related to the team.
• Contribute to follow-up of third-party governance in run

Technical skills:

• Certification ISO 27001
• Certification ISO 27005 Risk Manager and/or EBIOS Risk Manager
• Knowledge of a risk management tool such as ServiceNow or reporting tool such as Tableau
• Knowledge on Cloud specific Cyber Security (such as SOC2, CSA, ISO27017)
• Knowledge on Cyber Security control frameworks (such as NIST, CIS)
• Knowledge in project management
• English (Mandatory)
• French (nice to have)