* Our client is looking for a Cybersecurity Risk Analyst whose task will be to support the business and IT departments in their project to identify and mitigate cybersecurity risks within a specific risk process.
* You will act as the reference analyst for one or more business units: E-Commerce, B2B, Retail, Human Resources, Finance, IT Hosting, IT Workplace, IT Network, IT CRM.
* This position requires a combination of technical knowledge, communication skills, and excellent expertise in cybersecurity topics and risk analysis methodology.
Qualifications
* You have at least 5 years of experience in a similar position or in the GRC field (IT audit, risk management, consulting, etc.) in a comparable company.
* You possess one or more relevant industry certifications, including but not limited to:
* ISO 27001 Lead Auditor or Lead Implementer
* NIST CSF
* Certificate of Cloud Security Knowledge (CCSK)
* Certified Information Systems Security Professional (CISSP) or equivalent
* Certified Information Systems Auditor (CISA)
* Certified Cloud Security Professional (CCSP)
* Certified Ethical Hacker (CEH)
* You hold a bachelor’s or master’s degree in cybersecurity, computer science, information technology, or an equivalent field.
* You have experience conducting risk assessment processes, supplier risk assessments, architecture reviews, and cloud security assessments.
* You are recognized by your contacts as a truly value‑adding partner in cybersecurity.
* Excellent communication and interpersonal skills.
* Project management skills to plan and execute projects effectively.
* In‑depth knowledge and understanding of cybersecurity principles, architecture (e.g., network, server, database, cloud hosting, workstations, O365…), threats, and best practices.
Tasks
* You conduct security risk assessments in accordance with ISO 27005 and a specific internal methodology.
* You ensure that projects (business and IT) are implemented “secure by design” through risk analyses, security recommendations, and the tracking of remediation activities.
* You ensure that risk assessments are documented and communicated in a way that is relevant for technical stakeholders and understandable for non‑technical audiences.
* You review security architectures, cloud and network integrations for critical applications and architectures.
* You identify security objectives and define remediation actions related to security policies or standards.
* You support the SecDevOps team and the Security Champions and require strong knowledge in CI/CD security, API security, OWASP recommendations, hosting, and secure network architecture.
* You act as a cybersecurity expert and technical specialist with cybersecurity and IT stakeholders.
* You act as a cybersecurity expert/evangelist for business stakeholders.
* You contribute significantly or take the lead in improving the framework, increasing maturity levels, and reporting on KRIs/KPIs in the dashboard.
* You assess whether appropriate controls are in place and monitor/create action plans with the GRC team (Governance, Risk and Compliance).
* You advise stakeholders and security officers on applying the relevant remediation measures and support them with solutions.
* You establish and maintain close working relationships with GRC teams, architecture security teams, SOC teams, IT stakeholders, and SecDevOps teams.
* You update and maintain the cybersecurity risk register by identifying and assessing strategic and operational risks within your defined scope and business areas.
* You conduct risk awareness training for all new product owners and project managers based on the applied methodology.
* You create and maintain a cybersecurity plan for your assigned area and support other cyber risk and security officers in this task.
* You organize penetration tests or other controls to validate infrastructure and applications during the project and before commissioning, in accordance with cybersecurity policies.
* You manage and organize audits and assessments of suppliers and subcontractors as part of a dedicated plan in your area.
Digisourced is supporting a client on a contract Cybersecurity Risk Analyst requirement for delivery on an international programme.
Digisourced is acting as an employment business in relation to this vacancy.
#J-18808-Ljbffr