IT Risk Analyst and Reporting Manager M/F > Joboolo FR :

The IT Risk Analyst will be actively involved in the following main missions of the Cloud CISO team:

• Maintain cloud cybersecurity risk cartography using tools such as ServiceNow.


• Conduct cyber risk assessments with methods based on ISO 27005.

His role will be to analyze, report, provide a critical eye, and be a source of proposals, so he will need to be strongly skilled in cybersecurity.

For this purpose, he will work in close collaboration with the Cloud CISO team based in Paris and an IT Risk Analyst based in Lisbon.

He will also assist in the transition to third-party software by entities, studying and analyzing cases, being a stakeholder in risk assessments, and following up with the IT Risk Analyst and Third Party Manager in Lisbon if necessary.

Main Responsibilities:

Maintain cloud cybersecurity risk cartography:

• Follow up on data quality and comprehensiveness in cloud assets referential (Cloud Register) and cloud risks referential (cloud risks in the Risk Register) in ServiceNow tooling.


• Build, improve, and provide risk reporting templates using ServiceNow or an external tool (such as Tableau).


• Provide periodic cloud risk reporting.


• Take an active role in the preparation of quarterly cloud risk committees.


• Understand risk assessments already produced (based on ISO 27005/EBIOS Risk Manager) and the impacts of remediation plan progress on risks.


• Skills to follow up and challenge remediation plans implemented by service providers or entities.


• Contribute actively to risk assessments of cloud platforms and cloud applications.


• Ideally, skills to lead risk assessments following ISO 27005/EBIOS Risk Manager methods.

Other activities:

• Contribute to (cloud) third parties onboarding studies (risk assessment, review of case studies, etc.).


• Contribute to governance and organization topics on third-party cases.


• Contribute to governance and organization topics related to the team.


• Contribute to the follow-up of third-party governance in run.

Technical skills:

• Certification ISO 27001.


• Knowledge of a risk management tool such as ServiceNow or reporting tool such as Tableau.


• Knowledge of cloud-specific cybersecurity (such as SOC2, CSA, ISO27017).


• Knowledge of cybersecurity control frameworks (such as NIST, CIS).


• Knowledge in project management.


• French (nice to have).


• Collaborative skills and the ability to communicate information.


• Excellent written and verbal communication skills.


• Ability to make pragmatic decisions in a changing world, consistent with the strategic view.


• Must be a critical thinker with strong problem-solving skills.

Presentation of the group

Consort Portugal, set up in 2021 to meet the challenges of offshoring, is now focusing on digital services for local companies:

• Support the offshoring strategies of the Group’s customers, particularly in Europe.


• Offer Portuguese economic players the expertise of its two communities:
  
  
  Consortis, leader in managed infrastructure services, and Consortia, expert in Data, Digital Development, and Media Engineering.

Consort Portugal’s culture encourages autonomy and individual responsibility.


In-house training and support from the management team, along with the commitment of each individual, contribute to a high level of technical skills and quality services.

Consort Portugal implements the Group’s HR policies, mobilizing its energies to promote individual well-being and inclusion.