Job Description:
The Group Cloud Chief Information Security Officer (CISO) team is responsible of cybersecurity and resilience of all assets in clouds across bank group. The scope covers all cloud offerings (IaaS, PaaS, SaaS) including third party software deployed on all cloud providers (IBM Cloud, Microsoft Azure, Amazon Web Services, Google Cloud Platform...).
Missions
The Cloud Cyber Risk analyst & Third-Party risk manager will be actively involved in the 2 main missions of the Cloud CISO team:
- Cloud security perimeter through Software as a Service (SaaS) & Third-Party usages.
- Cyber risk assessments support for the Cloud Maturity Assurance Team (CMAT)/Task Force topics.
- Her/His role will be to analyse, study, follow up, provide a critical eye and be source of proposal on cloud cybersecurity and Software Third Party (SaaS) usage. So, she/he will have to be strongly skilled on cybersecurity, ideally cloud security.
For this purpose, she/he will work in close collaboration with the Cloud CISO team based in Paris and an IT Risk Analyst based in Portugal too.
She/He will, as well, provide help on the cloud risk cartography to the IT Risk Analyst - Cloud in Portugal when necessary.
Main Tasks:
1. Cloud security perimeter through Software as a Service (SaaS) & Third-Party usages
- Active participation in (cloud) third party onboarding studies (risk assessment, review of cases studies, ...)
- Active participation to governance/organization topics on third party cases
- Active participation to ensure third party cybersecurity governance is in place and follow-up third party cybersecurity governance in the run
- Contribution to the committees on the studied cases
2. Cyber Risk assessments support for the Cloud Maturity Assurance Team (CMAT)/Task Force topics
- Understand risk assessments already produced (based on ISO *****/EBIOS Risk Manager) and impacts of remediations plans progresses on risks.
- Skills to follow up/challenge remediation plans implemented by service providers or entities.
- Contribute actively to risk assessments of cloud platforms and cloud applications.
3. Other activities
- Contribute to maintain cloud cybersecurity risk in tools when necessary
- Contribute to governance/organization topics related to the team
Technical Skills:
- Minimum of 5 years of experience in cybersecurity (certification ISO ***** Lead Implementor or Auditor appreciated)
- Risk management methodologies skills based on ISO ***** and/or EBIOS Risk Manager (certification ISO ***** Risk Manager and/or EBIOS Risk Manager appreciated)
- Knowledge of a risk management related to third party cloud services appreciated.
- Knowledge on Cloud specific Cyber Security appreciated (such as SOC2, CSA, ISO*****)
- Knowledge on Cyber Security control frameworks appreciated (such as NIST, CIS)
- Knowledge in project management would be appreciated.
- Excellent written and verbal communication skills.
- Collaborative skills, and the ability to communicate information.
Language Skills:
- English - Mastery
- French - Notions
Soft Skills:
- A master of influencing entities and decisions in situations where no formal reporting structures exist, but achieving the desirable outcome is vital on security topics.
- Ability to take pragmatic decisions in a changing world, in consistency with the strategic view.
- Must be a critical thinker, with strong problem-solving skills.