Job Description:The Group Cloud Chief Information Security Officer (CISO) team is responsible of cybersecurity and resilience of all assets in clouds across bank group. The scope covers all cloud offerings (IaaS, PaaS, SaaS) including third party software deployed on all cloud providers (IBM Cloud, Microsoft Azure, Amazon Web Services, Google Cloud Platform...).MissionsThe Cloud Cyber Risk analyst & Third-Party risk manager will be actively involved in the 2 main missions of the Cloud CISO team:- Cloud security perimeter through Software as a Service (SaaS) & Third-Party usages. - Cyber risk assessments support for the Cloud Maturity Assurance Team (CMAT)/Task Force topics. - Her/His role will be to analyse, study, follow up, provide a critical eye and be source of proposal on cloud cybersecurity and Software Third Party (SaaS) usage. So, she/he will have to be strongly skilled on cybersecurity, ideally cloud security.For this purpose, she/he will work in close collaboration with the Cloud CISO team based in Paris and an IT Risk Analyst based in Portugal too.She/He will, as well, provide help on the cloud risk cartography to the IT Risk Analyst - Cloud in Portugal when necessary.Main Tasks:1. Cloud security perimeter through Software as a Service (SaaS) & Third-Party usages - Active participation in (cloud) third party onboarding studies (risk assessment, review of cases studies, ...) - Active participation to governance/organization topics on third party cases - Active participation to ensure third party cybersecurity governance is in place and follow-up third party cybersecurity governance in the run - Contribution to the committees on the studied cases2. Cyber Risk assessments support for the Cloud Maturity Assurance Team (CMAT)/Task Force topics - Understand risk assessments already produced (based on ISO 27005/EBIOS Risk Manager) and impacts of remediations plans progresses on risks. - Skills to follow up/challenge remediation plans implemented by service providers or entities. - Contribute actively to risk assessments of cloud platforms and cloud applications.3. Other activities - Contribute to maintain cloud cybersecurity risk in tools when necessary - Contribute to governance/organization topics related to the teamTechnical Skills:- Minimum of 5 years of experience in cybersecurity (certification ISO 27001 Lead Implementor or Auditor appreciated) - Risk management methodologies skills based on ISO 27005 and/or EBIOS Risk Manager (certification ISO 27005 Risk Manager and/or EBIOS Risk Manager appreciated) - Knowledge of a risk management related to third party cloud services appreciated. - Knowledge on Cloud specific Cyber Security appreciated (such as SOC2, CSA, ISO27017) - Knowledge on Cyber Security control frameworks appreciated (such as NIST, CIS) - Knowledge in project management would be appreciated. - Excellent written and verbal communication skills. - Collaborative skills, and the ability to communicate information.Language Skills: - English - Mastery - French - NotionsSoft Skills: - A master of influencing entities and decisions in situations where no formal reporting structures exist, but achieving the desirable outcome is vital on security topics. - Ability to take pragmatic decisions in a changing world, in consistency with the strategic view. - Must be a critical thinker, with strong problem-solving skills.