Business typeTypes of Jobs - InsuranceComplementary business typesTypes of Jobs - IT, Digital et DataJob titleInformation Security Risk Analyst M/FContract typePermanent ContractExpected start date01/04/2026Management positionNoJob summaryConducting security risk analyses on IT projects and initiatives, ensuring compliance with policies, internal standards, and reference frameworks (ISO *****, NIST, DORA, GDPR).Participating in the planning and design phases of solutions, assessing security impacts and proposing mitigating controls. Direct involvement with project, architecture, development, infrastructure and business representative teams to gather the information necessary for risk assessment.Validation of security requirements in procurement and onboarding of third parties.Conducting phishing simulations and awareness campaigns.Responding to audit requests (internal, external, supervisors) with evidence, justifications and documentation of controls applied. Technical implementation of security controls.Identification, monitoring and validation of vulnerability remediation actions, in coordination with other teams.Cybersecurity maintenance using monitoring platforms. Monitoring and investigation of cybersecurity alerts. Participation in incident response: root cause investigation, containment, eradication and forensics support.Support for the secure development cycle, penetration testing, vulnerability identification and security architecture review.Regular review of access control policies and user privileges.Monitoring action plans to ensure compliance and alignment with standards and regulations.Creating reports and dashboards for technical and non-technical audiences within their areas of intervention.Management of the SOC service.Acting as a liaison with other company structures on issues related to cybersecurity and IT risk.Liaising with the Credit Agricole group on cybersecurity and IT risk issues.Developing communication and awareness plans on IT risks and cybersecurity.Developing, implementing and maintaining the cyber and IT risk management framework in line with best practices and the group.Identifying, assessing and prioritising cyber and IT risks in assets, processes, systems and suppliers.Defining and monitoring IT risk and cybersecurity treatment plans.Position locationGeographical areaEurope, PortugalCityLisbonRemote workhybridCandidate criteriaMinimal education levelBachelor Degree / BSc Degree or equivalentAcademic qualification / SpecialityBachelor's or Master's degree in Computer Engineering, Information Security, Management or similar.Level of minimal experience3-5 yearsExperienceMinimum of 4 years' experience in IT risk management or cybersecurity roles.Required skillsGood communication skills;
Analytical and problem-solving skills;
Ability to manage time and priorities in order to achieve objectives, considering multiple deadlines and initiatives simultaneously;
Ability to analyseand structure information so that it can be shared and communicated to other stakeholders and teams.Resilience and autonomy;
Organisational skills, rigour, time management and teamwork;
Technical skills requiredSolid knowledge of cybersecurity concepts, including malware, phishing, ransomware, DDo S, and intrusion techniques.Familiarity with security tools and platforms such as SIEM (e.G., QRadar, Azure Sentinel), EDR - Endpoint Detection and Response (e.G., Microsoft Defender), vulnerability scanners (e.G., Tenable.Io), firewalls and VPNs, DLP - Data Loss Protection (e.G., Microsoft Purview), familiarity with scripts or programming (e.G., Python, Bash, Power Shell).Knowledge of systems, network and application architecture.Proficiency with network protocols and services (TCP/IP, DNS, etc.).Familiarity with cloud security knowledge (e.G., Azure AD, IAM, Conditional Access), having participated in its configuration/management.Knowledge and interpretation of frameworks and regulatory standards (ISO *****, NIST, DORA, GDPR).LanguagesPortuguese and English